| |
| |||||||
Log-Analyse und Auswertung: weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.05.2013, 14:02
| #1 |
| |  weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung Hallo, habe hier einen Laptop der nach dem starten nur noch einen weißen Bildschirm zeigt. Nichts funktioniert und man kann nur im Task-Manager Menue herunterfahren. Habe versucht im abgesicherten Modus zu starten. Das funkioniert aber nur "mit Eingabeaufforderung". In den beiden anderen Modi fährt er ohne eigenes zutun sofort wieder runter. Ich habe hier die OTL.txt Code:
ATTFilter OTL logfile created on: 07.05.2013 14:10:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = g:\ 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 3,44 Gb Available Physical Memory | 86,80% Memory free 8,11 Gb Paging File | 7,70 Gb Available in Paging File | 94,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,02 Gb Total Space | 199,74 Gb Free Space | 69,83% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive E: | 12,07 Gb Total Space | 1,93 Gb Free Space | 16,01% Space Free | Partition Type: NTFS Drive G: | 7,45 Gb Total Space | 6,43 Gb Free Space | 86,21% Space Free | Partition Type: FAT32 Computer Name: YVONNE-PC | User Name: Yvonne | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.07 13:59:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- g:\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv) SRV:64bit: - [2009.06.03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV) SRV:64bit: - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2008.11.18 06:09:46 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService) SRV - [2013.03.21 14:21:26 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009.12.01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.17 17:11:40 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.11.26 17:13:08 | 000,296,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) SRV - [2008.11.26 17:13:08 | 000,116,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) SRV - [2008.11.18 06:09:42 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.01.19 13:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2010.05.27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2008.11.17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) DRV:64bit: - [2008.10.23 11:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR) DRV:64bit: - [2008.09.25 07:39:48 | 000,058,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2008.09.04 19:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir) DRV:64bit: - [2008.08.06 18:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008.07.04 07:23:12 | 000,306,688 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AVerAF15.sys -- (AVerAF15) DRV:64bit: - [2008.06.23 13:54:02 | 000,099,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2008.06.23 13:54:02 | 000,091,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2008.06.23 13:54:02 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid) DRV:64bit: - [2008.01.21 04:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) DRV:64bit: - [2008.01.21 04:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2007.06.18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2006.10.04 03:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV - [2008.11.28 18:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/20 02:50:53] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EA90534F-BBBC-4515-8951-8BD6060C0737} IE:64bit: - HKLM\..\SearchScopes\{2A1AD9D0-591B-4D34-941E-A94D9B0450E0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{8B436489-8A83-4B8A-8B88-0F0DA1F31406}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{EA90534F-BBBC-4515-8951-8BD6060C0737}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {EA90534F-BBBC-4515-8951-8BD6060C0737} IE - HKLM\..\SearchScopes\{2A1AD9D0-591B-4D34-941E-A94D9B0450E0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{8B436489-8A83-4B8A-8B88-0F0DA1F31406}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{EA90534F-BBBC-4515-8951-8BD6060C0737}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2116707517-3129132125-347974426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKU\S-1-5-21-2116707517-3129132125-347974426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:Tabs [binary data] IE - HKU\S-1-5-21-2116707517-3129132125-347974426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp-notebook.de.msn.com/?pc=HICN&ar=3 IE - HKU\S-1-5-21-2116707517-3129132125-347974426-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2116707517-3129132125-347974426-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2116707517-3129132125-347974426-1000\..\SearchScopes,DefaultScope = {EA90534F-BBBC-4515-8951-8BD6060C0737} IE - HKU\S-1-5-21-2116707517-3129132125-347974426-1000\..\SearchScopes\{2A1AD9D0-591B-4D34-941E-A94D9B0450E0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-2116707517-3129132125-347974426-1000\..\SearchScopes\{8B436489-8A83-4B8A-8B88-0F0DA1F31406}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-2116707517-3129132125-347974426-1000\..\SearchScopes\{A7C871A0-0FD7-48AC-BA3C-87318A867B20}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3A9EB920-47B5-4982-AE4E-6B26E98992A5&apn_sauid=E3D82F8A-C253-4AFB-B0B8-0A300338AADA IE - HKU\S-1-5-21-2116707517-3129132125-347974426-1000\..\SearchScopes\{EA90534F-BBBC-4515-8951-8BD6060C0737}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-2116707517-3129132125-347974426-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=3A9EB920-47B5-4982-AE4E-6B26E98992A5&apn_ptnrs=&apn_sauid=E3D82F8A-C253-4AFB-B0B8-0A300338AADA&apn_dtid=OSJ000&&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.07.18 17:47:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.05 18:09:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.05 18:19:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2011.07.18 17:47:48 | 000,000,000 | ---D | M] [2011.07.18 18:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvonne\AppData\Roaming\mozilla\Extensions [2012.07.31 18:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yvonne\AppData\Roaming\mozilla\Firefox\Profiles\g02mn3sg.default\extensions [2012.07.30 12:34:53 | 000,002,299 | ---- | M] () -- C:\Users\Yvonne\AppData\Roaming\mozilla\firefox\profiles\g02mn3sg.default\searchplugins\askcom.xml [2013.01.25 20:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.05 18:09:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.05 18:08:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.05 18:08:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.05 18:08:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.05 18:08:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.05 18:08:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.05 18:08:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.160.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{054553BB-FAE4-4E3A-BB19-72744C69A538}: DhcpNameServer = 217.68.161.141 217.68.161.171 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFCF2C3B-084F-4542-8F56-F2A7EFAA75A1}: DhcpNameServer = 192.168.160.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2116707517-3129132125-347974426-1000 Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2116707517-3129132125-347974426-1000 Winlogon: Shell - (C:\Users\Yvonne\AppData\Roaming\skype.dat) - C:\Users\Yvonne\AppData\Roaming\skype.dat () O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.17 10:57:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.17 10:57:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.17 10:57:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.17 10:57:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.17 10:57:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.17 10:57:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.17 10:57:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.17 10:57:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.17 10:57:44 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.17 10:57:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.17 10:57:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.17 10:57:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.17 10:57:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.17 10:57:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.17 10:57:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.15 11:58:29 | 004,691,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.15 11:58:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.15 11:58:29 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.15 11:58:21 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.04.15 11:58:17 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.15 11:58:17 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll ========== Files - Modified Within 30 Days ========== [2013.05.07 14:09:19 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.07 14:09:19 | 000,627,756 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.07 14:09:19 | 000,595,386 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.07 14:09:19 | 000,125,870 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.07 14:09:19 | 000,103,460 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.07 14:03:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.07 14:02:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.07 14:02:13 | 000,000,004 | ---- | M] () -- C:\Users\Yvonne\AppData\Roaming\skype.ini [2013.05.07 14:00:27 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.07 14:00:27 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.03 08:44:22 | 000,337,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.17 11:20:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.09 10:33:39 | 000,017,882 | ---- | M] () -- C:\Users\Yvonne\Documents\Bücher.ods ========== Files Created - No Company Name ========== [2013.05.03 09:00:25 | 000,000,004 | ---- | C] () -- C:\Users\Yvonne\AppData\Roaming\skype.ini [2013.04.08 09:02:29 | 000,017,882 | ---- | C] () -- C:\Users\Yvonne\Documents\Bücher.ods [2013.01.25 20:21:33 | 000,000,241 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2013.01.25 20:21:33 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2013.01.25 20:20:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.01.25 20:17:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.04.05 18:25:34 | 000,075,264 | ---- | C] () -- C:\Users\Yvonne\AppData\Roaming\skype.dat [2011.11.10 09:41:05 | 000,004,608 | ---- | C] () -- C:\Users\Yvonne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.10 09:35:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.07.18 19:03:48 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011.07.18 19:02:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011.07.18 19:00:59 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2010.02.20 19:58:57 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.02.20 19:04:48 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.05.2013 14:10:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = g:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 3,44 Gb Available Physical Memory | 86,80% Memory free
8,11 Gb Paging File | 7,70 Gb Available in Paging File | 94,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,02 Gb Total Space | 199,74 Gb Free Space | 69,83% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive E: | 12,07 Gb Total Space | 1,93 Gb Free Space | 16,01% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 6,43 Gb Free Space | 86,21% Space Free | Partition Type: FAT32
Computer Name: YVONNE-PC | User Name: Yvonne | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2116707517-3129132125-347974426-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 4C D5 8C 58 CF 47 CC 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C37734A-8257-424D-9322-22DC9E74EC94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{43BCEB24-78E1-4546-90A6-51134BD8786B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6A14EA60-784E-4089-AF44-41D312562E6D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{79D2B676-B311-454E-A259-B467B463A46E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{96ECFC3F-FFD8-40B4-8183-82EC368FB302}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AE212924-6005-4817-9F25-3120A0F4336F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC33E1AE-BAE1-45E6-BDF6-D05F8CD14B7D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C3656A8F-9F9B-4D1F-975C-36A83FEB46E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7EDC6E2-E489-4101-8009-A0E2D25DE0FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DAC2C618-64D5-4B36-B39D-10409CC0E901}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0073F468-85D1-4D83-9AD2-80B18999298D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{086FD524-6C21-419E-9BD8-7956057E1AE5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{2240C62D-EE42-40E1-B9D5-23792F9DF675}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{2FECA000-F532-47A2-B7ED-C3263FD2DF93}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{34879060-81A2-4846-A688-52786CFC51DE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{4642D4EA-5A28-404A-B56C-FD3857AE4A85}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4BB5A05C-6060-44BF-ACC6-D6FB617983B5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{51D30920-0DA9-4E25-A662-EF39E172113B}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
"{570161D4-AF59-44B0-B09C-ED7A806850CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{623C848C-A48E-4CF0-9A01-704891361408}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{76E08F9F-E342-463F-9D1B-F4D7A72145DF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{793E2237-27C4-4180-A420-778B3CC70AE7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{7A1EB2F2-3648-4CE2-84A1-ECA4489DDDD2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{8329E12E-AB33-4C83-8DBB-2DD80308E2AB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{9FCACF34-BBE2-43E2-9DD4-2E7A3899CFA2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{A04CB8AC-56F5-4593-9631-378F2366C5AF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{B19C84C5-7874-4839-B284-8F70F0DD5773}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BEA66870-7E24-478E-90E1-6A6A5E208CD1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{CE71B556-EC0C-4BB5-8594-46FD79DEA903}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E8E3CD8F-D979-451C-AF0E-3EDAADFD341B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{F685AD61-BDA1-4F60-BE49-92582F6E31D6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{F8D2220B-43FB-4400-8525-0C2CB0619820}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{191C1158-D287-4074-B749-D4CDD321E062}" = ProtectSmart Hard Drive Protection
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
"{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}" = DigitalPersona Personal 4.11
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{294C633F-6933-4F86-A305-BFDF9FCE9EFF}" = HP User Guides 0116
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J220
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.64.46
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"WildTangent hp Master Uninstall" = My HP Games
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2116707517-3129132125-347974426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.04.2013 04:52:28 | Computer Name = Yvonne-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.04.2013 04:52:34 | Computer Name = Yvonne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel
0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3, Prozess-ID 0xcd8, Anwendungsstartzeit
01ce3b48df2e6ceb.
Error - 03.05.2013 02:44:45 | Computer Name = Yvonne-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2013 02:46:10 | Computer Name = Yvonne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel
0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3, Prozess-ID 0x4cc, Anwendungsstartzeit
01ce47c9d2c43593.
Error - 03.05.2013 03:03:49 | Computer Name = Yvonne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e02a1e, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28da13,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000027513, Prozess-ID 0x718, Anwendungsstartzeit
01ce47cc518d9d0c.
Error - 03.05.2013 03:04:07 | Computer Name = Yvonne-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2013 05:51:13 | Computer Name = Yvonne-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.05.2013 11:29:13 | Computer Name = Yvonne-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.05.2013 11:29:20 | Computer Name = Yvonne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel
0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3, Prozess-ID 0xce4, Anwendungsstartzeit
01ce4a6e618085df.
Error - 06.05.2013 11:44:21 | Computer Name = Yvonne-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 20.02.2010 13:45:05 | Computer Name = Yvonne-PC | Source = ehRecvr | ID = 3
Description =
[ System Events ]
Error - 21.07.2011 15:39:48 | Computer Name = Yvonne-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21.07.2011 15:39:48 | Computer Name = Yvonne-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 21.07.2011 18:16:48 | Computer Name = Yvonne-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 21.07.2011 18:16:51 | Computer Name = Yvonne-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 10.11.2011 03:35:32 | Computer Name = Yvonne-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2011 03:35:32 | Computer Name = Yvonne-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 10.11.2011 03:36:45 | Computer Name = Yvonne-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 05.04.2012 11:55:27 | Computer Name = Yvonne-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05.04.2012 11:55:27 | Computer Name = Yvonne-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 05.04.2012 11:59:20 | Computer Name = Yvonne-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
< End of report >
Danke schon mal im vorraus. |
|
07.05.2013, 14:09
| #2 |
| /// Malware-holic   | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O20 - HKU\S-1-5-21-2116707517-3129132125-347974426-1000 Winlogon: Shell - (C:\Users\Yvonne\AppData\Roaming\skype.dat) - C:\Users\Yvonne\AppData\Roaming\skype.dat
()
[2013.05.07 14:02:13 | 000,000,004 | ---- | M] () -- C:\Users\Yvonne\AppData\Roaming\skype.ini
:files
C:\Users\Yvonne\AppData\Roaming\skype.dat
:Commands
[emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
07.05.2013, 14:31
| #3 |
| | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung Hallo markusg,
__________________konnte die zip ohne schwierigkeiten hochladen. Was kommt als nächstes? |
|
07.05.2013, 14:32
| #4 |
| /// Malware-holic | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung Hi, teste, ob der normale Modus läuft. Wenn dem so ist: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.05.2013, 14:49
| #5 |
| | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung Hallo hier der log vom TDSSKiller Code:
ATTFilter 15:42:02.0338 4364 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:42:02.0572 4364 ============================================================
15:42:02.0572 4364 Current date / time: 2013/05/07 15:42:02.0572
15:42:02.0572 4364 SystemInfo:
15:42:02.0572 4364
15:42:02.0572 4364 OS Version: 6.0.6002 ServicePack: 2.0
15:42:02.0572 4364 Product type: Workstation
15:42:02.0572 4364 ComputerName: YVONNE-PC
15:42:02.0572 4364 UserName: Yvonne
15:42:02.0572 4364 Windows directory: C:\Windows
15:42:02.0572 4364 System windows directory: C:\Windows
15:42:02.0572 4364 Running under WOW64
15:42:02.0572 4364 Processor architecture: Intel x64
15:42:02.0572 4364 Number of processors: 4
15:42:02.0572 4364 Page size: 0x1000
15:42:02.0572 4364 Boot type: Normal boot
15:42:02.0572 4364 ============================================================
15:42:03.0789 4364 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:42:03.0789 4364 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:42:03.0804 4364 Drive \Device\Harddisk2\DR2 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:42:03.0804 4364 ============================================================
15:42:03.0804 4364 \Device\Harddisk1\DR1:
15:42:03.0804 4364 MBR partitions:
15:42:03.0804 4364 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23C0A800
15:42:03.0804 4364 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x23C0B000, BlocksNum 0x1822000
15:42:03.0804 4364 \Device\Harddisk0\DR0:
15:42:03.0804 4364 MBR partitions:
15:42:03.0804 4364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:42:03.0804 4364 \Device\Harddisk2\DR2:
15:42:03.0820 4364 MBR partitions:
15:42:03.0820 4364 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x30, BlocksNum 0xEEFFCF
15:42:03.0820 4364 ============================================================
15:42:03.0867 4364 C: <-> \Device\Harddisk1\DR1\Partition1
15:42:04.0225 4364 D: <-> \Device\Harddisk0\DR0\Partition1
15:42:04.0459 4364 E: <-> \Device\Harddisk1\DR1\Partition2
15:42:04.0459 4364 ============================================================
15:42:04.0459 4364 Initialize success
15:42:04.0459 4364 ============================================================
15:43:38.0592 4680 ============================================================
15:43:38.0592 4680 Scan started
15:43:38.0592 4680 Mode: Manual; SigCheck; TDLFS;
15:43:38.0592 4680 ============================================================
15:43:39.0526 4680 ================ Scan system memory ========================
15:43:39.0526 4680 System memory - ok
15:43:39.0528 4680 ================ Scan services =============================
15:43:39.0805 4680 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
15:43:39.0955 4680 Accelerometer - ok
15:43:40.0002 4680 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:43:40.0033 4680 ACPI - ok
15:43:40.0251 4680 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:40.0298 4680 AdobeFlashPlayerUpdateSvc - ok
15:43:40.0345 4680 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:43:40.0439 4680 adp94xx - ok
15:43:40.0454 4680 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:43:40.0485 4680 adpahci - ok
15:43:40.0501 4680 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:43:40.0532 4680 adpu160m - ok
15:43:40.0532 4680 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:43:40.0563 4680 adpu320 - ok
15:43:40.0595 4680 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:43:40.0735 4680 AeLookupSvc - ok
15:43:41.0109 4680 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe
15:43:41.0203 4680 AESTFilters - ok
15:43:41.0265 4680 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
15:43:41.0359 4680 AFD - ok
15:43:41.0406 4680 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:43:41.0421 4680 agp440 - ok
15:43:41.0453 4680 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:43:41.0484 4680 aic78xx - ok
15:43:41.0515 4680 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
15:43:41.0687 4680 ALG - ok
15:43:41.0702 4680 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys
15:43:41.0733 4680 aliide - ok
15:43:41.0733 4680 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys
15:43:41.0765 4680 amdide - ok
15:43:41.0796 4680 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:43:41.0843 4680 AmdK8 - ok
15:43:41.0967 4680 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:43:41.0983 4680 AntiVirSchedulerService - ok
15:43:42.0014 4680 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:43:42.0030 4680 AntiVirService - ok
15:43:42.0045 4680 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
15:43:42.0139 4680 Appinfo - ok
15:43:42.0155 4680 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
15:43:42.0186 4680 arc - ok
15:43:42.0201 4680 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:43:42.0217 4680 arcsas - ok
15:43:42.0248 4680 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:42.0311 4680 AsyncMac - ok
15:43:42.0326 4680 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
15:43:42.0357 4680 atapi - ok
15:43:42.0404 4680 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:43:42.0467 4680 AudioEndpointBuilder - ok
15:43:42.0482 4680 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:43:42.0529 4680 AudioSrv - ok
15:43:42.0560 4680 [ DFEC23C325AD5E4E66365F8C44FAD7BA ] AVerAF15 C:\Windows\system32\Drivers\AVerAF15.sys
15:43:42.0607 4680 AVerAF15 - ok
15:43:42.0623 4680 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:43:42.0638 4680 avgntflt - ok
15:43:42.0685 4680 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:43:42.0701 4680 avipbb - ok
15:43:42.0716 4680 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:43:42.0732 4680 avkmgr - ok
15:43:42.0794 4680 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
15:43:42.0919 4680 BFE - ok
15:43:43.0028 4680 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
15:43:43.0231 4680 BITS - ok
15:43:43.0247 4680 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:43:43.0293 4680 blbdrive - ok
15:43:43.0325 4680 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:43:43.0356 4680 bowser - ok
15:43:43.0387 4680 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:43:43.0418 4680 BrFiltLo - ok
15:43:43.0418 4680 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:43:43.0465 4680 BrFiltUp - ok
15:43:43.0496 4680 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
15:43:43.0559 4680 Browser - ok
15:43:43.0605 4680 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
15:43:43.0808 4680 Brserid - ok
15:43:43.0839 4680 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:43:43.0933 4680 BrSerWdm - ok
15:43:43.0964 4680 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:43:44.0058 4680 BrUsbMdm - ok
15:43:44.0073 4680 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:43:44.0136 4680 BrUsbSer - ok
15:43:44.0183 4680 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
15:43:44.0198 4680 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
15:43:44.0198 4680 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
15:43:44.0261 4680 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
15:43:44.0292 4680 BthEnum - ok
15:43:44.0323 4680 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:43:44.0385 4680 BTHMODEM - ok
15:43:44.0417 4680 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:43:44.0463 4680 BthPan - ok
15:43:44.0526 4680 [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:43:44.0573 4680 BTHPORT - ok
15:43:44.0604 4680 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
15:43:44.0635 4680 BthServ - ok
15:43:44.0651 4680 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:43:44.0682 4680 BTHUSB - ok
15:43:44.0744 4680 [ 0C5D9C8B412BE72C4535EC67A24C01DB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:43:44.0760 4680 btwaudio - ok
15:43:44.0775 4680 [ DF18E4291C43BED05B1D0C2D5C0E96D6 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
15:43:44.0791 4680 btwavdt - ok
15:43:44.0900 4680 [ D724316F5AA1AB1870E57F0BFC017F64 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:43:44.0947 4680 btwdins - ok
15:43:44.0978 4680 [ 637A44C54520A9958E2E5E3EE9E26C4A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:43:44.0994 4680 btwrchid - ok
15:43:44.0994 4680 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:43:45.0072 4680 cdfs - ok
15:43:45.0103 4680 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:43:45.0165 4680 cdrom - ok
15:43:45.0197 4680 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
15:43:45.0259 4680 CertPropSvc - ok
15:43:45.0290 4680 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:43:45.0368 4680 circlass - ok
15:43:45.0415 4680 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
15:43:45.0462 4680 CLFS - ok
15:43:45.0540 4680 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:45.0555 4680 clr_optimization_v2.0.50727_32 - ok
15:43:45.0587 4680 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:43:45.0602 4680 clr_optimization_v2.0.50727_64 - ok
15:43:45.0665 4680 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:45.0696 4680 clr_optimization_v4.0.30319_32 - ok
15:43:45.0727 4680 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:43:45.0758 4680 clr_optimization_v4.0.30319_64 - ok
15:43:45.0774 4680 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:45.0836 4680 CmBatt - ok
15:43:45.0852 4680 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:43:45.0867 4680 cmdide - ok
15:43:45.0945 4680 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:43:45.0961 4680 Com4QLBEx - ok
15:43:45.0977 4680 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:43:45.0992 4680 Compbatt - ok
15:43:46.0008 4680 COMSysApp - ok
15:43:46.0023 4680 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:43:46.0039 4680 crcdisk - ok
15:43:46.0086 4680 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:43:46.0133 4680 CryptSvc - ok
15:43:46.0211 4680 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:43:46.0273 4680 DcomLaunch - ok
15:43:46.0320 4680 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:43:46.0367 4680 DfsC - ok
15:43:46.0819 4680 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
15:43:47.0583 4680 DFSR - ok
15:43:47.0630 4680 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:43:47.0677 4680 Dhcp - ok
15:43:47.0724 4680 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
15:43:47.0739 4680 disk - ok
15:43:47.0849 4680 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:43:47.0895 4680 Dnscache - ok
15:43:47.0942 4680 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
15:43:48.0005 4680 dot3svc - ok
15:43:48.0098 4680 [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
15:43:48.0129 4680 DpHost ( UnsignedFile.Multi.Generic ) - warning
15:43:48.0129 4680 DpHost - detected UnsignedFile.Multi.Generic (1)
15:43:48.0176 4680 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
15:43:48.0254 4680 DPS - ok
15:43:48.0285 4680 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:43:48.0332 4680 drmkaud - ok
15:43:48.0426 4680 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:43:48.0519 4680 DXGKrnl - ok
15:43:48.0566 4680 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
15:43:48.0613 4680 E1G60 - ok
15:43:48.0644 4680 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
15:43:48.0707 4680 EapHost - ok
15:43:48.0738 4680 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
15:43:48.0753 4680 Ecache - ok
15:43:48.0847 4680 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:43:48.0956 4680 ehRecvr - ok
15:43:48.0972 4680 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
15:43:49.0003 4680 ehSched - ok
15:43:49.0034 4680 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
15:43:49.0065 4680 ehstart - ok
15:43:49.0112 4680 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:43:49.0143 4680 elxstor - ok
15:43:49.0175 4680 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:43:49.0237 4680 EMDMgmt - ok
15:43:49.0284 4680 [ F218A3A27ED6592C0E22EC3595554447 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
15:43:49.0346 4680 enecir - ok
15:43:49.0393 4680 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:43:49.0487 4680 ErrDev - ok
15:43:49.0565 4680 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
15:43:49.0643 4680 EventSystem - ok
15:43:49.0674 4680 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
15:43:49.0736 4680 exfat - ok
15:43:49.0736 4680 ezSharedSvc - ok
15:43:49.0830 4680 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:43:49.0923 4680 fastfat - ok
15:43:49.0970 4680 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:43:50.0033 4680 fdc - ok
15:43:50.0064 4680 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
15:43:50.0142 4680 fdPHost - ok
15:43:50.0157 4680 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
15:43:50.0267 4680 FDResPub - ok
15:43:50.0313 4680 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:43:50.0345 4680 FileInfo - ok
15:43:50.0391 4680 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:43:50.0438 4680 Filetrace - ok
15:43:50.0469 4680 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:50.0579 4680 flpydisk - ok
15:43:50.0641 4680 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:43:50.0703 4680 FltMgr - ok
15:43:50.0781 4680 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
15:43:50.0922 4680 FontCache - ok
15:43:50.0984 4680 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:43:51.0000 4680 FontCache3.0.0.0 - ok
15:43:51.0078 4680 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:43:51.0125 4680 Fs_Rec - ok
15:43:51.0156 4680 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:43:51.0171 4680 gagp30kx - ok
15:43:51.0203 4680 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
15:43:51.0218 4680 GameConsoleService - ok
15:43:51.0265 4680 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
15:43:51.0327 4680 gpsvc - ok
15:43:51.0374 4680 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:43:51.0483 4680 HdAudAddService - ok
15:43:51.0593 4680 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:43:51.0671 4680 HDAudBus - ok
15:43:51.0686 4680 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:43:51.0764 4680 HidBth - ok
15:43:51.0795 4680 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:43:51.0827 4680 HidIr - ok
15:43:51.0889 4680 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
15:43:51.0920 4680 hidserv - ok
15:43:51.0951 4680 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:43:51.0998 4680 HidUsb - ok
15:43:52.0045 4680 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
15:43:52.0139 4680 hkmsvc - ok
15:43:52.0263 4680 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:43:52.0279 4680 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
15:43:52.0279 4680 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
15:43:52.0326 4680 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:43:52.0341 4680 HpCISSs - ok
15:43:52.0357 4680 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
15:43:52.0373 4680 hpdskflt - ok
15:43:52.0404 4680 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:43:52.0435 4680 HpqKbFiltr - ok
15:43:52.0482 4680 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:43:52.0482 4680 hpqwmiex - ok
15:43:52.0529 4680 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
15:43:52.0544 4680 hpsrv - ok
15:43:52.0653 4680 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:43:52.0731 4680 HTTP - ok
15:43:52.0763 4680 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:43:52.0778 4680 i2omp - ok
15:43:52.0809 4680 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:43:52.0856 4680 i8042prt - ok
15:43:52.0872 4680 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:43:52.0903 4680 iaStorV - ok
15:43:53.0090 4680 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:43:53.0137 4680 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:43:53.0137 4680 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:43:53.0215 4680 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:43:53.0262 4680 idsvc - ok
15:43:53.0293 4680 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:43:53.0309 4680 iirsp - ok
15:43:53.0371 4680 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
15:43:53.0418 4680 IKEEXT - ok
15:43:53.0465 4680 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys
15:43:53.0480 4680 intelide - ok
15:43:53.0496 4680 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:43:53.0543 4680 intelppm - ok
15:43:53.0558 4680 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:43:53.0621 4680 IPBusEnum - ok
15:43:53.0636 4680 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:53.0683 4680 IpFilterDriver - ok
15:43:53.0714 4680 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:43:53.0761 4680 iphlpsvc - ok
15:43:53.0777 4680 IpInIp - ok
15:43:53.0808 4680 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:43:53.0855 4680 IPMIDRV - ok
15:43:53.0870 4680 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:43:53.0933 4680 IPNAT - ok
15:43:53.0948 4680 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:43:53.0979 4680 IRENUM - ok
15:43:54.0011 4680 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:43:54.0026 4680 isapnp - ok
15:43:54.0057 4680 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:43:54.0089 4680 iScsiPrt - ok
15:43:54.0104 4680 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:43:54.0120 4680 iteatapi - ok
15:43:54.0120 4680 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:43:54.0135 4680 iteraid - ok
15:43:54.0167 4680 [ 54DF9EAFB54A98E1A2AC3DB69C16CF05 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
15:43:54.0198 4680 JMCR - ok
15:43:54.0213 4680 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:54.0229 4680 kbdclass - ok
15:43:54.0260 4680 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:54.0307 4680 kbdhid - ok
15:43:54.0338 4680 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
15:43:54.0385 4680 KeyIso - ok
15:43:54.0432 4680 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:43:54.0494 4680 KSecDD - ok
15:43:54.0525 4680 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:43:54.0588 4680 ksthunk - ok
15:43:54.0635 4680 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
15:43:54.0681 4680 KtmRm - ok
15:43:54.0728 4680 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:43:54.0791 4680 LanmanServer - ok
15:43:54.0822 4680 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:43:54.0853 4680 LanmanWorkstation - ok
15:43:54.0884 4680 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:43:54.0931 4680 lltdio - ok
15:43:54.0962 4680 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:43:55.0009 4680 lltdsvc - ok
15:43:55.0040 4680 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:43:55.0087 4680 lmhosts - ok
15:43:55.0118 4680 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:43:55.0134 4680 LSI_FC - ok
15:43:55.0149 4680 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:43:55.0165 4680 LSI_SAS - ok
15:43:55.0181 4680 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:43:55.0196 4680 LSI_SCSI - ok
15:43:55.0196 4680 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
15:43:55.0243 4680 luafv - ok
15:43:55.0274 4680 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:43:55.0290 4680 Mcx2Svc - ok
15:43:55.0305 4680 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
15:43:55.0321 4680 megasas - ok
15:43:55.0337 4680 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:43:55.0368 4680 MegaSR - ok
15:43:55.0383 4680 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
15:43:55.0430 4680 MMCSS - ok
15:43:55.0446 4680 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
15:43:55.0508 4680 Modem - ok
15:43:55.0539 4680 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:43:55.0586 4680 monitor - ok
15:43:55.0617 4680 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:43:55.0633 4680 mouclass - ok
15:43:55.0664 4680 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:43:55.0695 4680 mouhid - ok
15:43:55.0711 4680 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:43:55.0727 4680 MountMgr - ok
15:43:55.0742 4680 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
15:43:55.0758 4680 mpio - ok
15:43:55.0773 4680 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:43:55.0820 4680 mpsdrv - ok
15:43:55.0914 4680 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
15:43:55.0976 4680 MpsSvc - ok
15:43:55.0992 4680 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:43:56.0007 4680 Mraid35x - ok
15:43:56.0023 4680 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:43:56.0054 4680 MRxDAV - ok
15:43:56.0085 4680 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:56.0117 4680 mrxsmb - ok
15:43:56.0132 4680 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:56.0163 4680 mrxsmb10 - ok
15:43:56.0163 4680 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:56.0195 4680 mrxsmb20 - ok
15:43:56.0226 4680 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
15:43:56.0241 4680 msahci - ok
15:43:56.0273 4680 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:43:56.0288 4680 msdsm - ok
15:43:56.0304 4680 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
15:43:56.0382 4680 MSDTC - ok
15:43:56.0397 4680 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:43:56.0460 4680 Msfs - ok
15:43:56.0491 4680 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:43:56.0507 4680 msisadrv - ok
15:43:56.0522 4680 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:43:56.0585 4680 MSiSCSI - ok
15:43:56.0600 4680 msiserver - ok
15:43:56.0631 4680 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:43:56.0678 4680 MSKSSRV - ok
15:43:56.0694 4680 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:56.0741 4680 MSPCLOCK - ok
15:43:56.0756 4680 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:43:56.0803 4680 MSPQM - ok
15:43:56.0850 4680 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:43:56.0881 4680 MsRPC - ok
15:43:56.0897 4680 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:43:56.0912 4680 mssmbios - ok
15:43:56.0943 4680 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:43:57.0006 4680 MSTEE - ok
15:43:57.0037 4680 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
15:43:57.0068 4680 Mup - ok
15:43:57.0099 4680 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
15:43:57.0177 4680 napagent - ok
15:43:57.0224 4680 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:43:57.0255 4680 NativeWifiP - ok
15:43:57.0302 4680 NAVENG - ok
15:43:57.0302 4680 NAVEX15 - ok
15:43:57.0349 4680 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:43:57.0380 4680 NDIS - ok
15:43:57.0396 4680 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:57.0443 4680 NdisTapi - ok
15:43:57.0458 4680 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:57.0521 4680 Ndisuio - ok
15:43:57.0552 4680 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:57.0599 4680 NdisWan - ok
15:43:57.0599 4680 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:43:57.0677 4680 NDProxy - ok
15:43:57.0692 4680 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:43:57.0770 4680 NetBIOS - ok
15:43:57.0833 4680 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:43:57.0895 4680 netbt - ok
15:43:57.0895 4680 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
15:43:57.0926 4680 Netlogon - ok
15:43:58.0082 4680 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
15:43:58.0191 4680 Netman - ok
15:43:58.0254 4680 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
15:43:58.0332 4680 netprofm - ok
15:43:58.0363 4680 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:58.0394 4680 NetTcpPortSharing - ok
15:43:58.0597 4680 [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys
15:43:58.0878 4680 NETw3v64 - ok
15:43:59.0143 4680 [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
15:43:59.0829 4680 NETw5v64 - ok
15:43:59.0845 4680 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:43:59.0861 4680 nfrd960 - ok
15:43:59.0892 4680 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
15:43:59.0939 4680 NlaSvc - ok
15:43:59.0954 4680 Norton Internet Security - ok
15:43:59.0970 4680 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:44:00.0017 4680 Npfs - ok
15:44:00.0032 4680 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
15:44:00.0079 4680 nsi - ok
15:44:00.0110 4680 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:44:00.0188 4680 nsiproxy - ok
15:44:00.0407 4680 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:44:00.0485 4680 Ntfs - ok
15:44:00.0500 4680 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
15:44:00.0547 4680 Null - ok
15:44:00.0578 4680 [ FD2A56F66FBC5360BF25193083516408 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:44:00.0594 4680 NVHDA - ok
15:44:01.0686 4680 [ BBE872A814B00798C2D568D46C42A71B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:44:04.0385 4680 nvlddmkm - ok
15:44:04.0416 4680 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:44:04.0431 4680 nvraid - ok
15:44:04.0431 4680 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:44:04.0447 4680 nvstor - ok
15:44:04.0509 4680 [ 6C076FE337DC99400C3181CBB289D057 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:44:04.0541 4680 nvsvc - ok
15:44:04.0587 4680 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:44:04.0603 4680 nv_agp - ok
15:44:04.0603 4680 NwlnkFlt - ok
15:44:04.0603 4680 NwlnkFwd - ok
15:44:04.0650 4680 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:44:04.0681 4680 ohci1394 - ok
15:44:04.0743 4680 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:44:04.0821 4680 p2pimsvc - ok
15:44:04.0837 4680 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
15:44:04.0868 4680 p2psvc - ok
15:44:04.0899 4680 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
15:44:04.0977 4680 Parport - ok
15:44:04.0993 4680 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:44:05.0040 4680 partmgr - ok
15:44:05.0071 4680 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
15:44:05.0118 4680 PcaSvc - ok
15:44:05.0133 4680 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
15:44:05.0165 4680 pci - ok
15:44:05.0180 4680 [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide C:\Windows\system32\drivers\pciide.sys
15:44:05.0196 4680 pciide - ok
15:44:05.0227 4680 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:44:05.0258 4680 pcmcia - ok
15:44:05.0289 4680 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:44:05.0383 4680 PEAUTH - ok
15:44:05.0648 4680 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:44:05.0711 4680 PerfHost - ok
15:44:05.0960 4680 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
15:44:06.0085 4680 pla - ok
15:44:06.0147 4680 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:44:06.0194 4680 PlugPlay - ok
15:44:06.0241 4680 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:44:06.0288 4680 PNRPAutoReg - ok
15:44:06.0303 4680 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:44:06.0381 4680 PNRPsvc - ok
15:44:06.0428 4680 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:44:06.0475 4680 PolicyAgent - ok
15:44:06.0506 4680 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:44:06.0553 4680 PptpMiniport - ok
15:44:06.0584 4680 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
15:44:06.0631 4680 Processor - ok
15:44:06.0662 4680 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
15:44:06.0709 4680 ProfSvc - ok
15:44:06.0725 4680 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
15:44:06.0740 4680 ProtectedStorage - ok
15:44:06.0771 4680 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:44:06.0803 4680 PSched - ok
15:44:06.0959 4680 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:44:07.0052 4680 ql2300 - ok
15:44:07.0099 4680 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:44:07.0130 4680 ql40xx - ok
15:44:07.0146 4680 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
15:44:07.0193 4680 QWAVE - ok
15:44:07.0208 4680 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:44:07.0224 4680 QWAVEdrv - ok
15:44:07.0239 4680 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:44:07.0286 4680 RasAcd - ok
15:44:07.0317 4680 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
15:44:07.0380 4680 RasAuto - ok
15:44:07.0411 4680 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:44:07.0489 4680 Rasl2tp - ok
15:44:07.0520 4680 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
15:44:07.0614 4680 RasMan - ok
15:44:07.0645 4680 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:44:07.0692 4680 RasPppoe - ok
15:44:07.0785 4680 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:44:07.0848 4680 RasSstp - ok
15:44:07.0879 4680 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:44:07.0910 4680 rdbss - ok
15:44:07.0941 4680 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:44:07.0988 4680 RDPCDD - ok
15:44:08.0019 4680 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:44:08.0082 4680 rdpdr - ok
15:44:08.0097 4680 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:44:08.0144 4680 RDPENCDD - ok
15:44:08.0191 4680 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:44:08.0238 4680 RDPWD - ok
15:44:08.0378 4680 [ BC0A4D47472B042537F4E57B950415FA ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
15:44:08.0441 4680 Recovery Service for Windows - ok
15:44:08.0472 4680 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:44:08.0534 4680 RemoteAccess - ok
15:44:08.0659 4680 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:44:08.0721 4680 RemoteRegistry - ok
15:44:08.0753 4680 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:44:08.0784 4680 RFCOMM - ok
15:44:08.0831 4680 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:44:08.0846 4680 RichVideo ( UnsignedFile.Multi.Generic ) - warning
15:44:08.0846 4680 RichVideo - detected UnsignedFile.Multi.Generic (1)
15:44:08.0862 4680 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
15:44:08.0924 4680 RpcLocator - ok
15:44:09.0080 4680 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
15:44:09.0127 4680 RpcSs - ok
15:44:09.0158 4680 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:44:09.0221 4680 rspndr - ok
15:44:09.0267 4680 [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
15:44:09.0330 4680 RTL8169 - ok
15:44:09.0345 4680 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
15:44:09.0361 4680 SamSs - ok
15:44:09.0408 4680 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:44:09.0439 4680 sbp2port - ok
15:44:09.0455 4680 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:44:09.0501 4680 SCardSvr - ok
15:44:09.0611 4680 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
15:44:09.0735 4680 Schedule - ok
15:44:09.0782 4680 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:44:09.0813 4680 SCPolicySvc - ok
15:44:09.0876 4680 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:44:09.0954 4680 sdbus - ok
15:44:09.0969 4680 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:44:10.0032 4680 SDRSVC - ok
15:44:10.0063 4680 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:44:10.0141 4680 secdrv - ok
15:44:10.0172 4680 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
15:44:10.0250 4680 seclogon - ok
15:44:10.0266 4680 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
15:44:10.0328 4680 SENS - ok
15:44:10.0344 4680 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:44:10.0422 4680 Serenum - ok
15:44:10.0437 4680 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
15:44:10.0515 4680 Serial - ok
15:44:10.0531 4680 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:44:10.0593 4680 sermouse - ok
15:44:10.0609 4680 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
15:44:10.0671 4680 SessionEnv - ok
15:44:10.0671 4680 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:44:10.0718 4680 sffdisk - ok
15:44:10.0718 4680 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:44:10.0765 4680 sffp_mmc - ok
15:44:10.0796 4680 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:44:10.0843 4680 sffp_sd - ok
15:44:10.0859 4680 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:44:10.0921 4680 sfloppy - ok
15:44:10.0952 4680 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:44:11.0015 4680 SharedAccess - ok
15:44:11.0077 4680 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:44:11.0139 4680 ShellHWDetection - ok
15:44:11.0171 4680 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:44:11.0186 4680 SiSRaid2 - ok
15:44:11.0202 4680 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:44:11.0217 4680 SiSRaid4 - ok
15:44:11.0373 4680 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
15:44:11.0592 4680 slsvc - ok
15:44:11.0623 4680 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:44:11.0670 4680 SLUINotify - ok
15:44:11.0732 4680 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:44:11.0779 4680 Smb - ok
15:44:11.0826 4680 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:44:11.0873 4680 SNMPTRAP - ok
15:44:11.0888 4680 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
15:44:11.0904 4680 spldr - ok
15:44:12.0044 4680 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
15:44:12.0075 4680 Spooler - ok
15:44:12.0107 4680 SRTSP - ok
15:44:12.0107 4680 SRTSPX - ok
15:44:12.0138 4680 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
15:44:12.0200 4680 srv - ok
15:44:12.0231 4680 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:44:12.0278 4680 srv2 - ok
15:44:12.0278 4680 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:44:12.0309 4680 srvnet - ok
15:44:12.0341 4680 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:44:12.0387 4680 SSDPSRV - ok
15:44:12.0434 4680 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:44:12.0481 4680 SstpSvc - ok
15:44:12.0824 4680 [ 72EB6157E892A674E47E08732BB5CCE3 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
15:44:12.0871 4680 STacSV - ok
15:44:12.0918 4680 [ 0C7BDA7E9A329A071C080EB5210FE019 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:44:12.0949 4680 STHDA - ok
15:44:12.0980 4680 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
15:44:13.0011 4680 stisvc - ok
15:44:13.0074 4680 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:44:13.0089 4680 swenum - ok
15:44:13.0136 4680 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
15:44:13.0214 4680 swprv - ok
15:44:13.0230 4680 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:44:13.0245 4680 Symc8xx - ok
15:44:13.0261 4680 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:44:13.0277 4680 Sym_hi - ok
15:44:13.0277 4680 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:44:13.0292 4680 Sym_u3 - ok
15:44:13.0355 4680 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:44:13.0370 4680 SynTP - ok
15:44:13.0448 4680 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
15:44:13.0573 4680 SysMain - ok
15:44:13.0604 4680 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:44:13.0651 4680 TabletInputService - ok
15:44:13.0729 4680 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:44:13.0776 4680 TapiSrv - ok
15:44:13.0807 4680 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
15:44:13.0854 4680 TBS - ok
15:44:13.0979 4680 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:44:14.0072 4680 Tcpip - ok
15:44:14.0103 4680 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:44:14.0244 4680 Tcpip6 - ok
15:44:14.0291 4680 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:44:14.0337 4680 tcpipreg - ok
15:44:14.0369 4680 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:44:14.0447 4680 TDPIPE - ok
15:44:14.0447 4680 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:44:14.0509 4680 TDTCP - ok
15:44:14.0540 4680 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:44:14.0587 4680 tdx - ok
15:44:14.0634 4680 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:44:14.0649 4680 TermDD - ok
15:44:14.0759 4680 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
15:44:14.0883 4680 TermService - ok
15:44:14.0946 4680 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
15:44:14.0961 4680 Themes - ok
15:44:15.0008 4680 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
15:44:15.0039 4680 THREADORDER - ok
15:44:15.0086 4680 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
15:44:15.0149 4680 TrkWks - ok
15:44:15.0195 4680 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:44:15.0242 4680 TrustedInstaller - ok
15:44:15.0273 4680 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:15.0320 4680 tssecsrv - ok
15:44:15.0336 4680 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:44:15.0367 4680 tunmp - ok
15:44:15.0383 4680 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:44:15.0414 4680 tunnel - ok
15:44:15.0539 4680 [ 1C31169DDDC70C1605F703DA701EAEEA ] TVCapSvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
15:44:15.0554 4680 TVCapSvc - ok
15:44:15.0570 4680 [ 290B8C381DBC15D3DBCBD2BDB6B0BA12 ] TVSched C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
15:44:15.0585 4680 TVSched - ok
15:44:15.0679 4680 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:44:15.0710 4680 uagp35 - ok
15:44:15.0741 4680 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:44:15.0804 4680 udfs - ok
15:44:15.0851 4680 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:44:15.0897 4680 UI0Detect - ok
15:44:15.0944 4680 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:44:15.0960 4680 uliagpkx - ok
15:44:15.0991 4680 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:44:16.0022 4680 uliahci - ok
15:44:16.0022 4680 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:44:16.0038 4680 UlSata - ok
15:44:16.0053 4680 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:44:16.0069 4680 ulsata2 - ok
15:44:16.0085 4680 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:44:16.0131 4680 umbus - ok
15:44:16.0147 4680 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
15:44:16.0303 4680 upnphost - ok
15:44:16.0381 4680 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:16.0412 4680 usbccgp - ok
15:44:16.0459 4680 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:44:16.0537 4680 usbcir - ok
15:44:16.0568 4680 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:44:16.0599 4680 usbehci - ok
15:44:16.0631 4680 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:44:16.0693 4680 usbhub - ok
15:44:16.0724 4680 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:44:16.0787 4680 usbohci - ok
15:44:16.0818 4680 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:44:16.0865 4680 usbprint - ok
15:44:16.0896 4680 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:44:16.0943 4680 usbscan - ok
15:44:16.0989 4680 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:17.0036 4680 USBSTOR - ok
15:44:17.0052 4680 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:17.0083 4680 usbuhci - ok
15:44:17.0130 4680 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:44:17.0177 4680 usbvideo - ok
15:44:17.0255 4680 [ C5B70A6AA947667CE0E5FC84A05EC8B6 ] usnjsvc C:\Program Files (x86)\MSN Messenger\usnsvc.exe
15:44:17.0270 4680 usnjsvc - ok
15:44:17.0301 4680 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
15:44:17.0333 4680 UxSms - ok
15:44:17.0395 4680 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
15:44:17.0442 4680 vds - ok
15:44:17.0489 4680 [ 4B6F9959F8DF8FADC8170CD8A6BCE5C2 ] vfsFPService C:\Windows\system32\vfsFPService.exe
15:44:17.0520 4680 vfsFPService - ok
15:44:17.0535 4680 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:17.0582 4680 vga - ok
15:44:17.0598 4680 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:44:17.0660 4680 VgaSave - ok
15:44:17.0738 4680 [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide C:\Windows\system32\drivers\viaide.sys
15:44:17.0754 4680 viaide - ok
15:44:17.0754 4680 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:44:17.0785 4680 volmgr - ok
15:44:17.0832 4680 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:44:17.0863 4680 volmgrx - ok
15:44:17.0879 4680 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:44:17.0910 4680 volsnap - ok
15:44:17.0988 4680 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:44:18.0003 4680 vsmraid - ok
15:44:18.0191 4680 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
15:44:18.0393 4680 VSS - ok
15:44:18.0456 4680 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
15:44:18.0612 4680 W32Time - ok
15:44:18.0627 4680 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:44:18.0752 4680 WacomPen - ok
15:44:18.0783 4680 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:44:18.0908 4680 Wanarp - ok
15:44:18.0908 4680 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:44:18.0939 4680 Wanarpv6 - ok
15:44:18.0971 4680 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:44:19.0049 4680 wcncsvc - ok
15:44:19.0111 4680 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:44:19.0158 4680 WcsPlugInService - ok
15:44:19.0173 4680 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
15:44:19.0205 4680 Wd - ok
15:44:19.0314 4680 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:44:19.0361 4680 Wdf01000 - ok
15:44:19.0392 4680 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:44:19.0439 4680 WdiServiceHost - ok
15:44:19.0454 4680 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:44:19.0501 4680 WdiSystemHost - ok
15:44:19.0548 4680 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
15:44:19.0563 4680 WebClient - ok
15:44:19.0626 4680 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:44:19.0719 4680 Wecsvc - ok
15:44:19.0766 4680 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:44:19.0797 4680 wercplsupport - ok
15:44:19.0813 4680 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
15:44:19.0860 4680 WerSvc - ok
15:44:19.0891 4680 WinDefend - ok
15:44:19.0907 4680 WinHttpAutoProxySvc - ok
15:44:20.0063 4680 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:44:20.0109 4680 Winmgmt - ok
15:44:20.0187 4680 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
15:44:20.0312 4680 WinRM - ok
15:44:20.0343 4680 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
15:44:20.0375 4680 WinUSB - ok
15:44:20.0421 4680 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:44:20.0546 4680 Wlansvc - ok
15:44:20.0609 4680 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:44:20.0640 4680 WmiAcpi - ok
15:44:20.0702 4680 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:44:20.0733 4680 wmiApSrv - ok
15:44:20.0780 4680 WMPNetworkSvc - ok
15:44:20.0843 4680 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:44:20.0889 4680 WPCSvc - ok
15:44:20.0921 4680 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:44:20.0983 4680 WPDBusEnum - ok
15:44:21.0264 4680 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:44:21.0326 4680 WPFFontCache_v0400 - ok
15:44:21.0357 4680 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:44:21.0435 4680 ws2ifsl - ok
15:44:21.0467 4680 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
15:44:21.0482 4680 wscsvc - ok
15:44:21.0498 4680 WSearch - ok
15:44:21.0763 4680 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:44:21.0981 4680 wuauserv - ok
15:44:22.0028 4680 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:44:22.0044 4680 WudfPf - ok
15:44:22.0075 4680 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:22.0091 4680 WUDFRd - ok
15:44:22.0122 4680 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:44:22.0153 4680 wudfsvc - ok
15:44:22.0231 4680 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
15:44:22.0340 4680 yukonx64 - ok
15:44:22.0465 4680 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
15:44:22.0481 4680 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:44:22.0481 4680 ================ Scan global ===============================
15:44:22.0527 4680 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
15:44:22.0543 4680 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
15:44:22.0574 4680 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
15:44:22.0605 4680 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
15:44:22.0605 4680 [Global] - ok
15:44:22.0605 4680 ================ Scan MBR ==================================
15:44:22.0621 4680 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk1\DR1
15:44:24.0992 4680 \Device\Harddisk1\DR1 - ok
15:44:25.0008 4680 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:44:25.0429 4680 \Device\Harddisk0\DR0 - ok
15:44:25.0429 4680 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
15:44:28.0159 4680 \Device\Harddisk2\DR2 - ok
15:44:28.0159 4680 ================ Scan VBR ==================================
15:44:28.0175 4680 [ 48876511941CB35567EB7C07D35D1F03 ] \Device\Harddisk1\DR1\Partition1
15:44:28.0175 4680 \Device\Harddisk1\DR1\Partition1 - ok
15:44:28.0221 4680 [ 5D350AE096185B67C4B8FC58DC584316 ] \Device\Harddisk1\DR1\Partition2
15:44:28.0268 4680 \Device\Harddisk1\DR1\Partition2 - ok
15:44:28.0268 4680 [ 2547A837D6726F89D2840A2E24A94B29 ] \Device\Harddisk0\DR0\Partition1
15:44:28.0268 4680 \Device\Harddisk0\DR0\Partition1 - ok
15:44:28.0268 4680 [ A024D63F01A1F8DD27C97CAA3D4C565F ] \Device\Harddisk2\DR2\Partition1
15:44:28.0268 4680 \Device\Harddisk2\DR2\Partition1 - ok
15:44:28.0268 4680 ============================================================
15:44:28.0268 4680 Scan finished
15:44:28.0268 4680 ============================================================
15:44:28.0284 3460 Detected object count: 5
15:44:28.0284 3460 Actual detected object count: 5
15:44:54.0242 3460 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:54.0242 3460 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:44:54.0242 3460 DpHost ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:54.0242 3460 DpHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:44:54.0242 3460 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:54.0242 3460 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:44:54.0242 3460 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:54.0242 3460 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:44:54.0258 3460 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:54.0258 3460 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
 Was muss ich noch machen ? |
|
07.05.2013, 15:01
| #6 |
| /// Malware-holic | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung Combofix: Scan mit Combofix
__________________ --> weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung |
|
07.05.2013, 16:00
| #7 |
| | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung Hallo, combofix hat nicht gemeckert. Zwischendurch wurde neu gebootet dabei gab es keine Probleme. Hier das Log Code:
ATTFilter ComboFix 13-05-07.02 - Yvonne 07.05.2013 16:16:28.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4062.2037 [GMT 2:00]
ausgeführt von:: c:\users\Yvonne\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-07 bis 2013-05-07 ))))))))))))))))))))))))))))))
.
.
2013-05-07 13:30 . 2013-05-07 13:30 -------- d-----w- C:\_OTL
2013-05-07 13:26 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01F97DD1-8C6F-43D4-9468-54F3D8E85C60}\mpengine.dll
2013-05-03 06:58 . 2013-03-03 19:13 1513320 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-15 09:58 . 2013-03-11 13:33 4691304 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-15 09:58 . 2013-03-09 04:16 85504 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-15 09:58 . 2013-03-09 01:48 75264 ----a-w- c:\windows\system32\smss.exe
2013-04-15 09:58 . 2013-03-05 01:57 2774016 ----a-w- c:\windows\system32\win32k.sys
2013-04-15 09:58 . 2013-03-08 04:18 451072 ----a-w- c:\windows\system32\winsrv.dll
2013-04-15 09:58 . 2013-03-08 04:17 2425344 ----a-w- c:\windows\system32\mstscax.dll
2013-04-15 09:58 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2010-02-20 17:23 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-17 09:01 . 2006-11-02 12:35 72702784 ----a-w- c:\windows\system32\mrt.exe
2013-03-22 10:28 . 2012-07-31 15:25 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-22 10:28 . 2011-07-18 17:40 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-22 10:27 . 2013-03-22 10:27 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-03-10 07:58 . 2013-03-10 07:59 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-10 07:58 . 2012-07-29 07:16 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-10 07:58 . 2011-07-18 15:25 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-18 07:22 . 2013-02-18 07:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2013-02-18 07:22 . 2013-02-18 07:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 07:22 . 2013-02-18 07:22 72552 ----a-w- c:\windows\system32\nvapo64v.dll
2013-02-18 07:22 . 2013-02-18 07:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 02:18 . 2013-03-21 12:22 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 13:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2008-04-30 22058792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 994856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [2009-03-02 89600]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 12:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-03 442368]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.160.1
FF - ProfilePath - c:\users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\g02mn3sg.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=3A9EB920-47B5-4982-AE4E-6B26E98992A5&apn_ptnrs=&apn_sauid=E3D82F8A-C253-4AFB-B0B8-0A300338AADA&apn_dtid=OSJ000&&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-07-18 17:47; otis@digitalpersona.com; c:\program files (x86)\DigitalPersona\Bin\FirefoxExt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files (x86)\AVerMedia\AVerMedia A309 (MiniCard
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-07 16:48:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-07 14:48
.
Vor Suchlauf: 9 Verzeichnis(se), 211.375.292.416 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 210.761.240.576 Bytes frei
.
- - End Of File - - 30AB52FBAF63ACA2EFFB121F4A1EDC83
|
|
07.05.2013, 16:35
| #8 |
| /// Malware-holic | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.05.2013, 17:53
| #9 |
| | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung Hallo, hier das malewarebytes log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.07.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Yvonne :: YVONNE-PC [Administrator] Schutz: Aktiviert 07.05.2013 17:45:51 mbam-log-2013-05-07 (17-45-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 394162 Laufzeit: 56 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\_OTL\MovedFiles.zip (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\05072013_151800\C_Users\Yvonne\AppData\Roaming\skype.dat (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
07.05.2013, 17:54
| #10 |
| /// Malware-holic | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung du musst nicht immer fragen, wie es weiter geht, ich werds dir auch so sagen... lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert ist, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.05.2013, 18:30
| #11 |
| | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung ok fertig ich habe sämtliche hp Programme ignoriert da sie zum Notebook gehören. Auch habe ich die Programme, die ich jetzt im laufe der desinfektion installiert habe nicht bezeichnet. Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 20.03.2013 11.6.602.180 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 21.03.2013 11.6.602.180 notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 07.05.2013 121MB 10.1.4 notwendig AVerMedia A309 (MiniCard, DVB-T) 1.0.64.46 AVerMedia TECHNOLOGIES, Inc. 20.07.2009 1,16MB 1.0.64.46 notwendig Avira Free Antivirus Avira 18.11.2012 82,4MB 12.1.9.1236 notwendig Brother MFL-Pro Suite MFC-J220 Brother Industries, Ltd. 24.01.2013 5,32MB 1.0.3.0 notwendig CCleaner Piriform 23.04.2013 11,3MB 4.01 Compatibility Pack für 2007 Office System Microsoft Corporation 09.02.2009 63,1MB 12.0.4518.1014 unbekannt CyberLink DVD Suite CyberLink Corp. 09.02.2009 16,6MB 6.0.2326 notwendig DigitalPersona Personal 4.11 DigitalPersona, Inc. 18.07.2011 79,4MB 4.11.3826 HP Active Support Library Hewlett-Packard 09.02.2009 20,5MB 3.1.9.1 HP Customer Experience Enhancements Hewlett-Packard 09.02.2009 0,98MB 5.7.0.2664 HP Help and Support Hewlett-Packard Company 09.02.2009 30,6MB 2.1.3.0 HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 HP 20.07.2009 53,2MB 6.0.1.6204 HP MediaSmart DVD Hewlett-Packard 20.07.2009 85,2MB 2.1.2328 HP MediaSmart Music/Photo/Video Hewlett-Packard 20.07.2009 222MB 2.1.2425 HP MediaSmart SmartMenu Hewlett-Packard 20.07.2009 11,8MB 2.1.7 HP MediaSmart TV Hewlett-Packard 20.07.2009 90,1MB 2.1.1219 HP MediaSmart Webcam Hewlett-Packard 20.07.2009 73,6MB 2.1.1208 HP Quick Launch Buttons 6.40 H2 Hewlett-Packard 09.02.2009 18,5MB 6.40 H2 HP Total Care Setup Hewlett-Packard Company 09.02.2009 1.1.2413.2876 HP Update Hewlett-Packard 05.04.2012 3,98MB 5.003.001.001 HP User Guides 0116 Hewlett-Packard 09.02.2009 132MB 1.03.0002 HP Wireless Assistant Hewlett-Packard 09.02.2009 4,22MB 3.00 K2 IDT Audio IDT 20.07.2009 32,0MB 1.0.6047.5 unbekannt Java 7 Update 17 Oracle 09.03.2013 129MB 7.0.170 notwendig Java(TM) 6 Update 7 Sun Microsystems, Inc. 09.02.2009 171MB 1.6.0.70 notwendig JMicron JMB38X Flash Media Controller Driver JMicron Technology Corp. 20.07.2009 1.00.20.07 unbekannt LabelPrint CyberLink Corp. 09.02.2009 241MB 2.5.1118 unbekannt Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 07.05.2013 13,4MB 1.75.0.1300 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 18.07.2011 42,1MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 19.02.2010 32,4MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 21.07.2011 189MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 21.07.2011 46,4MB 4.0.30319 unbekannt Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 09.02.2009 87,1MB 12.0.4518.1014 benötigt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Corporation 09.02.2009 782KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 18.07.2011 782KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 19.02.2010 590KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 18.07.2011 590KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 05.04.2012 11,1MB 10.0.40219 unbekannt Microsoft Works Microsoft Corporation 09.02.2009 378MB 9.7.0621 benötigt Mozilla Firefox 11.0 (x86 de) Mozilla 05.04.2012 35,9MB 11.0 benötigt Mozilla Thunderbird 11.0.1 (x86 de) Mozilla 05.04.2012 37,6MB 11.0.1 benötigt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 19.02.2010 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 19.02.2010 1,33MB 4.20.9876.0 unbekannt muvee Reveal muvee Technologies Pte Ltd 20.07.2009 154MB 7.0.35.7660 unbekannt My HP Games WildTangent 20.07.2009 204MB 1.0.0.62 unbekannt NVIDIA Drivers NVIDIA Corporation 21.07.2011 2,81GB benötigt NVIDIA HD-Audiotreiber 1.3.18.0 NVIDIA Corporation 07.05.2013 3,49MB 1.3.18.0 benötigt OpenOffice.org 3.3 OpenOffice.org 18.07.2011 408MB 3.3.9567 benötigt PhotoNow! CyberLink Corp. 20.07.2009 34,8MB 1.1.5615 benötigt Power2Go CyberLink Corp. 09.02.2009 178MB 6.0.2325 benötigt PowerDirector CyberLink Corp. 09.02.2009 529MB 7.0.2317 benötigt ProtectSmart Hard Drive Protection Hewlett-Packard 20.07.2009 3.10.1.7 unbekannt Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 20.07.2009 1,58MB 1.00.0000 benötigt Skype™ 3.8 Skype Technologies S.A. 18.07.2011 30,7MB 3.8.115 benötigt SPORE Creature Creator Trial Edition Electronic Arts 20.07.2009 1,85MB 1.00.0000 unbekannt Synaptics Pointing Device Driver Synaptics Incorporated 07.05.2013 14,9MB 15.3.29.0 unbekannt Validity Sensors software Validity Sensors, Inc. 20.07.2009 9,44MB 2.8.109 unbekannt Windows Live Messenger Microsoft Corporation 09.02.2009 29,0MB 8.1.0178.00 unbekannt Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) ENE 20.07.2009 09/04/2008 2.6.0.0 unbekannt |
|
07.05.2013, 18:33
| #12 |
| /// Malware-holic | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren Thunderbird ? Software für den einfachen Umgang mit E-Mails thunderbird updaten firefox updaten: Webbrowser Firefox auf Deutsch | Schneller, sicherer und anpassbar Skype™ Skype auf Ihren Computer herunterladen ? Mac, Windows, Linux*?*Skype ebenfalls updaten Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.05.2013, 19:41
| #13 |
| | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung So hier: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 07/05/2013 um 20:37:11 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Yvonne - YVONNE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Yvonne\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\g02mn3sg.default\searchplugins\Askcom.xml
Gelöscht mit Neustart : C:\ProgramData\Ask
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\g02mn3sg.default\prefs.js
|
|
07.05.2013, 20:51
| #14 |
| /// Malware-holic | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung Hi, HitmanPro - Download - Filepony lade bitte Hitmanpro. Doppelklicken, Scan, nichts löschen. Auf weiter, Log als xml exportieren und posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.05.2013, 21:39
| #15 |
| | weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung Hallo hier der log Code:
ATTFilter
srry war mir nicht ersichtlich das ich mit "weiter" lösche |
|
| Themen zu weißer Bildschirm, abgesicherter modus funktioniert nur mit eingabeaufforderung |
| adobe, antivir, autorun, avira, bho, bildschirm, defender, desktop, error, explorer, firefox, flash player, format, helper, home, install.exe, launch, logfile, plug-in, realtek, registry, rundll, scan, software, starten, svchost.exe, task-manager, vista |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
