|
Plagegeister aller Art und deren Bekämpfung: System Care Antivirus und SpyHunter 4. wie entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.06.2013, 10:07 | #1 |
| System Care Antivirus und SpyHunter 4. wie entfernen? Hallo, gestern ist beim Starten das Programm System Care Antivirus aufgetaucht. Als ich es als Trojaner erkannt habe, habe ich auf meinem Tablet nach Entfernungsmethoden gesucht bei Google. Leider habe ich auf ein YouTube Video gehört und habe Spyhunter 4 heruntergeladen. Danach habe ich festgestellt dass dies ja auch Malware ist. Wie kann ich beides wieder entfernen? Fliege morgen in die USA und brauche das Laptop ganz dringend. Danke schon Mal im Vorraus für die Hilfe. |
09.06.2013, 10:10 | #2 |
/// Malware-holic | System Care Antivirus und SpyHunter 4. wie entfernen? hi,
__________________starte den betroffenen pc in den abgesicherten Modus, geht bei neustart via f8, die nun folgenen Programme und logs von einem anderen pc kopieren, bzw auf diesen um uns dann die Logs zu posten. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
09.06.2013, 10:35 | #3 |
| System Care Antivirus und SpyHunter 4. wie entfernen? wo finde ich denn OTl.txt und Extra.txt?
__________________ |
09.06.2013, 10:37 | #4 |
/// Malware-holic | System Care Antivirus und SpyHunter 4. wie entfernen? werden entweder automatisch geöffnet oder halt mal die windows suche nutzen.b bzw sollten die auch im selben Ordner wie die otl.exe liegen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.06.2013, 10:43 | #5 |
| System Care Antivirus und SpyHunter 4. wie entfernen? OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.06.2013 11:31:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\userle\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 88,35% Memory free 6,99 Gb Paging File | 6,58 Gb Available in Paging File | 94,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 203,27 Gb Free Space | 43,65% Space Free | Partition Type: NTFS Computer Name: USERLE-PC | User Name: userle | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.09 11:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\userle\Desktop\OTL.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV - [2013.05.29 12:21:55 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.16 14:40:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.07 16:18:42 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2013.03.25 17:20:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.25 17:20:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.03.05 00:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.05.10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV) ========== Driver Services (SafeList) ========== DRV - [2013.06.08 21:28:06 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon) DRV - [2013.03.25 17:20:53 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.25 17:20:53 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.25 17:20:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.17 21:59:56 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013.02.17 21:34:30 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.07.03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem) DRV - [2012.07.03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag) DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner) DRV - [2012.03.02 16:03:00 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2012.03.02 16:03:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2012.03.02 16:03:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2011.05.06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2009.11.12 15:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2007.10.11 02:01:00 | 000,234,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM04Vid.sys -- (OEM04Vid) DRV - [2007.05.10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sthda.sys -- (STHDA) DRV - [2007.03.05 19:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM04Vfx.sys -- (OEM04Vfx) DRV - [2006.11.15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 99 FC 33 98 64 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Bf13b157f-b174-47e7-a34d-4815ddfdfeb8%7D:0.9.89 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\userle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.20 20:09:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.16 14:17:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.17 19:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userle\AppData\Roaming\mozilla\Extensions [2013.04.02 16:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userle\AppData\Roaming\mozilla\Firefox\Profiles\volklsg0.default\extensions [2013.04.02 16:21:54 | 000,210,138 | ---- | M] () (No name found) -- C:\Users\userle\AppData\Roaming\mozilla\firefox\profiles\volklsg0.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2013.05.29 12:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.29 12:21:56 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\userle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKCU..\Run: [Spotify] C:\Users\userle\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\userle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\RunOnce: [D62395553691AD1D0000D622BF38B359] C:\ProgramData\D62395553691AD1D0000D622BF38B359\D62395553691AD1D0000D622BF38B359.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7F9F026-08A5-4C67-AC9F-FE6597FE36BF}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e0b65b7d-9e11-11e2-8a9a-001fe2df87bb}\Shell - "" = AutoRun O33 - MountPoints2\{e0b65b7d-9e11-11e2-8a9a-001fe2df87bb}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 11:28:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\userle\Desktop\OTL.exe [2013.06.09 00:39:41 | 000,000,000 | ---D | C] -- C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.06.09 00:39:40 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.06.09 00:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.06.09 00:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.06.09 00:35:59 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\userle\Desktop\SpyHunter-Installer.exe [2013.06.08 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.06.08 16:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\D62395553691AD1D0000D622BF38B359 [2013.06.08 16:33:55 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.06.02 23:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\avisplit [2013.06.02 23:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVI Splitter [2013.06.01 14:10:01 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\System32\TubeFinder.exe [2013.06.01 14:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2013.06.01 14:10:00 | 000,000,000 | ---D | C] -- C:\Users\userle\AppData\Roaming\FreeFLVConverter [2013.06.01 14:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2013.05.29 12:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.17 13:41:11 | 000,000,000 | ---D | C] -- C:\Users\userle\Documents\StreamTransport [2013.05.17 13:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport [2013.05.17 13:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport [2013.05.16 14:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 11:31:44 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.09 11:31:44 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.09 11:31:44 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.09 11:31:44 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.09 11:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\userle\Desktop\OTL.exe [2013.06.09 11:26:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.09 11:26:08 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys [2013.06.09 04:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.09 04:27:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.09 04:27:14 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000UA.job [2013.06.09 00:39:42 | 000,002,248 | ---- | M] () -- C:\Users\userle\Desktop\SpyHunter.lnk [2013.06.09 00:36:00 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\userle\Desktop\SpyHunter-Installer.exe [2013.06.08 21:28:24 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 21:28:24 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 21:28:24 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job [2013.06.08 21:28:23 | 000,002,048 | ---- | M] () -- C:\Users\userle\Desktop\System Care Antivirus.lnk [2013.06.08 21:28:06 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys [2013.06.08 21:27:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.08 15:23:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000Core.job [2013.06.01 14:11:05 | 001,203,951 | ---- | M] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.flv [2013.06.01 14:11:05 | 000,001,638 | ---- | M] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.html [2013.06.01 14:10:01 | 000,001,079 | ---- | M] () -- C:\Users\userle\Desktop\Free FLV Converter.lnk [2013.05.17 13:51:58 | 103,767,332 | ---- | M] () -- C:\Users\userle\Documents\3sat.online - Mediathek Fragen an John Hattie.flv [2013.05.17 13:48:57 | 079,182,497 | ---- | M] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen.flv [2013.05.17 13:42:16 | 000,000,013 | ---- | M] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen_0.flv [2013.05.17 13:40:04 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\ StreamTransport.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.09 00:39:42 | 000,002,248 | ---- | C] () -- C:\Users\userle\Desktop\SpyHunter.lnk [2013.06.08 21:28:23 | 000,002,048 | ---- | C] () -- C:\Users\userle\Desktop\System Care Antivirus.lnk [2013.06.01 14:11:05 | 000,001,638 | ---- | C] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.html [2013.06.01 14:10:58 | 001,203,951 | ---- | C] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.flv [2013.06.01 14:10:08 | 000,001,145 | ---- | C] () -- C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk [2013.06.01 14:10:01 | 000,001,079 | ---- | C] () -- C:\Users\userle\Desktop\Free FLV Converter.lnk [2013.06.01 14:10:00 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx [2013.06.01 14:10:00 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb [2013.06.01 14:10:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx [2013.05.17 13:43:20 | 103,767,332 | ---- | C] () -- C:\Users\userle\Documents\3sat.online - Mediathek Fragen an John Hattie.flv [2013.05.17 13:42:16 | 000,000,013 | ---- | C] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen_0.flv [2013.05.17 13:41:30 | 079,182,497 | ---- | C] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen.flv [2013.05.17 13:40:04 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\ StreamTransport.lnk [2013.04.20 22:56:15 | 000,000,786 | ---- | C] () -- C:\Windows\FWDN_V7_CFG.ini [2013.04.07 20:01:30 | 000,017,408 | ---- | C] () -- C:\Users\userle\AppData\Local\WebpageIcons.db [2013.04.07 18:01:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2013.04.07 18:01:48 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2013.02.21 23:41:26 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2013.02.18 00:25:31 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys [2013.02.17 19:45:29 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2013.02.17 18:47:49 | 000,007,598 | ---- | C] () -- C:\Users\userle\AppData\Local\Resmon.ResmonCfg [2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys [2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.21 23:41:35 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Canneverbe Limited [2013.02.24 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Canon [2013.02.17 22:04:00 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\DAEMON Tools Lite [2013.02.20 20:10:15 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\DVDVideoSoft [2013.02.20 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\DVDVideoSoftIEHelpers [2013.06.01 14:10:09 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\FreeFLVConverter [2013.06.08 14:36:50 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\ICQ [2013.04.07 18:30:33 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\LG Electronics [2013.03.09 18:35:15 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\ManyCam [2013.02.21 23:41:17 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\OpenCandy [2013.06.08 21:28:17 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Spotify [2013.02.17 21:24:13 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Thunderbird [2013.06.05 19:46:40 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.02.17 18:16:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.05.31 20:42:30 | 000,000,000 | ---D | M] -- C:\Bilder [2013.02.18 00:55:44 | 000,000,000 | ---D | M] -- C:\Dell [2013.02.17 18:13:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.04.03 20:56:58 | 000,000,000 | ---D | M] -- C:\Filme [2013.04.07 18:33:53 | 000,000,000 | ---D | M] -- C:\LGMobileUpgrade [2013.04.07 18:11:41 | 000,000,000 | ---D | M] -- C:\LGP880 [2013.03.28 23:31:16 | 000,000,000 | ---D | M] -- C:\Musik [2013.04.03 12:36:47 | 000,000,000 | ---D | M] -- C:\Privat [2013.06.09 00:39:40 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.08 16:35:25 | 000,000,000 | -H-D | M] -- C:\ProgramData [2013.02.17 18:13:17 | 000,000,000 | -HSD | M] -- C:\Programme [2013.02.17 18:13:17 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.06.09 00:40:11 | 000,000,000 | ---D | M] -- C:\sh4ldr [2013.06.09 01:50:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.05.12 15:11:44 | 000,000,000 | ---D | M] -- C:\Uni [2013.02.17 21:25:22 | 000,000,000 | R--D | M] -- C:\Users [2013.06.09 11:26:08 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:53:46 | 000,032,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2013.02.18 00:25:36 | 000,000,388 | ---- | C] () -- C:\Windows\Tasks\SlimDrivers Startup.job [2013.03.26 21:49:22 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.03.31 14:29:55 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013.03.31 14:29:56 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013.04.24 15:18:20 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000Core.job [2013.04.24 15:18:21 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000UA.job < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\userle\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130217T222744686637\internal_ide_channel\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\userle\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130217T222744686637\pci\cc_010601\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\userle\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130217T222744686637\pci\ven_8086&dev_2850\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.06.09 11:41:01 | 001,572,864 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT [2013.06.09 11:41:01 | 000,262,144 | -HS- | M] () -- C:\Users\userle\ntuser.dat.LOG1 [2013.02.17 18:16:29 | 000,000,000 | -HS- | M] () -- C:\Users\userle\ntuser.dat.LOG2 [2013.02.17 18:16:29 | 000,065,536 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2013.02.17 18:16:29 | 000,524,288 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2013.02.17 18:16:29 | 000,524,288 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2013.02.17 18:16:29 | 000,000,020 | -HS- | M] () -- C:\Users\userle\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 11:31:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\userle\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 88,35% Memory free 6,99 Gb Paging File | 6,58 Gb Available in Paging File | 94,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 203,27 Gb Free Space | 43,65% Space Free | Partition Type: NTFS Computer Name: USERLE-PC | User Name: userle | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AntiVirusDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C57BBE1-FFEA-4C97-A71D-335C66F24BCD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0FE133CD-B13E-404C-8280-763C031E6B2F}" = lport=139 | protocol=6 | dir=in | app=system | "{1E8C4E26-BAF8-4AED-BF98-477211B26D01}" = lport=2869 | protocol=6 | dir=in | app=system | "{38EC1A9F-F8BD-48D9-AF98-24D986A529B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{488B4167-6AA4-471E-AE66-A56594C47299}" = lport=138 | protocol=17 | dir=in | app=system | "{5441954A-4A8A-475A-91C6-C91F32489768}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5D92FB1E-571E-4724-B351-D60187C7F87E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6691E6DF-9E87-4678-8741-B20D05A99AFE}" = lport=445 | protocol=6 | dir=in | app=system | "{74FE90DA-4245-4584-BEB8-0E8ABCD5579D}" = rport=445 | protocol=6 | dir=out | app=system | "{7B48221E-94FC-42CA-80F6-A1BF910C8E33}" = lport=10243 | protocol=6 | dir=in | app=system | "{81D01602-4221-4935-80A8-E74FFA180783}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{86B7327C-3929-448E-BFCC-3E9A832E3DCC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8AC9AFEC-7DD9-4188-9718-440000A367A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8C717F28-0C59-41AD-9446-888C37FE45FB}" = rport=139 | protocol=6 | dir=out | app=system | "{9004FE43-2622-4E93-856C-A42F072CC871}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A81E3D5B-B26D-4751-B951-6DE53FCD258A}" = rport=137 | protocol=17 | dir=out | app=system | "{AB4BE23D-DA34-4976-AA78-28D0CAE6EB07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C0F7F35C-0207-498B-AC63-D57ABFBA34FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CAF82307-47E6-4FD1-81E8-FF38259130F4}" = rport=10243 | protocol=6 | dir=out | app=system | "{CD08212D-280B-4CE8-BA70-31C73B0E4446}" = rport=138 | protocol=17 | dir=out | app=system | "{D076A6A4-3235-4217-A445-7E781C0E09DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D2E50543-BB5D-4B70-B8BF-8FF912165208}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E835CAE4-8149-4C5D-9D11-EC4C109C0C9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F740CB8D-A3DF-4456-A4BB-BE4D2EB569E2}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{016E6892-5C1C-45D5-B667-CA3F67409AFC}" = protocol=6 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | "{0E379AC4-F89B-45A6-90FC-DC2BD6D4BD24}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{13904566-7B9C-41CD-B00B-6AA20C49643D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{14A246A4-E235-4386-9263-DB6C19CB0B6D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{1967BCCA-D703-49F1-B7BD-5547A0A3A4FA}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | "{25A29EE0-2BA2-4F7B-AD4C-BD7D5518C5D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{33D8A9C9-5A1A-4A2E-9497-7083FEC7434A}" = dir=in | app=c:\users\userle\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{42A7C406-986F-43EF-B799-EA90D9242C6E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{44E4A6E3-18EE-4519-AB83-112373538A03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{46D2ADAD-FE25-4FD1-B488-F4D75491F346}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{472DB4B4-93A5-4F0F-94F2-E2A9A41B1A84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{488BCE4D-7FCE-446D-8232-8812B292DB8E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5016FE3C-5BF6-4D9A-AF6D-5ABEBB48A936}" = dir=in | app=c:\program files\itunes\itunes.exe | "{55101CD4-8266-486D-88CF-B8BB62B6911C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5E763E8D-B63E-4E1B-AC99-A4651B9A2FEE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6252FB75-54AB-4481-9969-DCBDBF8535C2}" = protocol=17 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | "{6CEF9417-767E-4692-AC4B-2B37ACEDA265}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{723406F7-3DD6-4264-B724-D9924BCC0C66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{79A25013-6405-4131-AD29-2409334CD26D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7BB1A49E-055B-4F56-B735-FD2AF200BC82}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | "{88DA1809-53A5-452E-B095-CCBBBB5D4513}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8DB44B1B-09CD-49BC-B025-7CC7B7E1431C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{9837E709-1AA8-45F2-959D-C8E4AC0EDBC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9BB01477-F696-494C-810C-C2F5277329C5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{9C813D11-6FE3-45BF-B509-11691FFB9F9C}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | "{9FB3C2E2-C4AB-42C3-8CD8-72BDD5E7AB75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A2C51D6B-5644-4E2A-9FB7-A9D186F43E54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B3D8EF61-651D-40FA-AE2B-4EE32BFE96BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C11BBFF1-7795-41D0-AC31-71D086B55E63}" = protocol=6 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | "{C79A0FE5-3D6A-4102-92EB-832F4E38A062}" = protocol=6 | dir=out | app=system | "{C7EA98DC-C06E-4AF7-B5D0-FBE423B0C603}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | "{E0E9F962-E777-477F-9442-DEDAA4F6F0CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E1B54B12-67B5-4070-AE4A-D3130754E7F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EFA65143-5F77-4B61-9DC6-F3F6097841ED}" = protocol=17 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | "TCP Query User{36E55486-5FA0-4FA4-B7D1-2C6605B3B1BB}C:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe | "TCP Query User{8B560051-C8F6-44E6-975C-D792162DEF4B}C:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe | "TCP Query User{AB451CD4-21A9-4E59-AFCB-77469E0CFE00}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | "UDP Query User{0B5A1D1A-8126-4A08-95A6-F19243E2088B}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | "UDP Query User{31BE56E9-16D0-4F6D-8B1E-D526E23AF578}C:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe | "UDP Query User{CC134129-402C-4CCB-92B6-1FBF732E4341}C:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C0508079-0000-4F68-A4DF-29C7ED7182C6}" = SlimDrivers "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E89498D8-1430-4A2B-A76A-4A71326981E9}" = SpyHunter "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVI Splitter_is1" = AVI Splitter "Avira AntiVir Desktop" = Avira Free Antivirus "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "COWON D3 Plenue Android Upgrade" = COWON D3 Plenue Android Upgrade "Creative OEM004" = Laptop Integrated Webcam Driver (1.03.01.1011) "DAEMON Tools Lite" = DAEMON Tools Lite "EB80D11E8D7946E220412AE1F2F19A1C5CD5FF7D" = Windows-Treiberpaket - Telechips Inc (vtcdrv) USB (05/07/2010 5.0.0.1) "Free FLV Converter_is1" = Free FLV Converter V 7.5.0 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "LG PC Suite" = LG PC Suite "ManyCam" = ManyCam 2.6.30 (remove only) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Moo0 VoiceRecorder" = Moo0 VoiceRecorder 1.32 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "VLC media player" = VLC media player 2.0.5 "WinRAR archiver" = WinRAR 4.20 (32-Bit) "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "9204f5692a8faf3b" = Dell System Detect "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.06.2013 07:38:50 | Computer Name = userle-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7316 Error - 02.06.2013 07:38:50 | Computer Name = userle-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7316 Error - 02.06.2013 15:03:58 | Computer Name = userle-PC | Source = STacSV | ID = 268435455 Description = Error - 03.06.2013 01:58:46 | Computer Name = userle-PC | Source = STacSV | ID = 268435455 Description = Error - 03.06.2013 02:21:36 | Computer Name = userle-PC | Source = STacSV | ID = 268435455 Description = Error - 03.06.2013 03:00:21 | Computer Name = userle-PC | Source = STacSV | ID = 268435455 Description = Error - 03.06.2013 03:23:05 | Computer Name = userle-PC | Source = Google Update | ID = 20 Description = Error - 03.06.2013 16:10:55 | Computer Name = userle-PC | Source = STacSV | ID = 268435455 Description = Error - 04.06.2013 07:19:45 | Computer Name = userle-PC | Source = STacSV | ID = 268435455 Description = Error - 05.06.2013 04:44:49 | Computer Name = userle-PC | Source = STacSV | ID = 268435455 Description = [ System Events ] Error - 20.04.2013 16:25:46 | Computer Name = userle-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 20.04.2013 16:25:48 | Computer Name = userle-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 20.04.2013 16:25:48 | Computer Name = userle-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 27.04.2013 16:51:06 | Computer Name = userle-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?27.?04.?2013 um 22:45:53 unerwartet heruntergefahren. Error - 09.05.2013 17:09:02 | Computer Name = userle-PC | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.1.2 mit dem Computer mit der Netzwerkhardwareadresse 94-44-44-07-DA-4F ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error - 03.06.2013 02:00:29 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth-Unterstützungsdienst erreicht. Error - 03.06.2013 02:00:29 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth-Unterstützungsdienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 03.06.2013 03:02:15 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 03.06.2013 03:02:18 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 03.06.2013 03:02:18 | Computer Name = userle-PC | Source = DCOM | ID = 10005 Description = < End of report > |
09.06.2013, 10:50 | #6 |
/// Malware-holic | System Care Antivirus und SpyHunter 4. wie entfernen? Hi, sehe schon in der ersten Zeile n Problem, fehlene Windows Updates! otl fix Fixen mit OTL
Code:
ATTFilter :OTL O4 - HKCU..\RunOnce: [D62395553691AD1D0000D622BF38B359] C:\ProgramData\D62395553691AD1D0000D622BF38B359\D62395553691AD1D0000D622BF38B359.exe () [2013.06.08 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.06.08 16:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\D62395553691AD1D0000D622BF38B359 [2013.06.08 21:28:23 | 000,002,048 | ---- | C] () -- C:\Users\userle\Desktop\System Care Antivirus.lnk :files :Commands [emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ --> System Care Antivirus und SpyHunter 4. wie entfernen? |
09.06.2013, 11:15 | #7 |
| System Care Antivirus und SpyHunter 4. wie entfernen? All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\D62395553691AD1D0000D622BF38B359 deleted successfully. C:\ProgramData\D62395553691AD1D0000D622BF38B359\D62395553691AD1D0000D622BF38B359.exe moved successfully. C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus folder moved successfully. Folder C:\ProgramData\D62395553691AD1D0000D622BF38B359\ not found. C:\Users\userle\Desktop\System Care Antivirus.lnk moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: userle ->Temp folder emptied: 631753708 bytes ->Temporary Internet Files folder emptied: 244530128 bytes ->Java cache emptied: 23978 bytes ->FireFox cache emptied: 392535419 bytes ->Flash cache emptied: 34255 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 180902 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 51735798 bytes RecycleBin emptied: 2974307826 bytes Total Files Cleaned = 4.096,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06092013_120622 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Upload hat funktioniert. Muss ich jetzt noch etwas machen? Oder ist alles entfernt? |
09.06.2013, 11:20 | #8 |
/// Malware-holic | System Care Antivirus und SpyHunter 4. wie entfernen? Hi weiter gehts: Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.06.2013, 11:35 | #9 |
| System Care Antivirus und SpyHunter 4. wie entfernen? 12:31:46.0396 5784 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 12:31:46.0543 5784 ============================================================ 12:31:46.0543 5784 Current date / time: 2013/06/09 12:31:46.0543 12:31:46.0543 5784 SystemInfo: 12:31:46.0543 5784 12:31:46.0543 5784 OS Version: 6.1.7600 ServicePack: 0.0 12:31:46.0543 5784 Product type: Workstation 12:31:46.0543 5784 ComputerName: USERLE-PC 12:31:46.0543 5784 UserName: userle 12:31:46.0543 5784 Windows directory: C:\Windows 12:31:46.0543 5784 System windows directory: C:\Windows 12:31:46.0544 5784 Processor architecture: Intel x86 12:31:46.0544 5784 Number of processors: 2 12:31:46.0544 5784 Page size: 0x1000 12:31:46.0544 5784 Boot type: Normal boot 12:31:46.0544 5784 ============================================================ 12:31:49.0825 5784 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:31:49.0826 5784 ============================================================ 12:31:49.0826 5784 \Device\Harddisk0\DR0: 12:31:49.0827 5784 MBR partitions: 12:31:49.0827 5784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 12:31:49.0827 5784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000 12:31:49.0827 5784 ============================================================ 12:31:49.0840 5784 C: <-> \Device\Harddisk0\DR0\Partition2 12:31:49.0841 5784 ============================================================ 12:31:49.0841 5784 Initialize success 12:31:49.0841 5784 ============================================================ 12:32:42.0881 4812 ============================================================ 12:32:42.0881 4812 Scan started 12:32:42.0881 4812 Mode: Manual; SigCheck; TDLFS; 12:32:42.0881 4812 ============================================================ 12:32:54.0722 4812 ================ Scan system memory ======================== 12:32:54.0722 4812 System memory - ok 12:32:54.0722 4812 ================ Scan services ============================= 12:32:55.0493 4812 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 12:32:55.0904 4812 1394ohci - ok 12:32:55.0993 4812 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\drivers\ACPI.sys 12:32:56.0015 4812 ACPI - ok 12:32:56.0069 4812 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 12:32:56.0242 4812 AcpiPmi - ok 12:32:56.0434 4812 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 12:32:56.0447 4812 AdobeARMservice - ok 12:32:56.0531 4812 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 12:32:56.0547 4812 AdobeFlashPlayerUpdateSvc - ok 12:32:56.0652 4812 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 12:32:56.0674 4812 adp94xx - ok 12:32:56.0816 4812 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 12:32:56.0839 4812 adpahci - ok 12:32:57.0080 4812 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 12:32:57.0095 4812 adpu320 - ok 12:32:57.0303 4812 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 12:32:57.0389 4812 AeLookupSvc - ok 12:32:57.0526 4812 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys 12:32:57.0580 4812 AFD - ok 12:32:57.0634 4812 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 12:32:57.0648 4812 agp440 - ok 12:32:58.0123 4812 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 12:32:58.0191 4812 aic78xx - ok 12:32:58.0356 4812 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 12:32:58.0432 4812 ALG - ok 12:32:58.0552 4812 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 12:32:58.0567 4812 aliide - ok 12:32:58.0642 4812 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 12:32:58.0655 4812 amdagp - ok 12:32:58.0669 4812 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 12:32:58.0681 4812 amdide - ok 12:32:58.0724 4812 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 12:32:58.0750 4812 AmdK8 - ok 12:32:58.0754 4812 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 12:32:58.0805 4812 AmdPPM - ok 12:32:58.0939 4812 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys 12:32:58.0952 4812 amdsata - ok 12:32:59.0047 4812 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 12:32:59.0061 4812 amdsbs - ok 12:32:59.0151 4812 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys 12:32:59.0163 4812 amdxata - ok 12:32:59.0232 4812 [ 39E58CE46F87D039994F20B4295887CC ] AndNetDiag C:\Windows\system32\DRIVERS\lgandnetdiag.sys 12:32:59.0292 4812 AndNetDiag - ok 12:32:59.0311 4812 [ 2D9231585B67DC7432D135F1EA305655 ] ANDNetModem C:\Windows\system32\DRIVERS\lgandnetmodem.sys 12:32:59.0424 4812 ANDNetModem - ok 12:32:59.0630 4812 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 12:32:59.0670 4812 AntiVirSchedulerService - ok 12:32:59.0776 4812 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 12:32:59.0786 4812 AntiVirService - ok 12:32:59.0987 4812 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys 12:33:00.0090 4812 AppID - ok 12:33:00.0179 4812 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 12:33:00.0427 4812 AppIDSvc - ok 12:33:00.0612 4812 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll 12:33:00.0722 4812 Appinfo - ok 12:33:00.0879 4812 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:33:00.0889 4812 Apple Mobile Device - ok 12:33:00.0948 4812 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 12:33:01.0045 4812 AppMgmt - ok 12:33:01.0211 4812 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 12:33:01.0224 4812 arc - ok 12:33:01.0246 4812 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 12:33:01.0262 4812 arcsas - ok 12:33:01.0342 4812 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 12:33:01.0375 4812 AsyncMac - ok 12:33:01.0401 4812 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 12:33:01.0414 4812 atapi - ok 12:33:01.0531 4812 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 12:33:01.0618 4812 AudioEndpointBuilder - ok 12:33:01.0653 4812 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll 12:33:01.0693 4812 Audiosrv - ok 12:33:01.0735 4812 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 12:33:01.0788 4812 avgntflt - ok 12:33:01.0868 4812 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 12:33:01.0883 4812 avipbb - ok 12:33:01.0924 4812 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 12:33:01.0935 4812 avkmgr - ok 12:33:02.0050 4812 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll 12:33:02.0159 4812 AxInstSV - ok 12:33:02.0220 4812 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 12:33:02.0354 4812 b06bdrv - ok 12:33:02.0416 4812 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 12:33:02.0443 4812 b57nd60x - ok 12:33:02.0556 4812 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 12:33:02.0670 4812 BDESVC - ok 12:33:02.0842 4812 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 12:33:02.0888 4812 Beep - ok 12:33:02.0998 4812 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll 12:33:03.0077 4812 BFE - ok 12:33:03.0145 4812 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll 12:33:03.0276 4812 BITS - ok 12:33:03.0295 4812 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 12:33:03.0340 4812 blbdrive - ok 12:33:03.0477 4812 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 12:33:03.0492 4812 Bonjour Service - ok 12:33:03.0556 4812 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 12:33:03.0617 4812 bowser - ok 12:33:03.0651 4812 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:33:03.0729 4812 BrFiltLo - ok 12:33:03.0734 4812 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:33:03.0810 4812 BrFiltUp - ok 12:33:03.0907 4812 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll 12:33:04.0107 4812 Browser - ok 12:33:04.0237 4812 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 12:33:04.0380 4812 Brserid - ok 12:33:04.0417 4812 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 12:33:04.0518 4812 BrSerWdm - ok 12:33:04.0538 4812 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 12:33:04.0563 4812 BrUsbMdm - ok 12:33:04.0578 4812 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 12:33:04.0616 4812 BrUsbSer - ok 12:33:04.0735 4812 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 12:33:04.0762 4812 BthEnum - ok 12:33:04.0808 4812 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 12:33:04.0835 4812 BTHMODEM - ok 12:33:04.0890 4812 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 12:33:04.0952 4812 BthPan - ok 12:33:05.0011 4812 [ 4A34888E13224678DD062466AFEC4240 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 12:33:05.0052 4812 BTHPORT - ok 12:33:05.0102 4812 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 12:33:05.0134 4812 bthserv - ok 12:33:05.0172 4812 [ FA04C63916FA221DBB91FCE153D07A55 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 12:33:05.0254 4812 BTHUSB - ok 12:33:05.0320 4812 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 12:33:05.0356 4812 cdfs - ok 12:33:05.0424 4812 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 12:33:05.0483 4812 cdrom - ok 12:33:05.0628 4812 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll 12:33:05.0799 4812 CertPropSvc - ok 12:33:05.0946 4812 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 12:33:05.0985 4812 circlass - ok 12:33:06.0013 4812 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 12:33:06.0029 4812 CLFS - ok 12:33:06.0254 4812 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:33:06.0265 4812 clr_optimization_v2.0.50727_32 - ok 12:33:06.0466 4812 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:33:06.0477 4812 clr_optimization_v4.0.30319_32 - ok 12:33:06.0513 4812 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 12:33:06.0577 4812 CmBatt - ok 12:33:06.0623 4812 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 12:33:06.0636 4812 cmdide - ok 12:33:06.0664 4812 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys 12:33:06.0703 4812 CNG - ok 12:33:06.0800 4812 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 12:33:06.0812 4812 Compbatt - ok 12:33:06.0905 4812 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 12:33:06.0919 4812 CompositeBus - ok 12:33:06.0937 4812 COMSysApp - ok 12:33:06.0949 4812 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 12:33:06.0960 4812 crcdisk - ok 12:33:07.0046 4812 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll 12:33:07.0227 4812 CryptSvc - ok 12:33:07.0276 4812 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys 12:33:07.0350 4812 CSC - ok 12:33:07.0450 4812 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll 12:33:07.0489 4812 CscService - ok 12:33:07.0580 4812 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll 12:33:07.0635 4812 DcomLaunch - ok 12:33:07.0686 4812 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 12:33:07.0808 4812 defragsvc - ok 12:33:07.0919 4812 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 12:33:07.0957 4812 DfsC - ok 12:33:08.0078 4812 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll 12:33:08.0213 4812 Dhcp - ok 12:33:08.0247 4812 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 12:33:08.0290 4812 discache - ok 12:33:08.0338 4812 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 12:33:08.0349 4812 Disk - ok 12:33:08.0450 4812 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll 12:33:08.0563 4812 Dnscache - ok 12:33:08.0604 4812 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll 12:33:08.0645 4812 dot3svc - ok 12:33:08.0658 4812 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll 12:33:08.0728 4812 DPS - ok 12:33:08.0829 4812 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 12:33:08.0895 4812 drmkaud - ok 12:33:08.0929 4812 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 12:33:08.0942 4812 dtsoftbus01 - ok 12:33:09.0026 4812 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 12:33:09.0087 4812 DXGKrnl - ok 12:33:09.0185 4812 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 12:33:09.0203 4812 E1G60 - ok 12:33:09.0363 4812 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 12:33:09.0528 4812 EapHost - ok 12:33:09.0655 4812 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 12:33:09.0794 4812 ebdrv - ok 12:33:10.0013 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe 12:33:10.0104 4812 EFS - ok 12:33:10.0218 4812 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe 12:33:10.0324 4812 ehRecvr - ok 12:33:10.0443 4812 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 12:33:10.0504 4812 ehSched - ok 12:33:10.0549 4812 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 12:33:10.0568 4812 elxstor - ok 12:33:10.0582 4812 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 12:33:10.0624 4812 ErrDev - ok 12:33:10.0858 4812 [ 2407B8164E966755BC6A4242FC9DE31E ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 12:33:10.0867 4812 esgiguard - ok 12:33:11.0127 4812 [ 01CE484FF6D70A39479BC6D619DE7ED6 ] EsgScanner C:\Windows\system32\DRIVERS\EsgScanner.sys 12:33:11.0147 4812 EsgScanner - ok 12:33:11.0257 4812 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 12:33:11.0287 4812 EventSystem - ok 12:33:11.0316 4812 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 12:33:11.0401 4812 exfat - ok 12:33:11.0487 4812 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 12:33:11.0524 4812 fastfat - ok 12:33:11.0582 4812 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe 12:33:11.0705 4812 Fax - ok 12:33:11.0723 4812 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 12:33:11.0748 4812 fdc - ok 12:33:11.0752 4812 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 12:33:11.0788 4812 fdPHost - ok 12:33:11.0797 4812 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 12:33:11.0842 4812 FDResPub - ok 12:33:11.0881 4812 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:33:11.0893 4812 FileInfo - ok 12:33:11.0922 4812 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:33:11.0962 4812 Filetrace - ok 12:33:12.0036 4812 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 12:33:12.0110 4812 flpydisk - ok 12:33:12.0150 4812 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:33:12.0164 4812 FltMgr - ok 12:33:12.0216 4812 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll 12:33:12.0304 4812 FontCache - ok 12:33:12.0470 4812 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 12:33:12.0480 4812 FontCache3.0.0.0 - ok 12:33:12.0504 4812 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 12:33:12.0516 4812 FsDepends - ok 12:33:12.0547 4812 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:33:12.0559 4812 Fs_Rec - ok 12:33:12.0598 4812 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 12:33:12.0614 4812 fvevol - ok 12:33:12.0654 4812 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 12:33:12.0666 4812 gagp30kx - ok 12:33:12.0702 4812 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 12:33:12.0710 4812 GEARAspiWDM - ok 12:33:12.0749 4812 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll 12:33:12.0812 4812 gpsvc - ok 12:33:12.0956 4812 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 12:33:12.0965 4812 gupdate - ok 12:33:12.0970 4812 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 12:33:12.0981 4812 gupdatem - ok 12:33:13.0074 4812 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 12:33:13.0125 4812 hcw85cir - ok 12:33:13.0234 4812 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 12:33:13.0267 4812 HdAudAddService - ok 12:33:13.0349 4812 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 12:33:13.0383 4812 HDAudBus - ok 12:33:13.0411 4812 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 12:33:13.0431 4812 HidBatt - ok 12:33:13.0437 4812 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 12:33:13.0493 4812 HidBth - ok 12:33:13.0527 4812 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 12:33:13.0554 4812 HidIr - ok 12:33:13.0580 4812 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 12:33:13.0619 4812 hidserv - ok 12:33:13.0643 4812 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 12:33:13.0669 4812 HidUsb - ok 12:33:13.0731 4812 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:33:13.0771 4812 hkmsvc - ok 12:33:13.0789 4812 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 12:33:13.0833 4812 HomeGroupListener - ok 12:33:13.0906 4812 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 12:33:13.0950 4812 HomeGroupProvider - ok 12:33:14.0002 4812 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 12:33:14.0014 4812 HpSAMD - ok 12:33:14.0059 4812 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:33:14.0145 4812 HTTP - ok 12:33:14.0157 4812 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 12:33:14.0169 4812 hwpolicy - ok 12:33:14.0227 4812 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 12:33:14.0294 4812 i8042prt - ok 12:33:14.0358 4812 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 12:33:14.0375 4812 iaStorV - ok 12:33:14.0504 4812 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:33:14.0543 4812 idsvc - ok 12:33:14.0599 4812 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 12:33:14.0611 4812 iirsp - ok 12:33:14.0739 4812 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll 12:33:14.0897 4812 IKEEXT - ok 12:33:14.0970 4812 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 12:33:14.0982 4812 intelide - ok 12:33:15.0079 4812 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 12:33:15.0092 4812 intelppm - ok 12:33:15.0140 4812 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:33:15.0179 4812 IPBusEnum - ok 12:33:15.0207 4812 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:33:15.0264 4812 IpFilterDriver - ok 12:33:15.0413 4812 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 12:33:15.0568 4812 iphlpsvc - ok 12:33:15.0646 4812 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 12:33:15.0658 4812 IPMIDRV - ok 12:33:15.0699 4812 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 12:33:15.0740 4812 IPNAT - ok 12:33:15.0805 4812 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 12:33:15.0823 4812 iPod Service - ok 12:33:15.0894 4812 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:33:15.0910 4812 IRENUM - ok 12:33:15.0996 4812 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:33:16.0008 4812 isapnp - ok 12:33:16.0048 4812 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 12:33:16.0062 4812 iScsiPrt - ok 12:33:16.0156 4812 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 12:33:16.0168 4812 kbdclass - ok 12:33:16.0548 4812 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 12:33:16.0636 4812 kbdhid - ok 12:33:16.0657 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe 12:33:16.0670 4812 KeyIso - ok 12:33:16.0864 4812 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:33:16.0877 4812 KSecDD - ok 12:33:17.0025 4812 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 12:33:17.0056 4812 KSecPkg - ok 12:33:17.0122 4812 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 12:33:17.0189 4812 KtmRm - ok 12:33:17.0307 4812 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll 12:33:17.0432 4812 LanmanServer - ok 12:33:17.0471 4812 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 12:33:17.0503 4812 LanmanWorkstation - ok 12:33:17.0584 4812 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:33:17.0610 4812 lltdio - ok 12:33:17.0702 4812 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:33:17.0770 4812 lltdsvc - ok 12:33:17.0831 4812 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 12:33:17.0872 4812 lmhosts - ok 12:33:18.0062 4812 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 12:33:18.0075 4812 LSI_FC - ok 12:33:18.0276 4812 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 12:33:18.0289 4812 LSI_SAS - ok 12:33:18.0307 4812 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:33:18.0319 4812 LSI_SAS2 - ok 12:33:18.0325 4812 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:33:18.0338 4812 LSI_SCSI - ok 12:33:18.0377 4812 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 12:33:18.0426 4812 luafv - ok 12:33:18.0499 4812 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 12:33:18.0544 4812 Mcx2Svc - ok 12:33:18.0634 4812 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 12:33:18.0645 4812 megasas - ok 12:33:18.0981 4812 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 12:33:18.0996 4812 MegaSR - ok 12:33:19.0070 4812 Microsoft SharePoint Workspace Audit Service - ok 12:33:19.0270 4812 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 12:33:19.0297 4812 MMCSS - ok 12:33:19.0361 4812 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 12:33:19.0405 4812 Modem - ok 12:33:19.0450 4812 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:33:19.0599 4812 monitor - ok 12:33:19.0661 4812 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 12:33:19.0675 4812 mouclass - ok 12:33:19.0749 4812 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:33:19.0769 4812 mouhid - ok 12:33:20.0107 4812 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 12:33:20.0122 4812 mountmgr - ok 12:33:20.0406 4812 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 12:33:20.0418 4812 MozillaMaintenance - ok 12:33:20.0633 4812 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\drivers\mpio.sys 12:33:20.0660 4812 mpio - ok 12:33:20.0792 4812 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:33:20.0848 4812 mpsdrv - ok 12:33:21.0024 4812 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll 12:33:21.0354 4812 MpsSvc - ok 12:33:21.0380 4812 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:33:21.0404 4812 MRxDAV - ok 12:33:21.0463 4812 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:33:21.0492 4812 mrxsmb - ok 12:33:21.0752 4812 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:33:21.0766 4812 mrxsmb10 - ok 12:33:21.0815 4812 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:33:21.0828 4812 mrxsmb20 - ok 12:33:21.0983 4812 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys 12:33:21.0996 4812 msahci - ok 12:33:22.0034 4812 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:33:22.0067 4812 msdsm - ok 12:33:22.0217 4812 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 12:33:22.0277 4812 MSDTC - ok 12:33:22.0337 4812 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:33:22.0363 4812 Msfs - ok 12:33:22.0458 4812 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 12:33:22.0628 4812 mshidkmdf - ok 12:33:22.0846 4812 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:33:22.0857 4812 msisadrv - ok 12:33:23.0129 4812 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:33:23.0172 4812 MSiSCSI - ok 12:33:23.0181 4812 msiserver - ok 12:33:23.0328 4812 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:33:24.0153 4812 MSKSSRV - ok 12:33:24.0168 4812 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:33:24.0214 4812 MSPCLOCK - ok 12:33:24.0349 4812 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:33:24.0400 4812 MSPQM - ok 12:33:24.0499 4812 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:33:24.0515 4812 MsRPC - ok 12:33:24.0613 4812 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 12:33:24.0625 4812 mssmbios - ok 12:33:24.0694 4812 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:33:24.0719 4812 MSTEE - ok 12:33:24.0746 4812 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 12:33:24.0772 4812 MTConfig - ok 12:33:24.0816 4812 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 12:33:24.0828 4812 Mup - ok 12:33:24.0874 4812 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll 12:33:25.0052 4812 napagent - ok 12:33:25.0499 4812 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 12:33:25.0523 4812 NativeWifiP - ok 12:33:25.0644 4812 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys 12:33:25.0668 4812 NDIS - ok 12:33:25.0717 4812 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 12:33:25.0808 4812 NdisCap - ok 12:33:25.0851 4812 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 12:33:25.0885 4812 NdisTapi - ok 12:33:25.0956 4812 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 12:33:25.0984 4812 Ndisuio - ok 12:33:26.0097 4812 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 12:33:26.0130 4812 NdisWan - ok 12:33:26.0238 4812 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 12:33:26.0270 4812 NDProxy - ok 12:33:26.0407 4812 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 12:33:26.0446 4812 NetBIOS - ok 12:33:26.0669 4812 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 12:33:26.0757 4812 NetBT - ok 12:33:26.0980 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe 12:33:26.0993 4812 Netlogon - ok 12:33:27.0496 4812 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 12:33:27.0612 4812 Netman - ok 12:33:27.0746 4812 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 12:33:27.0806 4812 netprofm - ok 12:33:27.0873 4812 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:33:27.0883 4812 NetTcpPortSharing - ok 12:33:27.0979 4812 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys 12:33:28.0249 4812 netw5v32 - ok 12:33:28.0635 4812 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 12:33:28.0649 4812 nfrd960 - ok 12:33:28.0936 4812 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll 12:33:29.0044 4812 NlaSvc - ok 12:33:29.0139 4812 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe 12:33:29.0210 4812 NMSAccess - ok 12:33:29.0321 4812 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 12:33:29.0362 4812 Npfs - ok 12:33:29.0467 4812 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 12:33:29.0495 4812 nsi - ok 12:33:29.0623 4812 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 12:33:29.0690 4812 nsiproxy - ok 12:33:29.0827 4812 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 12:33:29.0884 4812 Ntfs - ok 12:33:29.0962 4812 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 12:33:30.0033 4812 Null - ok 12:33:30.0603 4812 [ 2FA5434344AF84D73F66BA402FF78690 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 12:33:30.0906 4812 nvlddmkm - ok 12:33:31.0004 4812 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys 12:33:31.0017 4812 nvraid - ok 12:33:31.0219 4812 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys 12:33:31.0236 4812 nvstor - ok 12:33:31.0463 4812 [ B785320CBCF5021DE9945C803696C511 ] nvsvc C:\Windows\system32\nvvsvc.exe 12:33:31.0500 4812 nvsvc - ok 12:33:31.0652 4812 [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 12:33:31.0695 4812 nvUpdatusService - ok 12:33:31.0814 4812 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 12:33:31.0827 4812 nv_agp - ok 12:33:31.0889 4812 [ 86326062A90494BDD79CE383511D7D69 ] OEM04Vfx C:\Windows\system32\DRIVERS\OEM04Vfx.sys 12:33:31.0908 4812 OEM04Vfx - ok 12:33:32.0099 4812 [ 40E9BFD9F64DFB32C1EAFBAA0576C55D ] OEM04Vid C:\Windows\system32\DRIVERS\OEM04Vid.sys 12:33:32.0121 4812 OEM04Vid - ok 12:33:32.0299 4812 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 12:33:32.0336 4812 ohci1394 - ok 12:33:32.0688 4812 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:33:32.0699 4812 ose - ok 12:33:33.0040 4812 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 12:33:33.0197 4812 osppsvc - ok 12:33:33.0282 4812 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 12:33:33.0392 4812 p2pimsvc - ok 12:33:33.0413 4812 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 12:33:33.0431 4812 p2psvc - ok 12:33:33.0471 4812 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 12:33:33.0492 4812 Parport - ok 12:33:33.0600 4812 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys 12:33:33.0612 4812 partmgr - ok 12:33:33.0782 4812 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 12:33:33.0810 4812 Parvdm - ok 12:33:34.0109 4812 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 12:33:34.0141 4812 PcaSvc - ok 12:33:34.0193 4812 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\drivers\pci.sys 12:33:34.0206 4812 pci - ok 12:33:34.0418 4812 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 12:33:34.0430 4812 pciide - ok 12:33:34.0703 4812 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 12:33:34.0723 4812 pcmcia - ok 12:33:34.0893 4812 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 12:33:34.0906 4812 pcw - ok 12:33:35.0019 4812 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 12:33:35.0112 4812 PEAUTH - ok 12:33:35.0312 4812 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 12:33:35.0403 4812 PeerDistSvc - ok 12:33:35.0546 4812 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll 12:33:35.0675 4812 pla - ok 12:33:35.0738 4812 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 12:33:35.0809 4812 PlugPlay - ok 12:33:35.0844 4812 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 12:33:35.0869 4812 PNRPAutoReg - ok 12:33:35.0904 4812 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 12:33:35.0919 4812 PNRPsvc - ok 12:33:35.0953 4812 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 12:33:36.0238 4812 PolicyAgent - ok 12:33:36.0397 4812 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll 12:33:36.0425 4812 Power - ok 12:33:36.0666 4812 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 12:33:36.0766 4812 PptpMiniport - ok 12:33:36.0912 4812 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 12:33:36.0941 4812 Processor - ok 12:33:37.0271 4812 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll 12:33:37.0356 4812 ProfSvc - ok 12:33:37.0457 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe 12:33:37.0481 4812 ProtectedStorage - ok 12:33:37.0755 4812 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 12:33:37.0790 4812 Psched - ok 12:33:37.0933 4812 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 12:33:38.0005 4812 ql2300 - ok 12:33:38.0084 4812 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 12:33:38.0096 4812 ql40xx - ok 12:33:38.0141 4812 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 12:33:38.0312 4812 QWAVE - ok 12:33:38.0355 4812 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 12:33:38.0369 4812 QWAVEdrv - ok 12:33:38.0505 4812 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 12:33:38.0538 4812 RasAcd - ok 12:33:38.0986 4812 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 12:33:39.0033 4812 RasAgileVpn - ok 12:33:39.0542 4812 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 12:33:39.0575 4812 RasAuto - ok 12:33:39.0955 4812 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 12:33:40.0014 4812 Rasl2tp - ok 12:33:40.0327 4812 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll 12:33:40.0362 4812 RasMan - ok 12:33:40.0527 4812 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 12:33:40.0564 4812 RasPppoe - ok 12:33:40.0662 4812 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 12:33:40.0688 4812 RasSstp - ok 12:33:41.0221 4812 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 12:33:41.0311 4812 rdbss - ok 12:33:41.0483 4812 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 12:33:41.0514 4812 rdpbus - ok 12:33:41.0531 4812 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 12:33:41.0556 4812 RDPCDD - ok 12:33:41.0588 4812 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 12:33:41.0631 4812 RDPDR - ok 12:33:41.0748 4812 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 12:33:41.0785 4812 RDPENCDD - ok 12:33:41.0957 4812 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 12:33:41.0986 4812 RDPREFMP - ok 12:33:42.0177 4812 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 12:33:42.0225 4812 RDPWD - ok 12:33:42.0330 4812 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 12:33:42.0344 4812 rdyboost - ok 12:33:42.0521 4812 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 12:33:42.0556 4812 RemoteAccess - ok 12:33:42.0587 4812 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 12:33:42.0619 4812 RemoteRegistry - ok 12:33:42.0723 4812 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 12:33:43.0093 4812 RFCOMM - ok 12:33:43.0157 4812 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys 12:33:43.0302 4812 rimmptsk - ok 12:33:43.0466 4812 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys 12:33:43.0506 4812 rimsptsk - ok 12:33:43.0511 4812 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys 12:33:43.0948 4812 rismxdp - ok 12:33:44.0020 4812 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 12:33:44.0059 4812 RpcEptMapper - ok 12:33:44.0296 4812 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 12:33:44.0317 4812 RpcLocator - ok 12:33:44.0681 4812 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll 12:33:44.0712 4812 RpcSs - ok 12:33:45.0413 4812 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 12:33:45.0451 4812 rspndr - ok 12:33:45.0608 4812 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 12:33:45.0640 4812 s3cap - ok 12:33:45.0757 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe 12:33:45.0770 4812 SamSs - ok 12:33:45.0859 4812 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 12:33:45.0871 4812 sbp2port - ok 12:33:45.0950 4812 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 12:33:45.0990 4812 SCardSvr - ok 12:33:46.0178 4812 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 12:33:46.0212 4812 scfilter - ok 12:33:46.0294 4812 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll 12:33:46.0560 4812 Schedule - ok 12:33:46.0640 4812 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll 12:33:46.0669 4812 SCPolicySvc - ok 12:33:46.0706 4812 [ AA826E35F6D28A8E5D1EFEB337F24BA2 ] sdbus C:\Windows\system32\drivers\sdbus.sys 12:33:46.0731 4812 sdbus - ok 12:33:47.0120 4812 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll 12:33:47.0211 4812 SDRSVC - ok 12:33:47.0265 4812 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 12:33:47.0304 4812 secdrv - ok 12:33:47.0457 4812 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 12:33:47.0671 4812 seclogon - ok 12:33:47.0754 4812 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 12:33:47.0836 4812 SENS - ok 12:33:48.0080 4812 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 12:33:48.0118 4812 SensrSvc - ok 12:33:48.0194 4812 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 12:33:48.0207 4812 Serenum - ok 12:33:48.0255 4812 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 12:33:48.0269 4812 Serial - ok 12:33:48.0666 4812 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 12:33:48.0687 4812 sermouse - ok 12:33:49.0140 4812 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll 12:33:49.0179 4812 SessionEnv - ok 12:33:49.0408 4812 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 12:33:49.0655 4812 sffdisk - ok 12:33:49.0722 4812 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 12:33:49.0749 4812 sffp_mmc - ok 12:33:50.0023 4812 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 12:33:50.0442 4812 sffp_sd - ok 12:33:50.0461 4812 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 12:33:50.0503 4812 sfloppy - ok 12:33:50.0537 4812 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 12:33:50.0566 4812 SharedAccess - ok 12:33:51.0459 4812 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 12:33:51.0537 4812 ShellHWDetection - ok 12:33:51.0720 4812 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 12:33:51.0733 4812 sisagp - ok 12:33:52.0173 4812 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:33:52.0185 4812 SiSRaid2 - ok 12:33:52.0220 4812 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 12:33:52.0236 4812 SiSRaid4 - ok 12:33:52.0639 4812 [ 2F5AF9D91D51E832773D4A9EAF65CB33 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 12:33:52.0650 4812 SkypeUpdate - ok 12:33:52.0795 4812 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 12:33:52.0846 4812 Smb - ok 12:33:53.0037 4812 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 12:33:53.0099 4812 SNMPTRAP - ok 12:33:53.0337 4812 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 12:33:53.0418 4812 spldr - ok 12:33:53.0651 4812 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe 12:33:53.0709 4812 Spooler - ok 12:33:53.0832 4812 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe 12:33:53.0932 4812 sppsvc - ok 12:33:54.0016 4812 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll 12:33:54.0054 4812 sppuinotify - ok 12:33:54.0195 4812 [ 85CD5B92052C3D285CC91244C593A1AC ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE 12:33:54.0229 4812 SpyHunter 4 Service - ok 12:33:54.0263 4812 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys 12:33:54.0323 4812 srv - ok 12:33:54.0414 4812 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 12:33:54.0456 4812 srv2 - ok 12:33:54.0516 4812 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 12:33:54.0541 4812 srvnet - ok 12:33:54.0613 4812 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 12:33:54.0921 4812 SSDPSRV - ok 12:33:54.0959 4812 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 12:33:54.0968 4812 ssmdrv - ok 12:33:55.0094 4812 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 12:33:55.0122 4812 SstpSvc - ok 12:33:55.0464 4812 [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe 12:33:55.0492 4812 STacSV - ok 12:33:55.0613 4812 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys 12:33:55.0631 4812 StarOpen ( UnsignedFile.Multi.Generic ) - warning 12:33:55.0631 4812 StarOpen - detected UnsignedFile.Multi.Generic (1) 12:33:55.0675 4812 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 12:33:55.0691 4812 Stereo Service - ok 12:33:55.0718 4812 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 12:33:55.0730 4812 stexstor - ok 12:33:55.0792 4812 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\Windows\system32\drivers\sthda.sys 12:33:56.0139 4812 STHDA - ok 12:33:56.0413 4812 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll 12:33:56.0473 4812 StiSvc - ok 12:33:56.0496 4812 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\drivers\vmstorfl.sys 12:33:56.0508 4812 storflt - ok 12:33:56.0548 4812 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\drivers\storvsc.sys 12:33:56.0561 4812 storvsc - ok 12:33:56.0710 4812 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 12:33:56.0722 4812 swenum - ok 12:33:56.0924 4812 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 12:33:56.0986 4812 swprv - ok 12:33:57.0178 4812 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll 12:33:57.0229 4812 SysMain - ok 12:33:57.0368 4812 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll 12:33:57.0462 4812 TabletInputService - ok 12:33:57.0519 4812 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll 12:33:57.0556 4812 TapiSrv - ok 12:33:57.0709 4812 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 12:33:57.0755 4812 TBS - ok 12:33:57.0846 4812 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys 12:33:57.0901 4812 Tcpip - ok 12:33:58.0080 4812 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 12:33:58.0109 4812 TCPIP6 - ok 12:33:58.0142 4812 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 12:33:58.0219 4812 tcpipreg - ok 12:33:58.0284 4812 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 12:33:58.0331 4812 TDPIPE - ok 12:33:58.0528 4812 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 12:33:58.0576 4812 TDTCP - ok 12:33:58.0636 4812 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 12:33:58.0662 4812 tdx - ok 12:33:58.0734 4812 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\drivers\termdd.sys 12:33:58.0746 4812 TermDD - ok 12:33:58.0785 4812 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll 12:33:58.0934 4812 TermService - ok 12:33:59.0147 4812 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 12:33:59.0163 4812 Themes - ok 12:33:59.0181 4812 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 12:33:59.0208 4812 THREADORDER - ok 12:33:59.0527 4812 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 12:33:59.0696 4812 TrkWks - ok 12:33:59.0760 4812 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 12:33:59.0776 4812 TrustedInstaller - ok 12:33:59.0811 4812 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 12:33:59.0837 4812 tssecsrv - ok 12:34:00.0018 4812 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 12:34:00.0044 4812 tunnel - ok 12:34:00.0151 4812 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 12:34:00.0164 4812 uagp35 - ok 12:34:00.0179 4812 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys 12:34:00.0221 4812 udfs - ok 12:34:00.0367 4812 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 12:34:00.0396 4812 UI0Detect - ok 12:34:00.0686 4812 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 12:34:00.0698 4812 uliagpkx - ok 12:34:00.0756 4812 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\drivers\umbus.sys 12:34:00.0781 4812 umbus - ok 12:34:00.0991 4812 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 12:34:01.0025 4812 UmPass - ok 12:34:01.0356 4812 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll 12:34:01.0423 4812 UmRdpService - ok 12:34:01.0623 4812 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 12:34:01.0667 4812 upnphost - ok 12:34:01.0885 4812 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 12:34:01.0910 4812 USBAAPL - ok 12:34:02.0269 4812 [ AF9388E736AF0C325067F05EDC350010 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys 12:34:02.0308 4812 usbbus - ok 12:34:02.0437 4812 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 12:34:02.0451 4812 usbccgp - ok 12:34:02.0726 4812 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 12:34:02.0740 4812 usbcir - ok 12:34:02.0965 4812 [ AE30EA96E60E823C7B525DA356283AE8 ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys 12:34:02.0985 4812 UsbDiag - ok 12:34:03.0134 4812 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\drivers\usbehci.sys 12:34:03.0171 4812 usbehci - ok 12:34:03.0358 4812 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\drivers\usbhub.sys 12:34:03.0968 4812 usbhub - ok 12:34:04.0128 4812 [ 46AC66DF3D6EFE81F69BEA823A53AAB5 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys 12:34:04.0152 4812 USBModem - ok 12:34:04.0186 4812 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys 12:34:04.0214 4812 usbohci - ok 12:34:04.0523 4812 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 12:34:04.0616 4812 usbprint - ok 12:34:04.0809 4812 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:34:04.0859 4812 USBSTOR - ok 12:34:05.0046 4812 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 12:34:05.0084 4812 usbuhci - ok 12:34:05.0225 4812 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 12:34:05.0262 4812 usbvideo - ok 12:34:05.0440 4812 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 12:34:05.0476 4812 UxSms - ok 12:34:05.0634 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe 12:34:05.0792 4812 VaultSvc - ok 12:34:05.0989 4812 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 12:34:06.0002 4812 vdrvroot - ok 12:34:06.0792 4812 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe 12:34:07.0024 4812 vds - ok 12:34:07.0174 4812 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 12:34:07.0326 4812 vga - ok 12:34:07.0574 4812 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 12:34:07.0601 4812 VgaSave - ok 12:34:07.0959 4812 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 12:34:07.0973 4812 vhdmp - ok 12:34:08.0013 4812 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 12:34:08.0025 4812 viaagp - ok 12:34:08.0502 4812 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 12:34:08.0732 4812 ViaC7 - ok 12:34:08.0757 4812 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 12:34:08.0769 4812 viaide - ok 12:34:08.0948 4812 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\drivers\vmbus.sys 12:34:08.0962 4812 vmbus - ok 12:34:08.0990 4812 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 12:34:09.0017 4812 VMBusHID - ok 12:34:09.0276 4812 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys 12:34:09.0294 4812 volmgr - ok 12:34:09.0440 4812 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 12:34:09.0457 4812 volmgrx - ok 12:34:09.0812 4812 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys 12:34:09.0827 4812 volsnap - ok 12:34:09.0874 4812 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 12:34:09.0888 4812 vsmraid - ok 12:34:10.0059 4812 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe 12:34:10.0254 4812 VSS - ok 12:34:10.0264 4812 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 12:34:10.0291 4812 vwifibus - ok 12:34:10.0715 4812 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 12:34:10.0781 4812 W32Time - ok 12:34:11.0146 4812 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 12:34:11.0159 4812 WacomPen - ok 12:34:11.0194 4812 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 12:34:11.0220 4812 WANARP - ok 12:34:11.0229 4812 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 12:34:11.0264 4812 Wanarpv6 - ok 12:34:11.0371 4812 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe 12:34:11.0452 4812 wbengine - ok 12:34:11.0487 4812 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 12:34:11.0516 4812 WbioSrvc - ok 12:34:11.0541 4812 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll 12:34:11.0588 4812 wcncsvc - ok 12:34:11.0631 4812 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 12:34:11.0666 4812 WcsPlugInService - ok 12:34:11.0789 4812 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 12:34:11.0804 4812 Wd - ok 12:34:11.0916 4812 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 12:34:11.0939 4812 Wdf01000 - ok 12:34:12.0124 4812 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 12:34:12.0157 4812 WdiServiceHost - ok 12:34:12.0160 4812 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 12:34:12.0177 4812 WdiSystemHost - ok 12:34:12.0437 4812 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll 12:34:12.0499 4812 WebClient - ok 12:34:12.0727 4812 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 12:34:12.0755 4812 Wecsvc - ok 12:34:12.0836 4812 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 12:34:12.0881 4812 wercplsupport - ok 12:34:12.0943 4812 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 12:34:12.0976 4812 WerSvc - ok 12:34:13.0281 4812 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 12:34:13.0308 4812 WfpLwf - ok 12:34:13.0473 4812 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 12:34:13.0485 4812 WIMMount - ok 12:34:13.0559 4812 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 12:34:13.0585 4812 WinDefend - ok 12:34:13.0594 4812 WinHttpAutoProxySvc - ok 12:34:13.0954 4812 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 12:34:13.0996 4812 Winmgmt - ok 12:34:14.0277 4812 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll 12:34:14.0345 4812 WinRM - ok 12:34:14.0711 4812 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 12:34:14.0725 4812 WinUsb - ok 12:34:15.0130 4812 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 12:34:15.0294 4812 Wlansvc - ok 12:34:15.0379 4812 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 12:34:15.0402 4812 WmiAcpi - ok 12:34:15.0646 4812 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 12:34:15.0675 4812 wmiApSrv - ok 12:34:15.0942 4812 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 12:34:16.0528 4812 WMPNetworkSvc - ok 12:34:16.0613 4812 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 12:34:16.0768 4812 WPCSvc - ok 12:34:16.0821 4812 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 12:34:16.0859 4812 WPDBusEnum - ok 12:34:17.0062 4812 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 12:34:17.0229 4812 ws2ifsl - ok 12:34:17.0561 4812 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll 12:34:17.0575 4812 wscsvc - ok 12:34:17.0579 4812 WSearch - ok 12:34:17.0824 4812 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 12:34:17.0897 4812 wuauserv - ok 12:34:18.0056 4812 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 12:34:18.0082 4812 WudfPf - ok 12:34:18.0238 4812 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 12:34:18.0252 4812 WUDFRd - ok 12:34:18.0917 4812 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 12:34:18.0939 4812 wudfsvc - ok 12:34:19.0159 4812 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 12:34:19.0194 4812 WwanSvc - ok 12:34:19.0399 4812 ================ Scan global =============================== 12:34:19.0436 4812 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll 12:34:19.0486 4812 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll 12:34:19.0494 4812 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll 12:34:19.0676 4812 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 12:34:19.0712 4812 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 12:34:19.0716 4812 [Global] - ok 12:34:19.0716 4812 ================ Scan MBR ================================== 12:34:20.0157 4812 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 12:34:21.0099 4812 \Device\Harddisk0\DR0 - ok 12:34:21.0099 4812 ================ Scan VBR ================================== 12:34:21.0603 4812 [ C18BB8C9C6DFBAAC45D655A0CB759562 ] \Device\Harddisk0\DR0\Partition1 12:34:21.0604 4812 \Device\Harddisk0\DR0\Partition1 - ok 12:34:21.0622 4812 [ B7F5022BCF5251BFF9146270A71377B4 ] \Device\Harddisk0\DR0\Partition2 12:34:21.0626 4812 \Device\Harddisk0\DR0\Partition2 - ok 12:34:21.0626 4812 ============================================================ 12:34:21.0627 4812 Scan finished 12:34:21.0627 4812 ============================================================ 12:34:21.0640 5272 Detected object count: 1 12:34:21.0640 5272 Actual detected object count: 1 12:34:33.0392 5272 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 12:34:33.0392 5272 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip |
09.06.2013, 11:49 | #10 |
/// Malware-holic | System Care Antivirus und SpyHunter 4. wie entfernen? Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.06.2013, 11:55 | #11 |
| System Care Antivirus und SpyHunter 4. wie entfernen? Combofix meldet das Avira Desktop noch läuft. Habe den Avira EchtZeit Scanner aber beendet Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - userle 09.06.2013 12:57:48.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3582.2068 [GMT 2:00] ausgeführt von:: c:\users\userle\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-09 bis 2013-06-09 )))))))))))))))))))))))))))))) . . 2013-06-09 11:03 . 2013-06-09 11:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-06-09 11:03 . 2013-06-09 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-09 10:06 . 2013-06-09 10:13 -------- d-----w- C:\_OTL 2013-06-08 22:39 . 2013-06-08 22:39 110080 ----a-r- c:\users\userle\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconF7A21AF7.exe 2013-06-08 22:39 . 2013-06-08 22:39 110080 ----a-r- c:\users\userle\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconD7F16134.exe 2013-06-08 22:39 . 2013-06-08 22:39 110080 ----a-r- c:\users\userle\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconCF33A0CE.exe 2013-06-08 22:39 . 2013-06-08 22:40 -------- d-----w- C:\sh4ldr 2013-06-08 22:39 . 2013-06-08 22:39 -------- d-----w- c:\program files\Enigma Software Group 2013-06-08 22:38 . 2013-06-08 22:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2013-06-08 14:35 . 2013-06-09 10:06 -------- d-----w- c:\programdata\D62395553691AD1D0000D622BF38B359 2013-06-08 14:33 . 2013-06-08 14:33 -------- d-----w- c:\windows\Sun 2013-06-02 21:19 . 2013-06-02 21:19 -------- d-----w- c:\program files\avisplit 2013-06-01 12:10 . 2012-10-17 14:37 397312 ----a-w- c:\windows\system32\TubeFinder.exe 2013-06-01 12:10 . 2013-06-01 12:10 -------- d-----w- c:\users\userle\AppData\Roaming\FreeFLVConverter 2013-06-01 12:10 . 2011-09-28 07:18 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL 2013-06-01 12:10 . 2011-09-28 07:18 84512 ----a-w- c:\windows\system32\PICCLP32.OCX 2013-06-01 12:10 . 2011-09-28 07:18 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx 2013-06-01 12:10 . 2011-09-28 07:18 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL 2013-06-01 12:10 . 2011-09-28 07:18 24576 ----a-w- c:\windows\system32\ControlSubX.ocx 2013-06-01 12:10 . 2011-09-28 07:18 152848 ----a-w- c:\windows\system32\COMDLG32.OCX 2013-06-01 12:10 . 2011-09-28 07:18 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL 2013-06-01 12:10 . 2011-09-28 07:18 119568 ----a-w- c:\windows\system32\VB6FR.DLL 2013-06-01 12:10 . 2011-09-28 07:18 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2013-06-01 12:09 . 2013-06-01 12:10 -------- d-----w- c:\program files\Free FLV Converter 2013-05-17 11:40 . 2013-05-17 11:40 -------- d-----w- c:\program files\StreamTransport 2013-05-17 11:40 . 2009-10-27 17:31 3982240 ----a-w- c:\windows\system32\Flash10d.ocx 2013-05-16 12:17 . 2013-05-16 14:04 -------- d-----w- c:\program files\Mozilla Thunderbird . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-16 12:40 . 2013-02-17 21:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-16 12:40 . 2013-02-17 21:58 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-06 10:49 . 2013-05-06 10:49 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-04-02 13:38 . 2013-04-02 13:38 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-02 13:38 . 2013-04-02 13:38 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-02 13:38 . 2013-04-02 13:38 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-25 15:20 . 2013-02-17 19:37 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-25 15:20 . 2013-02-17 19:37 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-25 15:20 . 2013-02-17 19:37 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2013-01-28 14:49 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-05-09 18678376] "ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-23 127040] "Spotify Web Helper"="c:\users\userle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-03 1105408] "Spotify"="c:\users\userle\AppData\Roaming\Spotify\Spotify.exe" [2013-05-03 4573184] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304] "Facebook Update"="c:\users\userle\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-24 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OEM04Mon.exe"="c:\windows\OEM04Mon.exe" [2007-06-11 36864] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-01-24 1646216] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384] R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [2012-07-03 23040] R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [2012-07-03 27776] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-05-06 13904] R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 19984] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-25 37352] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-03-25 86752] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-17 242240] S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\DRIVERS\OEM04Vfx.sys [2007-03-05 7424] S3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\DRIVERS\OEM04Vid.sys [2007-10-11 234720] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 87246055 *Deregistered* - 87246055 . Inhalt des "geplante Tasks" Ordners . 2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-17 12:40] . 2013-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000Core.job - c:\users\userle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-24 13:18] . 2013-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000UA.job - c:\users\userle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-24 13:18] . 2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-03-31 12:29] . 2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-03-31 12:29] . 2013-06-09 c:\windows\Tasks\SlimDrivers Startup.job - c:\program files\SlimDrivers\SlimDrivers.exe [2013-02-08 13:15] . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = *.local IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll Trusted Zone: dell.com TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\userle\AppData\Roaming\Mozilla\Firefox\Profiles\volklsg0.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/ . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-06-09 13:05:27 ComboFix-quarantined-files.txt 2013-06-09 11:05 . Vor Suchlauf: 14 Verzeichnis(se), 221.590.601.728 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 221.262.155.776 Bytes frei . - - End Of File - - 77754A060ED049B85147A6A701EE72A3 A36C5E4F47E84449FF07ED3517B43A31 muss ich jetzt noch etwas machen? ist die Reinigung abgeschlossen? |
09.06.2013, 18:16 | #12 |
/// Malware-holic | System Care Antivirus und SpyHunter 4. wie entfernen? Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.06.2013, 20:55 | #13 |
| System Care Antivirus und SpyHunter 4. wie entfernen? Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.06.09.04 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 userle :: USERLE-PC [Administrator] 09.06.2013 20:37:50 mbam-log-2013-06-09 (20-37-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 383595 Laufzeit: 1 Stunde(n), 15 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Program Files\AIDA\Keymaker-ZWT.rar (Backdoor.RBot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\AIDA\Keymaker-ZWT\keygen.exe (Backdoor.RBot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Microsoft Office\BIE\os_x64\bie_o10install64.exe (Hacktool.Keygen.KMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Microsoft Office\BIE\os_x86\bie_o10install86.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles.zip (Trojan.Agent.SG) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06092013_120622\C_ProgramData\D62395553691AD1D0000D622BF38B359\D62395553691AD1D0000D622BF38B359.exe (Trojan.Agent.SG) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
09.06.2013, 21:32 | #14 |
/// Malware-holic | System Care Antivirus und SpyHunter 4. wie entfernen? C:\Program Files\AIDA\Keymaker-ZWT\keygen.exe (Backdoor.RBot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Microsoft Office\BIE\os_x64\bie_o10install64.exe (Hacktool.Keygen.KMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Microsoft Office\BIE\os_x86\bie_o10install86.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. http://www.trojaner-board.de/95393-c...-software.html deswegen gibts hier nur Hilfe beim neu aufsetzen. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu System Care Antivirus und SpyHunter 4. wie entfernen? |
antivirus, arten, backdoor.rbot, beim starten, brauche, entferne, entfernen, erkannt, festgestellt, gesucht, hacktool.keygen.kms, malware, programm, spyhunter, spyhunter entfernen, starte, starten, system care, system care antivirus backdoor spyware, tablet, trojan.agent.ck, trojan.agent.sg, trojaner, video, wie entfernen, wie entfernen?, youtube |