|
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.07.2013, 19:51 | #1 |
| TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Hallo, Hilfe, ich habe ein großes Problem. Mein PC Medion MD 8880 Windows 7 und Avira Free Antivirus. Avira meldet mir: Suchlauf Es wurden '2' Virus oder unerwünschtes Programm gefunden 19.7.2013 17.18. Weitere Suchläufe vom 19.7. - 21.7. zeigten 1 oder 2 Viren. Bei den 2 Viren handelte es sich um TR/ATRAPS.Gen und TR/ATRAPS.Gen2. Ab dem 20.7. um 12.01. war es TR/Sirefef.A.12. Habe am 21.7. eine Systemwiederherstellung für den 13.7. gemacht. Nach dem Neustart erschien das Windows-Fester mit der Aufschrift -Desktop wird vorbeitet- . Was dann zu sehen war, war nicht mein mir bekanntes Desktopbild. Die Minianwendung „Kurznotizen“ konnte nicht wieder hergestellt werden: alle Termine weg. Irgendwann erschien die Meldung: Sie werden mir einem temporären Profil angemeldet. Sie können nicht auf Ihre Dateien zugreifen und in diesem Profil erstellte Dateien werden gelöscht, wenn Sie sich abmelden. Wenn Sie das Problem beheben möchten, melden Sie sich ab, und melden Sie sich zu einem späteren Zeitpunkt an. Lesen Sie da- Dann gab es noch die Meldung : C:/Papierkorb ist beschädigt. Möchten Sie den Papierkorb für dieses Laufwerk leeren? Habe den PC vom Netzwerk genommen und ausgeschaltet. Brauchte erst einmal ein paar Tage Ruhe. Heute habe ich nochmal eine Systemwiederherstellung auf den 19.7. gemacht, um zu sehen was dann passiert. Nichts funktionier mehr richtig. In Word erscheint diese Meldung: Office Starter muss repariert werden. Möchten Sie eine Anleitung zum Reparieren von Office Starter erhalten? Diese Meldungen wurden jeweils mit nein quittiert. Windows Mail lässt sich nicht öffnen. Kann die defogger- und otl- Dateien nicht auf meinen Rechner laden. Der Download wird nicht gestartet. Ich hoffe, Sie können mir helfen. Mit freundlichen Grüßen marha |
26.07.2013, 20:16 | #2 |
/// the machine /// TB-Ausbilder | TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 hi,
__________________Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
27.07.2013, 15:04 | #3 |
| TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Hallo,
__________________ich kann aus dem Internet über eure Seite diese Datei TDSSKiller.exe nicht downloaden. Den Download-Button habe ich angeklickt, der Download wurde aber nicht gestartet. Habe es mehrmals mit gleichem negativen Ergebnis probiert. Das gleiche war auch mit den Downloads defogger und otl, wie in meiner Fehlerbeschreibung bereits erwähnt, nicht möglich. Soll ich das Programm über einen zweiten Rechner auf einen Stick laden und dann auf dem defekten Rechner ausführen? MfG marha |
27.07.2013, 18:07 | #4 |
/// the machine /// TB-Ausbilder | TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Bitte von einem anderen Rechner aus laden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.07.2013, 15:17 | #5 |
| TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Hallo, schönen Sonntag! Habe den Stick angeschlossen und auf ZIP Ordner tdsskiller geklickt. Es sind zwei Dateien enthalten -eula -TDSSKiller -Anwendung- Habe auf TDSSKiller -Anwendung- geklickt und es erscheint folgendes Fenster: ZIPkomprimierte Ordner -Fehler Der Extrahierungsvorgang kann nicht fertig gestellt werden. Die Zieldatei konnte nicht erstellt werden. MfG marha Hallo, habe die Datei auf dem zweiten Rechner extrahiert und danach auf dem defkten Rechner ausprobiert. Hier die Logfile: Code:
ATTFilter 16:01:38.0563 3488 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 16:01:38.0626 3488 ============================================================ 16:01:38.0626 3488 Current date / time: 2013/07/28 16:01:38.0626 16:01:38.0626 3488 SystemInfo: 16:01:38.0626 3488 16:01:38.0626 3488 OS Version: 6.1.7601 ServicePack: 1.0 16:01:38.0626 3488 Product type: Workstation 16:01:38.0626 3488 ComputerName: HAMANNHOME-PC 16:01:38.0626 3488 UserName: Hamann Home 16:01:38.0626 3488 Windows directory: C:\Windows 16:01:38.0626 3488 System windows directory: C:\Windows 16:01:38.0626 3488 Processor architecture: Intel x86 16:01:38.0626 3488 Number of processors: 4 16:01:38.0626 3488 Page size: 0x1000 16:01:38.0626 3488 Boot type: Normal boot 16:01:38.0626 3488 ============================================================ 16:01:39.0967 3488 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:01:39.0967 3488 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 16:01:39.0967 3488 Drive \Device\Harddisk5\DR5 - Size: 0x3C700000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 16:01:39.0967 3488 ============================================================ 16:01:39.0983 3488 \Device\Harddisk0\DR0: 16:01:39.0983 3488 MBR partitions: 16:01:39.0983 3488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 16:01:39.0983 3488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854800 16:01:39.0983 3488 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000 16:01:39.0983 3488 \Device\Harddisk1\DR1: 16:01:39.0983 3488 MBR partitions: 16:01:39.0983 3488 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982 16:01:39.0983 3488 \Device\Harddisk5\DR5: 16:01:39.0983 3488 MBR partitions: 16:01:39.0983 3488 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E37E0 16:01:39.0983 3488 ============================================================ 16:01:40.0014 3488 C: <-> \Device\Harddisk0\DR0\Partition2 16:01:40.0045 3488 D: <-> \Device\Harddisk0\DR0\Partition3 16:01:40.0045 3488 I: <-> \Device\Harddisk1\DR1\Partition1 16:01:40.0045 3488 ============================================================ 16:01:40.0045 3488 Initialize success 16:01:40.0045 3488 ============================================================ 16:03:01.0431 1976 ============================================================ 16:03:01.0431 1976 Scan started 16:03:01.0431 1976 Mode: Manual; SigCheck; TDLFS; 16:03:01.0431 1976 ============================================================ 16:03:02.0367 1976 ================ Scan system memory ======================== 16:03:02.0367 1976 System memory - ok 16:03:02.0367 1976 ================ Scan services ============================= 16:03:02.0491 1976 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 16:03:02.0679 1976 1394ohci - ok 16:03:02.0725 1976 [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] ACEDRV07 C:\Windows\system32\drivers\ACEDRV07.sys 16:03:02.0835 1976 ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning 16:03:02.0835 1976 ACEDRV07 - detected UnsignedFile.Multi.Generic (1) 16:03:02.0881 1976 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 16:03:02.0913 1976 ACPI - ok 16:03:02.0959 1976 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 16:03:03.0022 1976 AcpiPmi - ok 16:03:03.0084 1976 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 16:03:03.0131 1976 AdobeFlashPlayerUpdateSvc - ok 16:03:03.0178 1976 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 16:03:03.0225 1976 adp94xx - ok 16:03:03.0256 1976 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 16:03:03.0303 1976 adpahci - ok 16:03:03.0365 1976 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 16:03:03.0396 1976 adpu320 - ok 16:03:03.0427 1976 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:03:03.0537 1976 AeLookupSvc - ok 16:03:03.0568 1976 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 16:03:03.0646 1976 AFD - ok 16:03:03.0677 1976 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 16:03:03.0693 1976 agp440 - ok 16:03:03.0708 1976 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 16:03:03.0724 1976 aic78xx - ok 16:03:03.0755 1976 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 16:03:03.0833 1976 ALG - ok 16:03:03.0849 1976 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 16:03:03.0880 1976 aliide - ok 16:03:03.0911 1976 [ 60201AD353105D8C6796C1B69E6C49F0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 16:03:03.0989 1976 AMD External Events Utility - ok 16:03:04.0005 1976 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 16:03:04.0020 1976 amdagp - ok 16:03:04.0051 1976 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 16:03:04.0067 1976 amdide - ok 16:03:04.0098 1976 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 16:03:04.0145 1976 AmdK8 - ok 16:03:04.0254 1976 [ 51610B74A9A1D84DC86FCE1019BEAFF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 16:03:04.0551 1976 amdkmdag - ok 16:03:04.0566 1976 [ CD1D86AB81EECE67D7BD6F7EF9786CCC ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 16:03:04.0629 1976 amdkmdap - ok 16:03:04.0629 1976 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 16:03:04.0707 1976 AmdPPM - ok 16:03:04.0722 1976 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 16:03:04.0738 1976 amdsata - ok 16:03:04.0785 1976 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 16:03:04.0800 1976 amdsbs - ok 16:03:04.0816 1976 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 16:03:04.0831 1976 amdxata - ok 16:03:04.0925 1976 [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 16:03:04.0941 1976 AntiVirSchedulerService - ok 16:03:04.0987 1976 [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 16:03:05.0019 1976 AntiVirService - ok 16:03:05.0065 1976 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 16:03:05.0190 1976 AppID - ok 16:03:05.0237 1976 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 16:03:05.0268 1976 AppIDSvc - ok 16:03:05.0299 1976 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll 16:03:05.0362 1976 Appinfo - ok 16:03:05.0377 1976 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 16:03:05.0393 1976 arc - ok 16:03:05.0424 1976 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 16:03:05.0455 1976 arcsas - ok 16:03:05.0487 1976 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:03:05.0596 1976 AsyncMac - ok 16:03:05.0643 1976 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 16:03:05.0658 1976 atapi - ok 16:03:05.0721 1976 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 16:03:05.0752 1976 AtiHdmiService - ok 16:03:05.0814 1976 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:03:05.0908 1976 AudioEndpointBuilder - ok 16:03:05.0923 1976 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 16:03:05.0939 1976 Audiosrv - ok 16:03:05.0970 1976 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 16:03:05.0986 1976 avgntflt - ok 16:03:06.0001 1976 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 16:03:06.0017 1976 avipbb - ok 16:03:06.0033 1976 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 16:03:06.0064 1976 avkmgr - ok 16:03:06.0079 1976 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 16:03:06.0157 1976 AxInstSV - ok 16:03:06.0173 1976 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 16:03:06.0204 1976 b06bdrv - ok 16:03:06.0220 1976 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 16:03:06.0282 1976 b57nd60x - ok 16:03:06.0329 1976 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 16:03:06.0391 1976 BDESVC - ok 16:03:06.0391 1976 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 16:03:06.0469 1976 Beep - ok 16:03:06.0516 1976 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 16:03:06.0547 1976 BFE - ok 16:03:06.0594 1976 [ 65608C44E71D7BA056C9EFCD8A00A7FE ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe 16:03:06.0641 1976 BingDesktopUpdate - ok 16:03:06.0672 1976 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 16:03:06.0719 1976 BITS - ok 16:03:06.0735 1976 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:03:06.0750 1976 blbdrive - ok 16:03:06.0781 1976 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:03:06.0813 1976 bowser - ok 16:03:06.0828 1976 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:03:06.0891 1976 BrFiltLo - ok 16:03:06.0906 1976 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:03:06.0937 1976 BrFiltUp - ok 16:03:06.0969 1976 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 16:03:07.0031 1976 Browser - ok 16:03:07.0047 1976 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:03:07.0093 1976 Brserid - ok 16:03:07.0109 1976 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:03:07.0140 1976 BrSerWdm - ok 16:03:07.0156 1976 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:03:07.0218 1976 BrUsbMdm - ok 16:03:07.0234 1976 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:03:07.0281 1976 BrUsbSer - ok 16:03:07.0312 1976 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 16:03:07.0343 1976 BTHMODEM - ok 16:03:07.0374 1976 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 16:03:07.0437 1976 bthserv - ok 16:03:07.0452 1976 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:03:07.0483 1976 cdfs - ok 16:03:07.0515 1976 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys 16:03:07.0530 1976 cdrom - ok 16:03:07.0561 1976 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 16:03:07.0593 1976 CertPropSvc - ok 16:03:07.0639 1976 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 16:03:07.0671 1976 circlass - ok 16:03:07.0733 1976 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 16:03:07.0764 1976 CLFS - ok 16:03:07.0827 1976 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:03:07.0858 1976 clr_optimization_v2.0.50727_32 - ok 16:03:07.0889 1976 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:03:07.0936 1976 clr_optimization_v4.0.30319_32 - ok 16:03:07.0951 1976 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:03:07.0967 1976 CmBatt - ok 16:03:07.0983 1976 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:03:07.0998 1976 cmdide - ok 16:03:08.0029 1976 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys 16:03:08.0061 1976 CNG - ok 16:03:08.0076 1976 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:03:08.0092 1976 Compbatt - ok 16:03:08.0123 1976 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 16:03:08.0154 1976 CompositeBus - ok 16:03:08.0154 1976 COMSysApp - ok 16:03:08.0170 1976 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 16:03:08.0185 1976 crcdisk - ok 16:03:08.0232 1976 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:03:08.0279 1976 CryptSvc - ok 16:03:08.0341 1976 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 16:03:08.0404 1976 cvhsvc - ok 16:03:08.0419 1976 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 16:03:08.0451 1976 DcomLaunch - ok 16:03:08.0466 1976 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 16:03:08.0513 1976 defragsvc - ok 16:03:08.0529 1976 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:03:08.0560 1976 DfsC - ok 16:03:08.0607 1976 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 16:03:08.0669 1976 Dhcp - ok 16:03:08.0685 1976 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 16:03:08.0731 1976 discache - ok 16:03:08.0763 1976 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 16:03:08.0778 1976 Disk - ok 16:03:08.0809 1976 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:03:08.0841 1976 Dnscache - ok 16:03:08.0856 1976 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 16:03:08.0887 1976 dot3svc - ok 16:03:08.0919 1976 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 16:03:08.0965 1976 DPS - ok 16:03:08.0997 1976 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:03:09.0043 1976 drmkaud - ok 16:03:09.0075 1976 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:03:09.0121 1976 DXGKrnl - ok 16:03:09.0153 1976 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 16:03:09.0215 1976 EapHost - ok 16:03:09.0293 1976 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 16:03:09.0465 1976 ebdrv - ok 16:03:09.0496 1976 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 16:03:09.0543 1976 EFS - ok 16:03:09.0589 1976 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:03:09.0652 1976 ehRecvr - ok 16:03:09.0667 1976 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 16:03:09.0730 1976 ehSched - ok 16:03:09.0761 1976 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 16:03:09.0808 1976 elxstor - ok 16:03:09.0823 1976 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:03:09.0855 1976 ErrDev - ok 16:03:09.0870 1976 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 16:03:09.0933 1976 EventSystem - ok 16:03:09.0948 1976 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 16:03:09.0995 1976 exfat - ok 16:03:10.0057 1976 Fabs - ok 16:03:10.0057 1976 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:03:10.0135 1976 fastfat - ok 16:03:10.0167 1976 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 16:03:10.0198 1976 Fax - ok 16:03:10.0229 1976 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 16:03:10.0260 1976 fdc - ok 16:03:10.0291 1976 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 16:03:10.0338 1976 fdPHost - ok 16:03:10.0354 1976 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 16:03:10.0385 1976 FDResPub - ok 16:03:10.0385 1976 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:03:10.0401 1976 FileInfo - ok 16:03:10.0416 1976 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:03:10.0463 1976 Filetrace - ok 16:03:10.0510 1976 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe 16:03:10.0588 1976 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 16:03:10.0588 1976 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 16:03:10.0603 1976 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 16:03:10.0619 1976 flpydisk - ok 16:03:10.0635 1976 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:03:10.0666 1976 FltMgr - ok 16:03:10.0713 1976 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 16:03:10.0775 1976 FontCache - ok 16:03:10.0837 1976 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:03:10.0853 1976 FontCache3.0.0.0 - ok 16:03:10.0884 1976 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:03:10.0915 1976 FsDepends - ok 16:03:10.0931 1976 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS 16:03:10.0962 1976 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 16:03:10.0962 1976 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 16:03:11.0009 1976 [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe 16:03:11.0040 1976 FsUsbExService - ok 16:03:11.0056 1976 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:03:11.0071 1976 Fs_Rec - ok 16:03:11.0103 1976 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:03:11.0149 1976 fvevol - ok 16:03:11.0165 1976 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 16:03:11.0181 1976 gagp30kx - ok 16:03:11.0212 1976 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 16:03:11.0259 1976 gpsvc - ok 16:03:11.0321 1976 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 16:03:11.0337 1976 gupdate - ok 16:03:11.0368 1976 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 16:03:11.0383 1976 gupdatem - ok 16:03:11.0415 1976 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 16:03:11.0430 1976 gusvc - ok 16:03:11.0446 1976 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:03:11.0493 1976 hcw85cir - ok 16:03:11.0524 1976 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:03:11.0555 1976 HdAudAddService - ok 16:03:11.0571 1976 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 16:03:11.0602 1976 HDAudBus - ok 16:03:11.0633 1976 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 16:03:11.0664 1976 HidBatt - ok 16:03:11.0727 1976 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 16:03:11.0773 1976 HidBth - ok 16:03:11.0805 1976 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 16:03:11.0851 1976 HidIr - ok 16:03:11.0867 1976 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 16:03:11.0929 1976 hidserv - ok 16:03:11.0945 1976 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:03:11.0945 1976 HidUsb - ok 16:03:11.0976 1976 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:03:12.0054 1976 hkmsvc - ok 16:03:12.0085 1976 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:03:12.0132 1976 HomeGroupListener - ok 16:03:12.0148 1976 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:03:12.0226 1976 HomeGroupProvider - ok 16:03:12.0241 1976 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 16:03:12.0273 1976 HpSAMD - ok 16:03:12.0304 1976 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:03:12.0397 1976 HTTP - ok 16:03:12.0429 1976 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:03:12.0444 1976 hwpolicy - ok 16:03:12.0475 1976 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 16:03:12.0507 1976 i8042prt - ok 16:03:12.0538 1976 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 16:03:12.0569 1976 iaStor - ok 16:03:12.0616 1976 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 16:03:12.0631 1976 IAStorDataMgrSvc - ok 16:03:12.0663 1976 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:03:12.0694 1976 iaStorV - ok 16:03:12.0756 1976 [ 81EACB021DC52E908187861FD92370B4 ] IBUpdaterService C:\Windows\system32\dmwu.exe 16:03:12.0834 1976 IBUpdaterService - ok 16:03:12.0865 1976 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:03:12.0959 1976 idsvc - ok 16:03:12.0990 1976 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 16:03:13.0006 1976 iirsp - ok 16:03:13.0037 1976 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 16:03:13.0099 1976 IKEEXT - ok 16:03:13.0193 1976 [ 4BE85CF5831A41104C2DDED55FBC3565 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 16:03:13.0255 1976 IntcAzAudAddService - ok 16:03:13.0271 1976 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 16:03:13.0271 1976 intelide - ok 16:03:13.0302 1976 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:03:13.0318 1976 intelppm - ok 16:03:13.0333 1976 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:03:13.0365 1976 IPBusEnum - ok 16:03:13.0380 1976 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:03:13.0411 1976 IpFilterDriver - ok 16:03:13.0427 1976 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:03:13.0474 1976 iphlpsvc - ok 16:03:13.0505 1976 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 16:03:13.0536 1976 IPMIDRV - ok 16:03:13.0552 1976 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:03:13.0583 1976 IPNAT - ok 16:03:13.0661 1976 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:03:13.0723 1976 IRENUM - ok 16:03:13.0770 1976 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:03:13.0801 1976 isapnp - ok 16:03:13.0817 1976 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 16:03:13.0848 1976 iScsiPrt - ok 16:03:13.0879 1976 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 16:03:13.0895 1976 kbdclass - ok 16:03:13.0895 1976 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 16:03:13.0926 1976 kbdhid - ok 16:03:13.0942 1976 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 16:03:13.0942 1976 KeyIso - ok 16:03:13.0973 1976 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:03:13.0989 1976 KSecDD - ok 16:03:14.0004 1976 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:03:14.0020 1976 KSecPkg - ok 16:03:14.0051 1976 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 16:03:14.0098 1976 KtmRm - ok 16:03:14.0113 1976 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 16:03:14.0145 1976 LanmanServer - ok 16:03:14.0160 1976 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:03:14.0191 1976 LanmanWorkstation - ok 16:03:14.0223 1976 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:03:14.0254 1976 lltdio - ok 16:03:14.0269 1976 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:03:14.0316 1976 lltdsvc - ok 16:03:14.0332 1976 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 16:03:14.0363 1976 lmhosts - ok 16:03:14.0410 1976 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 16:03:14.0425 1976 LSI_FC - ok 16:03:14.0441 1976 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 16:03:14.0472 1976 LSI_SAS - ok 16:03:14.0488 1976 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:03:14.0503 1976 LSI_SAS2 - ok 16:03:14.0519 1976 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:03:14.0535 1976 LSI_SCSI - ok 16:03:14.0550 1976 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 16:03:14.0597 1976 luafv - ok 16:03:14.0613 1976 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:03:14.0644 1976 Mcx2Svc - ok 16:03:14.0659 1976 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 16:03:14.0675 1976 megasas - ok 16:03:14.0706 1976 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 16:03:14.0722 1976 MegaSR - ok 16:03:14.0737 1976 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 16:03:14.0784 1976 MMCSS - ok 16:03:14.0800 1976 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 16:03:14.0831 1976 Modem - ok 16:03:14.0847 1976 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:03:14.0878 1976 monitor - ok 16:03:14.0893 1976 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys 16:03:14.0909 1976 mouclass - ok 16:03:14.0940 1976 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:03:14.0956 1976 mouhid - ok 16:03:14.0971 1976 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:03:14.0987 1976 mountmgr - ok 16:03:15.0049 1976 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 16:03:15.0081 1976 MozillaMaintenance - ok 16:03:15.0112 1976 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 16:03:15.0143 1976 mpio - ok 16:03:15.0143 1976 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:03:15.0174 1976 mpsdrv - ok 16:03:15.0205 1976 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 16:03:15.0237 1976 MpsSvc - ok 16:03:15.0252 1976 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:03:15.0268 1976 MRxDAV - ok 16:03:15.0299 1976 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:03:15.0330 1976 mrxsmb - ok 16:03:15.0361 1976 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:03:15.0377 1976 mrxsmb10 - ok 16:03:15.0393 1976 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:03:15.0424 1976 mrxsmb20 - ok 16:03:15.0455 1976 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 16:03:15.0471 1976 msahci - ok 16:03:15.0486 1976 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:03:15.0502 1976 msdsm - ok 16:03:15.0502 1976 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 16:03:15.0549 1976 MSDTC - ok 16:03:15.0549 1976 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:03:15.0642 1976 Msfs - ok 16:03:15.0658 1976 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:03:15.0689 1976 mshidkmdf - ok 16:03:15.0705 1976 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:03:15.0720 1976 msisadrv - ok 16:03:15.0736 1976 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:03:15.0798 1976 MSiSCSI - ok 16:03:15.0798 1976 msiserver - ok 16:03:15.0814 1976 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:03:15.0861 1976 MSKSSRV - ok 16:03:15.0861 1976 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:03:15.0907 1976 MSPCLOCK - ok 16:03:15.0923 1976 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:03:15.0954 1976 MSPQM - ok 16:03:15.0985 1976 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:03:16.0001 1976 MsRPC - ok 16:03:16.0001 1976 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 16:03:16.0017 1976 mssmbios - ok 16:03:16.0032 1976 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:03:16.0063 1976 MSTEE - ok 16:03:16.0079 1976 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 16:03:16.0095 1976 MTConfig - ok 16:03:16.0110 1976 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 16:03:16.0126 1976 Mup - ok 16:03:16.0126 1976 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 16:03:16.0157 1976 napagent - ok 16:03:16.0188 1976 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:03:16.0235 1976 NativeWifiP - ok 16:03:16.0266 1976 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:03:16.0297 1976 NDIS - ok 16:03:16.0313 1976 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:03:16.0360 1976 NdisCap - ok 16:03:16.0360 1976 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:03:16.0375 1976 NdisTapi - ok 16:03:16.0391 1976 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:03:16.0422 1976 Ndisuio - ok 16:03:16.0453 1976 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:03:16.0485 1976 NdisWan - ok 16:03:16.0500 1976 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:03:16.0516 1976 NDProxy - ok 16:03:16.0531 1976 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:03:16.0578 1976 NetBIOS - ok 16:03:16.0609 1976 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:03:16.0641 1976 NetBT - ok 16:03:16.0656 1976 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 16:03:16.0672 1976 Netlogon - ok 16:03:16.0703 1976 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 16:03:16.0734 1976 Netman - ok 16:03:16.0765 1976 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 16:03:16.0812 1976 netprofm - ok 16:03:16.0828 1976 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:03:16.0843 1976 NetTcpPortSharing - ok 16:03:16.0875 1976 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 16:03:16.0875 1976 nfrd960 - ok 16:03:16.0906 1976 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 16:03:16.0937 1976 NlaSvc - ok 16:03:16.0937 1976 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:03:16.0968 1976 Npfs - ok 16:03:16.0968 1976 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 16:03:16.0999 1976 nsi - ok 16:03:17.0015 1976 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:03:17.0046 1976 nsiproxy - ok 16:03:17.0077 1976 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:03:17.0155 1976 Ntfs - ok 16:03:17.0171 1976 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 16:03:17.0187 1976 Null - ok 16:03:17.0218 1976 [ 03AD379554B50FA1802BE4EC2E291E92 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 16:03:17.0233 1976 nusb3hub - ok 16:03:17.0249 1976 [ 06FE87C9D181AF5F04D192E604E10E6C ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 16:03:17.0265 1976 nusb3xhc - ok 16:03:17.0296 1976 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:03:17.0311 1976 nvraid - ok 16:03:17.0311 1976 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:03:17.0327 1976 nvstor - ok 16:03:17.0358 1976 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:03:17.0374 1976 nv_agp - ok 16:03:17.0389 1976 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:03:17.0436 1976 ohci1394 - ok 16:03:17.0467 1976 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:03:17.0499 1976 ose - ok 16:03:17.0592 1976 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 16:03:17.0795 1976 osppsvc - ok 16:03:17.0826 1976 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:03:17.0857 1976 p2pimsvc - ok 16:03:17.0889 1976 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 16:03:17.0935 1976 p2psvc - ok 16:03:17.0951 1976 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 16:03:17.0982 1976 Parport - ok 16:03:17.0998 1976 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:03:18.0013 1976 partmgr - ok 16:03:18.0013 1976 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 16:03:18.0045 1976 Parvdm - ok 16:03:18.0060 1976 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:03:18.0091 1976 PcaSvc - ok 16:03:18.0091 1976 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 16:03:18.0107 1976 pci - ok 16:03:18.0107 1976 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 16:03:18.0123 1976 pciide - ok 16:03:18.0138 1976 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 16:03:18.0169 1976 pcmcia - ok 16:03:18.0232 1976 [ 1D012E9760820E0133EB0EC9060F7DBF ] PCSUService C:\Program Files\PC Speed Up\PCSUService.exe 16:03:18.0279 1976 PCSUService - ok 16:03:18.0294 1976 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 16:03:18.0310 1976 pcw - ok 16:03:18.0325 1976 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:03:18.0372 1976 PEAUTH - ok 16:03:18.0435 1976 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 16:03:18.0513 1976 pla - ok 16:03:18.0544 1976 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:03:18.0606 1976 PlugPlay - ok 16:03:18.0669 1976 [ AE6C778717DE2F6B0C0B5335036D3363 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe 16:03:18.0762 1976 PMBDeviceInfoProvider - ok 16:03:18.0762 1976 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:03:18.0778 1976 PNRPAutoReg - ok 16:03:18.0793 1976 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:03:18.0809 1976 PNRPsvc - ok 16:03:18.0825 1976 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:03:18.0871 1976 PolicyAgent - ok 16:03:18.0903 1976 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 16:03:18.0934 1976 Power - ok 16:03:18.0949 1976 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:03:18.0996 1976 PptpMiniport - ok 16:03:19.0027 1976 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 16:03:19.0043 1976 Processor - ok 16:03:19.0074 1976 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 16:03:19.0121 1976 ProfSvc - ok 16:03:19.0121 1976 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 16:03:19.0137 1976 ProtectedStorage - ok 16:03:19.0152 1976 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:03:19.0183 1976 Psched - ok 16:03:19.0199 1976 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 16:03:19.0215 1976 PSI_SVC_2 - ok 16:03:19.0261 1976 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 16:03:19.0324 1976 ql2300 - ok 16:03:19.0324 1976 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 16:03:19.0339 1976 ql40xx - ok 16:03:19.0355 1976 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 16:03:19.0386 1976 QWAVE - ok 16:03:19.0386 1976 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:03:19.0417 1976 QWAVEdrv - ok 16:03:19.0417 1976 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:03:19.0449 1976 RasAcd - ok 16:03:19.0480 1976 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:03:19.0495 1976 RasAgileVpn - ok 16:03:19.0511 1976 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 16:03:19.0558 1976 RasAuto - ok 16:03:19.0589 1976 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:03:19.0620 1976 Rasl2tp - ok 16:03:19.0667 1976 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 16:03:19.0776 1976 RasMan - ok 16:03:19.0792 1976 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:03:19.0823 1976 RasPppoe - ok 16:03:19.0854 1976 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:03:19.0885 1976 RasSstp - ok 16:03:19.0901 1976 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:03:19.0932 1976 rdbss - ok 16:03:19.0948 1976 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:03:19.0963 1976 rdpbus - ok 16:03:19.0995 1976 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:03:20.0026 1976 RDPCDD - ok 16:03:20.0057 1976 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:03:20.0073 1976 RDPENCDD - ok 16:03:20.0088 1976 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:03:20.0104 1976 RDPREFMP - ok 16:03:20.0166 1976 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 16:03:20.0197 1976 RdpVideoMiniport - ok 16:03:20.0229 1976 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:03:20.0260 1976 RDPWD - ok 16:03:20.0291 1976 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:03:20.0322 1976 rdyboost - ok 16:03:20.0338 1976 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 16:03:20.0400 1976 RemoteAccess - ok 16:03:20.0431 1976 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:03:20.0509 1976 RemoteRegistry - ok 16:03:20.0525 1976 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:03:20.0556 1976 RpcEptMapper - ok 16:03:20.0572 1976 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 16:03:20.0587 1976 RpcLocator - ok 16:03:20.0619 1976 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 16:03:20.0650 1976 RpcSs - ok 16:03:20.0665 1976 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:03:20.0697 1976 rspndr - ok 16:03:20.0728 1976 [ 0516998076AD894AE7E362C3110AA071 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 16:03:20.0743 1976 RTL8167 - ok 16:03:20.0775 1976 [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys 16:03:20.0821 1976 RTL8192su - ok 16:03:20.0837 1976 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 16:03:20.0853 1976 SamSs - ok 16:03:20.0868 1976 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:03:20.0899 1976 sbp2port - ok 16:03:20.0899 1976 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:03:20.0946 1976 SCardSvr - ok 16:03:20.0962 1976 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:03:20.0993 1976 scfilter - ok 16:03:21.0009 1976 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 16:03:21.0071 1976 Schedule - ok 16:03:21.0102 1976 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 16:03:21.0118 1976 SCPolicySvc - ok 16:03:21.0149 1976 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:03:21.0196 1976 SDRSVC - ok 16:03:21.0243 1976 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 16:03:21.0289 1976 SeaPort - ok 16:03:21.0305 1976 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:03:21.0352 1976 secdrv - ok 16:03:21.0367 1976 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 16:03:21.0399 1976 seclogon - ok 16:03:21.0414 1976 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 16:03:21.0461 1976 SENS - ok 16:03:21.0461 1976 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:03:21.0539 1976 SensrSvc - ok 16:03:21.0570 1976 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 16:03:21.0617 1976 Serenum - ok 16:03:21.0633 1976 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 16:03:21.0679 1976 Serial - ok 16:03:21.0711 1976 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 16:03:21.0742 1976 sermouse - ok 16:03:21.0789 1976 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 16:03:21.0851 1976 SessionEnv - ok 16:03:21.0882 1976 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:03:21.0929 1976 sffdisk - ok 16:03:21.0945 1976 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:03:21.0976 1976 sffp_mmc - ok 16:03:21.0991 1976 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:03:22.0023 1976 sffp_sd - ok 16:03:22.0038 1976 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 16:03:22.0069 1976 sfloppy - ok 16:03:22.0101 1976 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 16:03:22.0147 1976 Sftfs - ok 16:03:22.0179 1976 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe 16:03:22.0210 1976 sftlist - ok 16:03:22.0225 1976 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 16:03:22.0241 1976 Sftplay - ok 16:03:22.0257 1976 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 16:03:22.0257 1976 Sftredir - ok 16:03:22.0272 1976 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 16:03:22.0288 1976 Sftvol - ok 16:03:22.0303 1976 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe 16:03:22.0319 1976 sftvsa - ok 16:03:22.0350 1976 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:03:22.0381 1976 SharedAccess - ok 16:03:22.0397 1976 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:03:22.0444 1976 ShellHWDetection - ok 16:03:22.0475 1976 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 16:03:22.0491 1976 sisagp - ok 16:03:22.0506 1976 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:03:22.0522 1976 SiSRaid2 - ok 16:03:22.0537 1976 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 16:03:22.0553 1976 SiSRaid4 - ok 16:03:22.0569 1976 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:03:22.0615 1976 Smb - ok 16:03:22.0647 1976 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:03:22.0662 1976 SNMPTRAP - ok 16:03:22.0678 1976 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 16:03:22.0693 1976 spldr - ok 16:03:22.0740 1976 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 16:03:22.0787 1976 Spooler - ok 16:03:22.0865 1976 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 16:03:22.0990 1976 sppsvc - ok 16:03:23.0005 1976 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:03:23.0052 1976 sppuinotify - ok 16:03:23.0083 1976 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 16:03:23.0146 1976 srv - ok 16:03:23.0177 1976 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:03:23.0208 1976 srv2 - ok 16:03:23.0239 1976 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:03:23.0271 1976 srvnet - ok 16:03:23.0286 1976 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:03:23.0333 1976 SSDPSRV - ok 16:03:23.0364 1976 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 16:03:23.0380 1976 ssmdrv - ok 16:03:23.0395 1976 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:03:23.0442 1976 SstpSvc - ok 16:03:23.0458 1976 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys 16:03:23.0473 1976 ss_bbus - ok 16:03:23.0505 1976 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys 16:03:23.0536 1976 ss_bmdfl - ok 16:03:23.0551 1976 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys 16:03:23.0583 1976 ss_bmdm - ok 16:03:23.0598 1976 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 16:03:23.0614 1976 stexstor - ok 16:03:23.0645 1976 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 16:03:23.0707 1976 StiSvc - ok 16:03:23.0739 1976 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 16:03:23.0754 1976 swenum - ok 16:03:23.0770 1976 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 16:03:23.0832 1976 swprv - ok 16:03:23.0895 1976 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 16:03:23.0941 1976 SysMain - ok 16:03:23.0957 1976 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:03:23.0988 1976 TabletInputService - ok 16:03:24.0019 1976 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 16:03:24.0066 1976 TapiSrv - ok 16:03:24.0066 1976 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 16:03:24.0097 1976 TBS - ok 16:03:24.0129 1976 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:03:24.0207 1976 Tcpip - ok 16:03:24.0222 1976 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:03:24.0253 1976 TCPIP6 - ok 16:03:24.0285 1976 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:03:24.0316 1976 tcpipreg - ok 16:03:24.0331 1976 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:03:24.0363 1976 TDPIPE - ok 16:03:24.0394 1976 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:03:24.0394 1976 TDTCP - ok 16:03:24.0409 1976 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:03:24.0441 1976 tdx - ok 16:03:24.0456 1976 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 16:03:24.0472 1976 TermDD - ok 16:03:24.0503 1976 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 16:03:24.0581 1976 TermService - ok 16:03:24.0597 1976 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 16:03:24.0612 1976 Themes - ok 16:03:24.0628 1976 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 16:03:24.0643 1976 THREADORDER - ok 16:03:24.0706 1976 [ 0765EE4A7A0D6609BF91CA2E4700E885 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 16:03:24.0737 1976 TomTomHOMEService - ok 16:03:24.0737 1976 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 16:03:24.0799 1976 TrkWks - ok 16:03:24.0846 1976 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:03:24.0893 1976 TrustedInstaller - ok 16:03:24.0893 1976 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:03:24.0924 1976 tssecsrv - ok 16:03:24.0971 1976 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 16:03:25.0018 1976 TsUsbFlt - ok 16:03:25.0049 1976 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:03:25.0096 1976 tunnel - ok 16:03:25.0111 1976 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 16:03:25.0127 1976 uagp35 - ok 16:03:25.0158 1976 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:03:25.0205 1976 udfs - ok 16:03:25.0221 1976 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:03:25.0236 1976 UI0Detect - ok 16:03:25.0252 1976 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:03:25.0267 1976 uliagpkx - ok 16:03:25.0283 1976 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 16:03:25.0299 1976 umbus - ok 16:03:25.0330 1976 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 16:03:25.0361 1976 UmPass - ok 16:03:25.0377 1976 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 16:03:25.0439 1976 upnphost - ok 16:03:25.0470 1976 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys 16:03:25.0517 1976 usbccgp - ok 16:03:25.0548 1976 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:03:25.0579 1976 usbcir - ok 16:03:25.0611 1976 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys 16:03:25.0626 1976 usbehci - ok 16:03:25.0657 1976 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:03:25.0689 1976 usbhub - ok 16:03:25.0704 1976 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:03:25.0720 1976 usbohci - ok 16:03:25.0735 1976 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:03:25.0767 1976 usbprint - ok 16:03:25.0798 1976 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 16:03:25.0829 1976 usbscan - ok 16:03:25.0845 1976 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:03:25.0891 1976 USBSTOR - ok 16:03:25.0907 1976 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 16:03:25.0938 1976 usbuhci - ok 16:03:25.0969 1976 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 16:03:26.0032 1976 UxSms - ok 16:03:26.0032 1976 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 16:03:26.0047 1976 VaultSvc - ok 16:03:26.0047 1976 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 16:03:26.0063 1976 vdrvroot - ok 16:03:26.0079 1976 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 16:03:26.0125 1976 vds - ok 16:03:26.0141 1976 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:03:26.0172 1976 vga - ok 16:03:26.0188 1976 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 16:03:26.0219 1976 VgaSave - ok 16:03:26.0250 1976 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 16:03:26.0266 1976 vhdmp - ok 16:03:26.0281 1976 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 16:03:26.0297 1976 viaagp - ok 16:03:26.0313 1976 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 16:03:26.0359 1976 ViaC7 - ok 16:03:26.0375 1976 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 16:03:26.0391 1976 viaide - ok 16:03:26.0422 1976 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:03:26.0437 1976 volmgr - ok 16:03:26.0469 1976 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:03:26.0500 1976 volmgrx - ok 16:03:26.0515 1976 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:03:26.0531 1976 volsnap - ok 16:03:26.0547 1976 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 16:03:26.0562 1976 vsmraid - ok 16:03:26.0609 1976 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 16:03:26.0687 1976 VSS - ok 16:03:26.0703 1976 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 16:03:26.0749 1976 vwifibus - ok 16:03:26.0765 1976 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 16:03:26.0796 1976 vwififlt - ok 16:03:26.0812 1976 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 16:03:26.0827 1976 vwifimp - ok 16:03:26.0843 1976 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 16:03:26.0890 1976 W32Time - ok 16:03:26.0905 1976 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 16:03:26.0921 1976 WacomPen - ok 16:03:26.0952 1976 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:03:26.0983 1976 WANARP - ok 16:03:26.0983 1976 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:03:26.0999 1976 Wanarpv6 - ok 16:03:27.0030 1976 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 16:03:27.0139 1976 wbengine - ok 16:03:27.0155 1976 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:03:27.0202 1976 WbioSrvc - ok 16:03:27.0233 1976 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:03:27.0264 1976 wcncsvc - ok 16:03:27.0280 1976 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:03:27.0311 1976 WcsPlugInService - ok 16:03:27.0327 1976 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 16:03:27.0342 1976 Wd - ok 16:03:27.0373 1976 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:03:27.0436 1976 Wdf01000 - ok 16:03:27.0451 1976 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:03:27.0498 1976 WdiServiceHost - ok 16:03:27.0498 1976 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:03:27.0514 1976 WdiSystemHost - ok 16:03:27.0592 1976 [ 9DA588E16A697CFA993A2A18B2F249FB ] Web Assistant C:\Program Files\Web Assistant\ExtensionUpdaterService.exe 16:03:27.0607 1976 Web Assistant - ok 16:03:27.0623 1976 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 16:03:27.0639 1976 WebClient - ok 16:03:27.0670 1976 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:03:27.0701 1976 Wecsvc - ok 16:03:27.0748 1976 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:03:27.0810 1976 wercplsupport - ok 16:03:27.0841 1976 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 16:03:27.0919 1976 WerSvc - ok 16:03:27.0935 1976 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:03:27.0982 1976 WfpLwf - ok 16:03:27.0997 1976 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:03:28.0013 1976 WIMMount - ok 16:03:28.0075 1976 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 16:03:28.0138 1976 WinDefend - ok 16:03:28.0153 1976 WinHttpAutoProxySvc - ok 16:03:28.0200 1976 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:03:28.0263 1976 Winmgmt - ok 16:03:28.0294 1976 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 16:03:28.0387 1976 WinRM - ok 16:03:28.0419 1976 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 16:03:28.0465 1976 WinUsb - ok 16:03:28.0481 1976 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 16:03:28.0528 1976 Wlansvc - ok 16:03:28.0575 1976 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:03:28.0668 1976 wlidsvc - ok 16:03:28.0699 1976 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 16:03:28.0715 1976 WmiAcpi - ok 16:03:28.0746 1976 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:03:28.0762 1976 wmiApSrv - ok 16:03:28.0793 1976 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 16:03:28.0840 1976 WMPNetworkSvc - ok 16:03:28.0840 1976 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:03:28.0902 1976 WPCSvc - ok 16:03:28.0918 1976 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:03:28.0965 1976 WPDBusEnum - ok 16:03:28.0980 1976 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:03:29.0043 1976 ws2ifsl - ok 16:03:29.0058 1976 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 16:03:29.0089 1976 wscsvc - ok 16:03:29.0089 1976 WSearch - ok 16:03:29.0136 1976 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 16:03:29.0245 1976 wuauserv - ok 16:03:29.0261 1976 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:03:29.0323 1976 WudfPf - ok 16:03:29.0339 1976 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:03:29.0386 1976 WUDFRd - ok 16:03:29.0417 1976 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:03:29.0464 1976 wudfsvc - ok 16:03:29.0479 1976 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll 16:03:29.0542 1976 WwanSvc - ok 16:03:29.0557 1976 ================ Scan global =============================== 16:03:29.0573 1976 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 16:03:29.0620 1976 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 16:03:29.0651 1976 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 16:03:29.0682 1976 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 16:03:29.0698 1976 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 16:03:29.0713 1976 [Global] - ok 16:03:29.0713 1976 ================ Scan MBR ================================== 16:03:29.0745 1976 [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0 16:03:31.0539 1976 \Device\Harddisk0\DR0 - ok 16:03:31.0539 1976 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 16:03:31.0601 1976 \Device\Harddisk1\DR1 - ok 16:03:31.0617 1976 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5 16:03:31.0804 1976 \Device\Harddisk5\DR5 - ok 16:03:31.0804 1976 ================ Scan VBR ================================== 16:03:31.0804 1976 [ 4BA4FAB1AB1BB0938C5CE8CA9A40EC46 ] \Device\Harddisk0\DR0\Partition1 16:03:31.0804 1976 \Device\Harddisk0\DR0\Partition1 - ok 16:03:31.0835 1976 [ 6906C902F0E51AF117D14BDF3646A777 ] \Device\Harddisk0\DR0\Partition2 16:03:31.0835 1976 \Device\Harddisk0\DR0\Partition2 - ok 16:03:31.0866 1976 [ 4A6508FACEA94B9FCABE01BDC850863E ] \Device\Harddisk0\DR0\Partition3 16:03:31.0866 1976 \Device\Harddisk0\DR0\Partition3 - ok 16:03:31.0866 1976 [ A5E368D927EED6AD1F66C553D93DF29E ] \Device\Harddisk1\DR1\Partition1 16:03:31.0866 1976 \Device\Harddisk1\DR1\Partition1 - ok 16:03:31.0882 1976 [ 97EAEE194AEFFE2A63C3003479F45CA0 ] \Device\Harddisk5\DR5\Partition1 16:03:31.0882 1976 \Device\Harddisk5\DR5\Partition1 - ok 16:03:31.0882 1976 ============================================================ 16:03:31.0882 1976 Scan finished 16:03:31.0882 1976 ============================================================ 16:03:31.0882 1676 Detected object count: 3 16:03:31.0882 1676 Actual detected object count: 3 16:04:16.0077 1676 ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user 16:04:16.0077 1676 ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:04:16.0077 1676 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 16:04:16.0077 1676 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:04:16.0077 1676 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user 16:04:16.0077 1676 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip marha |
28.07.2013, 16:53 | #6 |
/// the machine /// TB-Ausbilder | TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 hi, Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 |
29.07.2013, 13:02 | #7 |
| TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Hallo, hier die Dateien Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-07-2013 Ran by Hamann Home at 2013-07-29 13:24:36 Running from N:\ Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ABBYY FineReader OCR Engine für ScanWizard Acrobat.com (Version: 1.6.65) Adobe AIR (Version: 1.5.0.7220) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader 9.5.5 MUI (Version: 9.5.5) Adobe Shockwave Player 11.5 (Version: 11.5.8.612) AIDAbella Designer 3.5 AIDAblu Designer 3.5 AIDAluna Designer 3.5 Ashampoo Photo Commander 7.60 (Version: 7.6.0) Ashampoo Slideshow Studio HD 2 2.0.5 (Version: 2.0.5) Ask Toolbar (Version: 1.15.4.0) ATI Catalyst Install Manager (Version: 3.0.778.0) Avira Free Antivirus (Version: 13.0.0.3884) Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.3.0.23930) Bing-Desktop (Version: 1.3.171.0) BrowserDefender Catalyst Control Center Graphics Previews Vista (Version: 2010.0527.1242.20909) Catalyst Control Center InstallProxy (Version: 2010.0527.1242.20909) Catalyst Control Center Localization All (Version: 2010.0527.1242.20909) CCC Help Danish (Version: 2010.0527.1241.20909) CCC Help Dutch (Version: 2010.0527.1241.20909) CCC Help English (Version: 2010.0527.1241.20909) CCC Help Finnish (Version: 2010.0527.1241.20909) CCC Help French (Version: 2010.0527.1241.20909) CCC Help German (Version: 2010.0527.1241.20909) CCC Help Italian (Version: 2010.0527.1241.20909) CCC Help Japanese (Version: 2010.0527.1241.20909) CCC Help Norwegian (Version: 2010.0527.1241.20909) CCC Help Spanish (Version: 2010.0527.1241.20909) CCC Help Swedish (Version: 2010.0527.1241.20909) ccc-core-static (Version: 2010.0527.1242.20909) ccc-utility (Version: 2010.0527.1242.20909) CorelDRAW Essentials 4 CorelDRAW Essentials 4 - Content (Version: 4.0) CorelDRAW Essentials 4 - Draw (Version: 4.0) CorelDRAW Essentials 4 - Filters (Version: 4.0) CorelDRAW Essentials 4 - ICA (Version: 4.0) CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0) CorelDRAW Essentials 4 - Lang BR (Version: 4.0) CorelDRAW Essentials 4 - Lang DE (Version: 4.0) CorelDRAW Essentials 4 - Lang EN (Version: 4.0) CorelDRAW Essentials 4 - Lang ES (Version: 4.0) CorelDRAW Essentials 4 - Lang FR (Version: 4.0) CorelDRAW Essentials 4 - Lang IT (Version: 4.0) CorelDRAW Essentials 4 - Lang NL (Version: 4.0) CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0) CorelDRAW Essentials 4 - Windows Shell Extension CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1) CorelDRAW Essentials 4 (Version: 4.0) CyberLink LabelPrint (Version: 2.5.2515) CyberLink Power2Go (Version: 6.1.3602c) CyberLink PowerDVD Copy (Version: 1.5.1306) D3DX10 (Version: 15.4.2368.0902) DATA BECKER Weihnachts-Druckerei DealPly (remove only) (Version: 4.8.6.1) Delta Chrome Toolbar Delta toolbar (Version: 1.8.22.0) Firebird SQL Server - MAGIX Edition (Version: 2.1.31.0) Fotogalerie (Version: 16.4.3508.0205) fotokasten comfort 4.4 Google Chrome (Version: 28.0.1500.72) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4209.2358) Google Update Helper (Version: 1.3.21.153) HP Product Detection (Version: 10.7.9.0) IB Updater Service (Version: 3.0.4.6) Incredibar Toolbar on IE Intel(R) Rapid Storage Technology (Version: 9.6.0.1014) IrfanView (remove only) (Version: 4.28) Java Auto Updater (Version: 2.0.2.4) Java(TM) 6 Update 21 (Version: 6.0.210) Junk Mail filter update (Version: 16.4.3508.0205) Konz 2012 (Version: 1.00.0000) Konz 2013 (Version: 1.00.0000) Lexware Info Service (Version: 2.70.00.0081) LyricXeeker MAGIX Content und Soundpools (Version: 1.0.0.0) MAGIX Foto Clinic 5.5 (D) (Version: 5.5.21.0) MAGIX Foto Manager 2007 (D) (Version: 4.0.0.109) MAGIX Foto Manager MX Deluxe (Version: 9.0.1.250) MAGIX Fotos auf CD & DVD 6 deluxe (D) (Version: 6.0.0.25) MAGIX Fotos auf DVD 2013 Deluxe (Version: 12.0.0.75) MAGIX Goya burnR (D) (Version: 1.3.0.6) MAGIX Goya burnR (MSI) (Version: 4.3.2.0) MAGIX Music Maker Soundtrack Edition (Version: 19.0.3.46) MAGIX Music Maker Soundtrack Edition Soundpools (Version: 1.0.0.0) MAGIX Music Manager 2006 (D) (Version: 7.2.0.133) MAGIX Online Druck Service (D) (Version: 2.3.2.0) MAGIX Slideshow Maker 2 (Version: 2.0.1.9) MAGIX Speed burnR (MSI) (Version: 7.0.2.6) Medion Home Cinema (Version: 6.0.0000) Mein CEWE FOTOBUCH (Version: 5.0.1) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000) Microsoft Picture It! Foto Premium 9 (Version: 9.0.0.0000) Microsoft Search Enhancement Pack (Version: 3.0.127.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft XML Parser (Version: 8.0.7820.0) Movie Maker (Version: 16.4.3508.0205) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) mufin player 2.5 (Version: 2.5.1.255) MyTomTom 3.0.2.286 (Version: 3.0.2.286) Open It! (Version: 1.1.1) PC Speed Up - Vollständige Deinstallation (Version: 3.2.5) Photo Common (Version: 16.4.3508.0205) Photo Gallery (Version: 16.4.3508.0205) PlayReady PC Runtime x86 (Version: 1.3.0) PMB (Version: 5.8.02.10270) Qtrax Connection Manager (HKCU Version: 20.13.07.02) Realtek Ethernet Controller Driver For Windows 7 (Version: 7.21.531.2010) Realtek High Definition Audio Driver (Version: 6.0.1.6136) Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0) Samsung New PC Studio (Version: 1.00.0000) SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0) ScanWizard 5 Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0) Steuer 2010 (Version: 17.05.00.0003) Steuer 2011 (Version: 19.00.7304) Steuer 2012 (Version: 20.00.8137) Text-To-Speech-Runtime (Version: 1.0.0.0) TomTom HOME (Version: 2.9.5) TomTom HOME Visual Studio Merge Modules (Version: 1.0.2) TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2) Ulead COOL 360 1.0 Ulead Photo Explorer 8.5 (Version: 8.5) Ulead PhotoImpact 10 (Version: 10.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Zip Opener Vasco da Gama 5 HDPro (Version: 5.20.0000) Visual Studio C++ 9.0 Runtime (Version: 1.0.0) Vita String Ensemble (Version: 1.0.0.0) Web Assistant 2.0.0.568 (Version: 2.0.0.568) Windows Internet Explorer 10 (Version: 10.0) Windows Live Communications Platform (Version: 16.4.3508.0205) Windows Live Essentials (Version: 16.4.3508.0205) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 16.4.3508.0205) Windows Live Mail (Version: 16.4.3508.0205) Windows Live Messenger (Version: 16.4.3508.0205) Windows Live MIME IFilter (Version: 16.4.3508.0205) Windows Live Photo Common (Version: 16.4.3508.0205) Windows Live PIMT Platform (Version: 16.4.3508.0205) Windows Live SOXE (Version: 16.4.3508.0205) Windows Live SOXE Definitions (Version: 16.4.3508.0205) Windows Live Sync (Version: 14.0.8117.416) Windows Live UX Platform (Version: 16.4.3508.0205) Windows Live UX Platform Language Pack (Version: 16.4.3508.0205) Windows Live Writer (Version: 16.4.3508.0205) Windows Live Writer Resources (Version: 16.4.3508.0205) Windows Media Encoder 9-Reihe Windows Media Encoder 9-Reihe (Version: 9.00.2980) WISO Mein Geld 2011 Professional WISO Mein Geld 2011 Professional (Version: 12.00.02.0024) ==================== Restore Points ========================= 20-07-2013 22:11:26 Geplanter Prüfpunkt 21-07-2013 10:33:31 Wiederherstellungsvorgang 26-07-2013 18:25:27 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {19D47F53-AB43-4D55-9A6C-9579DB7455A7} - System32\Tasks\User_Feed_Synchronization-{6FD6B1E2-4897-4FBF-B12A-1CE0337C37BA} => C:\Windows\system32\msfeedssync.exe [2013-03-19] (Microsoft Corporation) Task: {24D09079-F83B-4914-B935-409030D8E472} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {25056D5C-9CBB-4C39-9DB9-EB4B3E06AE2A} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation) Task: {28D17C08-11FB-4E22-923A-EDEDCAABC650} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {2A35AD7C-BDD5-4507-A80B-E57F13EEE232} - System32\Tasks\DigitalSite => C:\Users\HAMANN~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE [2013-04-12] () Task: {2B58BA85-D346-4175-89CA-5242F097AD88} - System32\Tasks\{2AD820F7-0956-487C-9D63-BAA32E0C3360} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2012-01-04] (Microsoft Corporation) Task: {2D402D53-1C71-4B3D-8B83-156F1A17399A} - System32\Tasks\LyricXeeker Update => C:\Program Files\LyriXeeker\LyriXupdate.exe [2013-07-27] (LyriXeeker Tech) Task: {4469970D-4A3B-45D5-8E24-C975B571B8A5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {6E906B4E-2371-4EBF-A1CA-EE369ABB0249} - System32\Tasks\DealPly => C:\Users\HAMANN~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE [2013-02-27] () Task: {980A9DF6-B1B8-4243-A5AD-E4829C276E91} - System32\Tasks\DealPlyUpdate => C:\Program No File Task: {B6B4C016-0637-4D38-A129-4C46D3EEBAA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-14] (Adobe Systems Incorporated) Task: {BA2B1898-46EF-4591-9062-9DD2DD626868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-07] (Google Inc.) Task: {C3CF4145-DACB-4F2F-8A27-8DE19FC4CA4F} - System32\Tasks\{B7A8734A-2305-4C43-8DA4-76A4E40072D4} => E:\DBSTART.EXE No File Task: {C3EE9375-E4F1-4EE9-AE82-D8D61DF83E17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-07] (Google Inc.) Task: {DD9915FC-A786-43A9-9647-3DF1E53AA571} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files\PC Speed Up\PCSUSD.exe [2013-01-04] () Task: {E8DC723B-BE97-4C4D-AEB9-D0B32F7383D4} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-06-20] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DigitalSite.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files\LyriXeeker\LyriXupdate.exe Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files\PC Speed Up\PCSUSD.exe ==================== Faulty Device Manager Devices ============= Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Semiconductor Corp. Service: RTL8192su Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/28/2013 11:20:32 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 28.0.1500.72, Zeitstempel: 0x51e03646 Name des fehlerhaften Moduls: chrome.dll, Version: 28.0.1500.72, Zeitstempel: 0x51e035ce Ausnahmecode: 0x80000003 Fehleroffset: 0x0060fdf6 ID des fehlerhaften Prozesses: 0x1270 Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 Error: (07/28/2013 10:42:40 PM) (Source: Application Hang) (User: ) Description: Programm iexplore.exe, Version 10.0.9200.16635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 117c Startzeit: 01ce8bd2886fcd4f Endzeit: 16 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error: (07/28/2013 10:31:39 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 28.0.1500.72, Zeitstempel: 0x51e03646 Name des fehlerhaften Moduls: chrome.dll, Version: 28.0.1500.72, Zeitstempel: 0x51e035ce Ausnahmecode: 0x80000003 Fehleroffset: 0x0060fdf6 ID des fehlerhaften Prozesses: 0x1334 Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 Error: (07/28/2013 04:10:48 PM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error: (07/28/2013 00:35:28 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 9.5.5.316, Zeitstempel: 0x518ac179 Name des fehlerhaften Moduls: AcroRd32.dll, Version: 9.5.5.316, Zeitstempel: 0x518aacc2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002021da ID des fehlerhaften Prozesses: 0x44c Startzeit der fehlerhaften Anwendung: 0xAcroRd32.exe0 Pfad der fehlerhaften Anwendung: AcroRd32.exe1 Pfad des fehlerhaften Moduls: AcroRd32.exe2 Berichtskennung: AcroRd32.exe3 Error: (07/28/2013 00:04:05 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (07/28/2013 11:39:47 AM) (Source: CVHSVC) (User: ) Description: Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error: (07/27/2013 03:34:46 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 28.0.1500.72, Zeitstempel: 0x51e03646 Name des fehlerhaften Moduls: chrome.dll, Version: 28.0.1500.72, Zeitstempel: 0x51e035ce Ausnahmecode: 0x80000003 Fehleroffset: 0x0060fdf6 ID des fehlerhaften Prozesses: 0x11d8 Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 Error: (07/26/2013 08:22:39 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 28.0.1500.72, Zeitstempel: 0x51e03646 Name des fehlerhaften Moduls: chrome.dll, Version: 28.0.1500.72, Zeitstempel: 0x51e035ce Ausnahmecode: 0x80000003 Fehleroffset: 0x0060fdf6 ID des fehlerhaften Prozesses: 0x1594 Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 Error: (07/26/2013 08:22:34 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 28.0.1500.72, Zeitstempel: 0x51e03646 Name des fehlerhaften Moduls: chrome.dll, Version: 28.0.1500.72, Zeitstempel: 0x51e035ce Ausnahmecode: 0x80000003 Fehleroffset: 0x0060fdf6 ID des fehlerhaften Prozesses: 0x8c0 Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 System errors: ============= Error: (07/29/2013 01:18:34 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PC Speed Up Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/29/2013 01:18:34 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst PC Speed Up Service erreicht. Error: (07/28/2013 11:16:10 PM) (Source: DCOM) (User: ) Description: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} Error: (07/28/2013 11:12:14 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PC Speed Up Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/28/2013 11:12:14 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst PC Speed Up Service erreicht. Error: (07/28/2013 10:45:40 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147014847 Error: (07/28/2013 10:45:38 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PC Speed Up Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/28/2013 10:45:38 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst PC Speed Up Service erreicht. Error: (07/28/2013 10:30:41 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PC Speed Up Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/28/2013 10:30:41 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst PC Speed Up Service erreicht. Microsoft Office Sessions: ========================= Error: (07/28/2013 11:20:32 PM) (Source: Application Error)(User: ) Description: chrome.exe28.0.1500.7251e03646chrome.dll28.0.1500.7251e035ce800000030060fdf6127001ce8bd845580850C:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\28.0.1500.72\chrome.dll88c12044-f7cb-11e2-8f4f-6c626d8d43fa Error: (07/28/2013 10:42:40 PM) (Source: Application Hang)(User: ) Description: iexplore.exe10.0.9200.16635117c01ce8bd2886fcd4f16C:\Program Files\Internet Explorer\iexplore.exe Error: (07/28/2013 10:31:39 PM) (Source: Application Error)(User: ) Description: chrome.exe28.0.1500.7251e03646chrome.dll28.0.1500.7251e035ce800000030060fdf6133401ce8bd171725d45C:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\28.0.1500.72\chrome.dllb413a597-f7c4-11e2-aead-6c626d8d43fa Error: (07/28/2013 04:10:48 PM) (Source: CVHSVC)(User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error: (07/28/2013 00:35:28 PM) (Source: Application Error)(User: ) Description: AcroRd32.exe9.5.5.316518ac179AcroRd32.dll9.5.5.316518aacc2c0000005002021da44c01ce8b7e2c036f27C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exeC:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll6b33fa51-f771-11e2-835d-6c626d8d43fa Error: (07/28/2013 00:04:05 PM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (07/28/2013 11:39:47 AM) (Source: CVHSVC)(User: ) Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error: (07/27/2013 03:34:46 PM) (Source: Application Error)(User: ) Description: chrome.exe28.0.1500.7251e03646chrome.dll28.0.1500.7251e035ce800000030060fdf611d801ce8ace0b158c73C:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\28.0.1500.72\chrome.dll4ce83ee4-f6c1-11e2-a741-6c626d8d43fa Error: (07/26/2013 08:22:39 PM) (Source: Application Error)(User: ) Description: chrome.exe28.0.1500.7251e03646chrome.dll28.0.1500.7251e035ce800000030060fdf6159401ce8a2d1b0fa6b0C:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\28.0.1500.72\chrome.dll5a4494a7-f620-11e2-be0c-6c626d8d43fa Error: (07/26/2013 08:22:34 PM) (Source: Application Error)(User: ) Description: chrome.exe28.0.1500.7251e03646chrome.dll28.0.1500.7251e035ce800000030060fdf68c001ce8a2d16e100caC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\28.0.1500.72\chrome.dll57339fa9-f620-11e2-be0c-6c626d8d43fa ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 3063.11 MB Available physical RAM: 2076.08 MB Total Pagefile: 6124.52 MB Available Pagefile: 4983.06 MB Total Virtual: 2047.88 MB Available Virtual: 1900.28 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:1356.17 GB) (Free:1289.12 GB) NTFS Drive d: (Recover) (Fixed) (Total:40 GB) (Free:20.99 GB) NTFS Drive i: (HDDRIVE2GO) (Fixed) (Total:931.28 GB) (Free:843.9 GB) FAT32 Drive n: (INTENSO) (Removable) (Total:0.94 GB) (Free:0.53 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1397 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=-742852132864) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 1 (Size: 932 GB) (Disk ID: B3EBB1FA) Partition 1: (Not Active) - (Size=932 GB) - (Type=0C) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 967 MB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=967 MB) - (Type=06) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013 Ran by Hamann Home (administrator) on 29-07-2013 13:23:13 Running from N:\ Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe () C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (Microsoft Corporation) C:\Windows\system32\schtasks.exe () C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (Teruten) C:\Windows\system32\FsUsbExService.Exe () C:\Windows\system32\dmwu.exe (Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Ask) C:\Program Files\Ask.com\Updater\Updater.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe () C:\Users\Hamann Home\Qtrax\Player\notification.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE () C:\Windows\System32\jmdp\stij.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor) HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM\...\Run: [] - [x] HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1568976 2012-06-20] (Ask) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.) HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe [44544 2009-07-14] (Microsoft Corporation) <===== ATTENTION HKCU\...\Run: [QtraxNotification] - C:\Users\Hamann Home\Qtrax\Player\Notification.exe [110888 2013-07-08] () MountPoints2: {0bff7729-0258-11e0-91e2-806e6f6e6963} - E:\setup.exe HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] () HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x] HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] () HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x] ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A06E6C626D8D43FA&affID=119357&tsp=4957 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A06E6C626D8D43FA&affID=119357&tsp=4957 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2529008 SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A06E6C626D8D43FA&affID=119357&tsp=4957 SearchScopes: HKCU - {9DC45FD7-62FB-40D1-BED2-6400ABAFA665} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=80001938-a1cd-4612-8eaf-d739ede48bb0&apn_sauid=E144A445-CBF9-4C2E-A1B8-6E9E498AC8FA SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2529008 SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb161/?search={searchTerms}&loc=IB_DS&a=6OyErDOw04&i=26 BHO: LyricXeeker - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files\LyriXeeker\125.dll (LyriXeeker Tech) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com) BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle) BHO: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly) Toolbar: HKLM - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - No File Toolbar: HKCU -No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab DPF: {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A06E6C626D8D43FA&affID=119357&tsp=4957 CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A06E6C626D8D43FA&affID=119357&tsp=4957" CHR DefaultSearchURL: (Ask) - hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=80001938-a1cd-4612-8eaf-d739ede48bb0&apn_ptnrs=%5EABT&apn_sauid=E144A445-CBF9-4C2E-A1B8-6E9E498AC8FA&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms} CHR DefaultSuggestURL: (Ask) - hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.210.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Oracle) CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR HKLM\...\Chrome\Extension: [aaaangaohdajkgeopjhpbnlpkehbhmbj] - C:\Users\Hamann Home\AppData\Local\APN\GoogleCRXs\aaaangaohdajkgeopjhpbnlpkehbhmbj_7.15.4.0.crx CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Hamann Home\AppData\Roaming\BabSolution\CR\Delta.crx CHR HKLM\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files\LyriXeeker\125.crx ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG) R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.) R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] () R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1156400 2013-04-07] () S2 PCSUService; C:\Program Files\PC Speed Up\PCSUService.exe [323008 2013-01-04] () R2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-31] () ==================== Drivers (Whitelisted) ==================== R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-09-23] (Protect Software GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-20] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-20] (Avira Operations GmbH & Co. KG) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-29 13:23 - 2013-07-29 13:23 - 00000000 ____D C:\FRST 2013-07-28 22:47 - 2013-07-28 22:47 - 00000000 ____D C:\Program Files\LyriXeeker 2013-07-28 22:06 - 2013-07-29 13:21 - 00000376 _____ C:\Windows\Tasks\LyricXeeker Update.job 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Users\Hamann Home\Qtrax 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\DealPly 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Program Files\DealPly 2013-07-28 22:04 - 2013-07-28 22:47 - 00001072 _____ C:\Users\Public\Desktop\Open It!.lnk 2013-07-28 22:04 - 2013-07-28 22:06 - 00000000 ____D C:\Windows\system32\Extensions 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Windows\system32\searchplugins 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Delta 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\BabSolution 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Program Files\OpenIt 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Program Files\Delta 2013-07-28 22:03 - 2013-07-28 22:03 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Babylon 2013-07-28 22:03 - 2013-07-28 22:03 - 00000000 ____D C:\ProgramData\Babylon 2013-07-28 22:02 - 2013-07-28 23:12 - 00000310 _____ C:\Windows\Tasks\DigitalSite.job 2013-07-28 22:02 - 2013-07-28 22:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\DigitalSite 2013-07-26 20:26 - 2013-07-26 20:29 - 00000000 ____D C:\Windows\system32\MRT 2013-07-14 16:54 - 2013-07-14 16:54 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Amazon 2013-07-14 16:52 - 2013-07-14 16:52 - 00000000 ____D C:\Users\Hamann Home\Documents\Amazon MP3 2013-07-12 01:12 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-12 01:12 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-12 01:12 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-12 01:12 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-11 22:37 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 22:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 22:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 22:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-02 22:15 - 2013-07-02 22:17 - 00055808 ___SH C:\Users\Public\Documents\Thumbs.db ==================== One Month Modified Files and Folders ======= 2013-07-29 13:23 - 2013-07-29 13:23 - 00000000 ____D C:\FRST 2013-07-29 13:21 - 2013-07-28 22:06 - 00000376 _____ C:\Windows\Tasks\LyricXeeker Update.job 2013-07-29 13:18 - 2010-12-07 16:28 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-29 13:18 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-29 13:18 - 2009-07-14 06:39 - 00013893 _____ C:\Windows\setupact.log 2013-07-28 23:31 - 2010-12-07 16:23 - 01383699 _____ C:\Windows\WindowsUpdate.log 2013-07-28 23:19 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-28 23:19 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-28 23:12 - 2013-07-28 22:02 - 00000310 _____ C:\Windows\Tasks\DigitalSite.job 2013-07-28 22:47 - 2013-07-28 22:47 - 00000000 ____D C:\Program Files\LyriXeeker 2013-07-28 22:47 - 2013-07-28 22:04 - 00001072 _____ C:\Users\Public\Desktop\Open It!.lnk 2013-07-28 22:38 - 2010-12-07 16:28 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Users\Hamann Home\Qtrax 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\DealPly 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Program Files\DealPly 2013-07-28 22:06 - 2013-07-28 22:04 - 00000000 ____D C:\Windows\system32\Extensions 2013-07-28 22:06 - 2010-12-07 16:32 - 00000000 ____D C:\Users\Hamann Home 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Windows\system32\searchplugins 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Delta 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\BabSolution 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\ProgramData\BrowserDefender 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Program Files\OpenIt 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Program Files\Delta 2013-07-28 22:04 - 2013-05-21 18:56 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-28 22:03 - 2013-07-28 22:03 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Babylon 2013-07-28 22:03 - 2013-07-28 22:03 - 00000000 ____D C:\ProgramData\Babylon 2013-07-28 22:02 - 2013-07-28 22:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\DigitalSite 2013-07-28 12:56 - 2012-04-02 10:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-28 12:05 - 2013-01-26 13:17 - 00000328 _____ C:\Windows\Tasks\PC SpeedUp Service Deactivator.job 2013-07-28 11:38 - 2010-08-28 02:49 - 01500254 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-26 20:29 - 2013-07-26 20:26 - 00000000 ____D C:\Windows\system32\MRT 2013-07-26 15:35 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-26 15:28 - 2013-04-28 09:32 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-07-26 15:28 - 2013-01-26 13:17 - 00000000 ____D C:\Users\Hamann Home\Documents\PCSpeedUp 2013-07-26 15:28 - 2012-09-28 00:21 - 00000000 ____D C:\Users\HAMANN~1\AppData\Local\MAGIX_AG 2013-07-26 15:28 - 2012-09-27 14:12 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\simplitec 2013-07-26 15:28 - 2012-09-27 14:10 - 00000000 ____D C:\Users\Hamann Home\Documents\MAGIX 2013-07-26 15:28 - 2012-09-25 12:48 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDAblu Designer 2013-07-26 15:28 - 2012-09-19 22:25 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDAbella Designer 2013-07-26 15:28 - 2012-07-19 19:40 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDA Designer 2013-07-26 15:28 - 2012-07-19 19:30 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDAluna Designer 2013-07-26 15:28 - 2012-01-12 12:46 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo 2013-07-26 15:28 - 2011-12-08 22:30 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DATA BECKER 2013-07-26 15:28 - 2011-12-08 20:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GraphicCorp 2013-07-26 15:28 - 2011-05-15 14:14 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MM-Sprachkurs 2013-07-26 15:28 - 2011-05-15 14:14 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euroglot 2013-07-26 15:28 - 2011-04-07 12:28 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\FreeAudioPack 2013-07-26 15:28 - 2011-01-22 21:33 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\IrfanView 2013-07-26 15:28 - 2010-12-08 18:25 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Buhl Data Service 2013-07-26 15:28 - 2010-12-07 19:17 - 00000000 ___RD C:\Users\Hamann Home\Documents\My Stationery 2013-07-26 15:28 - 2010-12-07 16:32 - 00000000 ___RD C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-07-26 15:28 - 2010-12-07 16:32 - 00000000 ___RD C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-07-26 15:28 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat 2013-07-21 12:38 - 2010-12-07 20:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\SoftGrid Client 2013-07-21 12:38 - 2010-12-07 16:32 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Macromedia 2013-07-21 12:36 - 2010-12-07 16:39 - 00000000 ____D C:\Users\HAMANN~1\AppData\Local\Google 2013-07-21 12:36 - 2010-12-07 16:28 - 00000000 ____D C:\Program Files\Google 2013-07-14 16:54 - 2013-07-14 16:54 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Amazon 2013-07-14 16:52 - 2013-07-14 16:52 - 00000000 ____D C:\Users\Hamann Home\Documents\Amazon MP3 2013-07-12 11:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-12 10:34 - 2009-07-14 06:33 - 00475128 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-12 10:32 - 2010-08-30 18:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-12 10:32 - 2009-07-14 09:49 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-10 08:44 - 2010-08-30 11:48 - 01558336 _____ C:\Windows\PFRO.log 2013-07-08 15:59 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-07-03 10:24 - 2013-06-26 20:12 - 00000000 ____D C:\Users\HAMANN~1\AppData\Local\Windows Live 2013-07-02 22:17 - 2013-07-02 22:15 - 00055808 ___SH C:\Users\Public\Documents\Thumbs.db Files to move or delete: ==================== C:\Windows\system32\rundll32.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\de-DE => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-07-28 12:03 ==================== End Of Log ============================ [/CODE] Neuer Avira Fund 28.7.2013: Users/Hamann/AppData/Local.../uninstaller.exe Programm ADWARE/instellLore.Gen Gruß marha |
29.07.2013, 15:26 | #8 |
/// the machine /// TB-Ausbilder | TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe [44544 2009-07-14] (Microsoft Corporation) <===== ATTENTION HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] () HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x] HKU\Default User\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] () HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x] C:\Windows\system32\rundll32.exe DeleteJunctionsIndirectory: C:\Program Files\Windows Defender Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.07.2013, 18:55 | #9 |
| TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Hallo, auch das hab ich geschafft, die Datei: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-07-2013 Ran by Hamann Home at 2013-07-29 19:21:12 Run:1 Running from N:\ Boot Mode: Normal ============================================== HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NTRedirect] - C:\Windows\system32\rundll32.exe [44544 2009-07-14 => Value not found. HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKCU => Value deleted successfully. HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Screensaver => Value deleted successfully. HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKCU => Value not found. HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Screensaver => Value not found. Could not move "C:\Windows\system32\rundll32.exe" => Scheduled to move on reboot. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\de-DE" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. marha |
29.07.2013, 20:08 | #10 | |
/// the machine /// TB-Ausbilder | TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Supi Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.07.2013, 11:18 | #11 |
| TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Hallo, Fenster von Combofix -blau unterlegt- Administrator: Letzten 4 Zeilen: Lösche Ordner C:\Internet Explorer C:\Program Files\DealPly C:\Program Files\Incredibar.com Cursor blinkt seit ca. 1 Stunde und was nun? Gruß marha Geändert von marha (30.07.2013 um 11:20 Uhr) Grund: 1.Beitrag wurde mir nicht angezeigt. |
30.07.2013, 13:51 | #12 |
/// the machine /// TB-Ausbilder | TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Combofix beenden. Rechner neu starten. Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.07.2013, 12:33 | #13 |
| TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Hallo, da habe ich gedacht, als Rentner muß man nicht mehr arbeiten.... Hier die Resultate: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.31.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 Hamann Home :: HAMANNHOME-PC [Administrator] Schutz: Aktiviert 31.07.2013 12:52:04 mbam-log-2013-07-31 (12-52-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 219066 Laufzeit: 5 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 1088 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 12 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lyrix@lyrixeeker.co (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NTRedirect (PUP.Optional.A.BabSolution) -> Daten: C:\Windows\system32\rundll32.exe "C:\Users\Hamann Home\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 3 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (Adware.BProtector) -> Bösartig: (c:\PROGRA~2\BROWSE~1\261339~1.144\{C16C1~1\BROWSE~1.DLL) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bösartig: (c:\PROGRA~2\BROWSE~1\261339~1.144\{C16C1~1\BROWSE~1.DLL) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A06E6C626D8D43FA&affID=119357&tsp=4957) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 13 C:\Users\Hamann Home\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1339.144 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\Users\Hamann Home\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.22.0 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.22.0\bh (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 45 C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (Adware.BProtector) -> Löschen bei Neustart. C:\Users\Hamann Home\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\chrome.manifest (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\125.crx (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\125.dat (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\125.xpi (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\LyriXupdate.exe (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\sqlite3.dll (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\LyriXeeker\Uninstall.exe (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\LyricXeeker Update.job (PUP.Optional.Lyrixeeker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.A.BabSolution) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\Users\Hamann Home\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hamann Home\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.22.0\deltaApp.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.22.0\deltaEng.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.22.0\deltasrv.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.22.0\GUninstaller.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Delta\delta\1.8.22.0\uninstall.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 31/07/2013 um 13:11:06 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : Hamann Home - HAMANNHOME-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Hamann Home\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : PCSUService Gestoppt & Gelöscht : Web Assistant ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\user.js Datei Gelöscht : C:\Users\Hamann Home\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences Datei Gelöscht : C:\Windows\system32\ImhxxpComm.dll Gelöscht mit Neustart : C:\Users\Hamann Home\AppData\Local\APN Gelöscht mit Neustart : C:\Users\Hamann Home\AppData\Local\AskToolbar Ordner Gelöscht : C:\Program Files\Ask.com Ordner Gelöscht : C:\Program Files\delta Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Ordner Gelöscht : C:\Program Files\Web Assistant Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\BrowserDefender Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Users\Hamann Home\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Hamann Home\AppData\Roaming\delta Ordner Gelöscht : C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender Ordner Gelöscht : C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Ordner Gelöscht : C:\Windows\system32\ARFC Ordner Gelöscht : C:\Windows\system32\jmdp Ordner Gelöscht : C:\Windows\system32\WNLT ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\a6d88ce03fb914 Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\BabSolution Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\DealPly Schlüssel Gelöscht : HKCU\Software\Delta Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\WNLT Schlüssel Gelöscht : HKLM\SOFTWARE\a6d88ce03fb914 Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2} Schlüssel Gelöscht : HKLM\Software\DealPly Schlüssel Gelöscht : HKLM\Software\Delta Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Schlüssel Gelöscht : HKLM\Software\incredibar.com Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT Schlüssel Gelöscht : HKLM\Software\Web Assistant Schlüssel Gelöscht : HKLM\Software\WNLT Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v28.0.1500.72 Datei : C:\Users\Hamann Home\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.30] : icon_url = "hxxp://www.ask.com/favicon.ico", Gelöscht [l.33] : keyword = "ask.com", Gelöscht [l.37] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=d[...] Gelöscht [l.38] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...] Gelöscht [l.2276] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A06E6C626D8D43FA&affID=119357&tsp=[...] Gelöscht [l.3037] : urls_to_restore_on_startup ="session": {"restore_on_startup": 4, [ "hxxp://www1.delta-search.co[...] ************************* AdwCleaner[S1].txt - [15995 octets] - [31/07/2013 13:11:06] ########## EOF - C:\AdwCleaner[S1].txt - [16056 octets] ########## [/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.9 (07.30.2013:1) OS: Windows 7 Home Premium x86 Ran by Hamann Home on 31.07.2013 at 13:17:53,13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9DC45FD7-62FB-40D1-BED2-6400ABAFA665} ~~~ Files Successfully deleted: [File] C:\Windows\system32\sho27E4.tmp Successfully deleted: [File] C:\Windows\system32\shoC689.tmp ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\simplitec" Successfully deleted: [Folder] "C:\Program Files\pc speed up" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 31.07.2013 at 13:18:44,92 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013 Ran by Hamann Home (administrator) on 31-07-2013 13:22:28 Running from C:\Users\Hamann Home\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Teruten) C:\Windows\system32\FsUsbExService.Exe (Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor) HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM\...\Run: [] - [x] HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.) HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [QtraxNotification] - C:\Users\Hamann Home\Qtrax\Player\Notification.exe [110888 2013-07-08] () ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - No File DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab DPF: {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: (Ask) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.210.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Oracle) CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR HKLM\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files\LyriXeeker\125.crx ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG) R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-09-23] (Protect Software GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-20] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-20] (Avira Operations GmbH & Co. KG) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation) S3 catchme; \??\C:\Users\HAMANN~1\AppData\Local\Temp\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-31 13:20 - 2013-07-29 13:12 - 01221130 _____ (Farbar) C:\Users\Hamann Home\Desktop\FRST.exe 2013-07-31 13:18 - 2013-07-31 13:18 - 00001596 _____ C:\Users\Hamann Home\Desktop\JRT.txt 2013-07-31 13:17 - 2013-07-31 13:17 - 00000000 ____D C:\Windows\ERUNT 2013-07-31 13:16 - 2013-07-31 13:15 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Hamann Home\Desktop\JRT.exe 2013-07-31 13:11 - 2013-07-31 13:11 - 00016126 _____ C:\AdwCleaner[S1].txt 2013-07-31 13:11 - 2013-07-31 13:11 - 00000167 _____ C:\Windows\DeleteOnReboot.bat 2013-07-31 13:10 - 2013-07-31 13:08 - 00666633 _____ C:\Users\Hamann Home\Desktop\adwcleaner.exe 2013-07-31 12:48 - 2013-07-31 12:48 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Malwarebytes 2013-07-31 12:47 - 2013-07-31 12:47 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-31 12:47 - 2013-07-31 12:47 - 00000058 _____ C:\Users\Hamann Home\AppData\Roaming\WB.CFG 2013-07-31 12:47 - 2013-07-31 12:47 - 00000005 _____ C:\Users\Hamann Home\AppData\Roaming\WBPU-TTL.DAT 2013-07-31 12:47 - 2013-07-31 12:47 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-31 12:47 - 2013-07-31 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-31 12:47 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-07-30 10:40 - 2013-07-30 10:49 - 00000000 ___SD C:\ComboFix 2013-07-30 10:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-07-30 10:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-07-30 10:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-07-30 10:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-07-30 10:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-07-30 10:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-07-30 10:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-07-30 10:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-07-30 10:39 - 2013-07-31 13:00 - 00000000 ____D C:\Windows\erdnt 2013-07-30 10:39 - 2013-07-30 10:40 - 00000000 ____D C:\Qoobox 2013-07-30 10:39 - 2013-07-30 10:35 - 05095176 ____R (Swearware) C:\Users\Hamann Home\Desktop\ComboFix.exe 2013-07-29 13:23 - 2013-07-31 13:22 - 00000000 ____D C:\FRST 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Users\Hamann Home\Qtrax 2013-07-28 22:04 - 2013-07-28 22:06 - 00000000 ____D C:\Windows\system32\Extensions 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Windows\system32\searchplugins 2013-07-28 22:02 - 2013-07-31 12:47 - 00000310 _____ C:\Windows\Tasks\DigitalSite.job 2013-07-28 22:02 - 2013-07-28 22:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\DigitalSite 2013-07-26 20:26 - 2013-07-26 20:29 - 00000000 ____D C:\Windows\system32\MRT 2013-07-14 16:54 - 2013-07-14 16:54 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Amazon 2013-07-14 16:52 - 2013-07-14 16:52 - 00000000 ____D C:\Users\Hamann Home\Documents\Amazon MP3 2013-07-12 01:12 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-12 01:12 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-12 01:12 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-12 01:12 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-11 22:37 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 22:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 22:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 22:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-02 22:15 - 2013-07-02 22:17 - 00055808 ___SH C:\Users\Public\Documents\Thumbs.db ==================== One Month Modified Files and Folders ======= 2013-07-31 13:22 - 2013-07-29 13:23 - 00000000 ____D C:\FRST 2013-07-31 13:19 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-31 13:19 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-31 13:18 - 2013-07-31 13:18 - 00001596 _____ C:\Users\Hamann Home\Desktop\JRT.txt 2013-07-31 13:17 - 2013-07-31 13:17 - 00000000 ____D C:\Windows\ERUNT 2013-07-31 13:15 - 2013-07-31 13:16 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Hamann Home\Desktop\JRT.exe 2013-07-31 13:12 - 2010-12-07 16:28 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-31 13:12 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-31 13:12 - 2009-07-14 06:39 - 00014285 _____ C:\Windows\setupact.log 2013-07-31 13:11 - 2013-07-31 13:11 - 00016126 _____ C:\AdwCleaner[S1].txt 2013-07-31 13:11 - 2013-07-31 13:11 - 00000167 _____ C:\Windows\DeleteOnReboot.bat 2013-07-31 13:11 - 2010-12-07 16:23 - 01441386 _____ C:\Windows\WindowsUpdate.log 2013-07-31 13:08 - 2013-07-31 13:10 - 00666633 _____ C:\Users\Hamann Home\Desktop\adwcleaner.exe 2013-07-31 13:04 - 2013-07-30 10:39 - 00000000 ____D C:\Windows\erdnt 2013-07-31 13:04 - 2010-08-30 11:48 - 01610340 _____ C:\Windows\PFRO.log 2013-07-31 12:56 - 2012-04-02 10:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-31 12:49 - 2010-12-07 16:32 - 00000000 ____D C:\Users\Hamann Home 2013-07-31 12:48 - 2013-07-31 12:48 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Malwarebytes 2013-07-31 12:47 - 2013-07-31 12:47 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-31 12:47 - 2013-07-31 12:47 - 00000058 _____ C:\Users\Hamann Home\AppData\Roaming\WB.CFG 2013-07-31 12:47 - 2013-07-31 12:47 - 00000005 _____ C:\Users\Hamann Home\AppData\Roaming\WBPU-TTL.DAT 2013-07-31 12:47 - 2013-07-31 12:47 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-31 12:47 - 2013-07-31 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-31 12:47 - 2013-07-28 22:02 - 00000310 _____ C:\Windows\Tasks\DigitalSite.job 2013-07-31 12:38 - 2010-12-07 16:28 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-30 10:49 - 2013-07-30 10:40 - 00000000 ___SD C:\ComboFix 2013-07-30 10:40 - 2013-07-30 10:39 - 00000000 ____D C:\Qoobox 2013-07-30 10:35 - 2013-07-30 10:39 - 05095176 ____R (Swearware) C:\Users\Hamann Home\Desktop\ComboFix.exe 2013-07-29 19:42 - 2013-01-26 13:17 - 00000328 _____ C:\Windows\Tasks\PC SpeedUp Service Deactivator.job 2013-07-29 13:12 - 2013-07-31 13:20 - 01221130 _____ (Farbar) C:\Users\Hamann Home\Desktop\FRST.exe 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Users\Hamann Home\Qtrax 2013-07-28 22:06 - 2013-07-28 22:04 - 00000000 ____D C:\Windows\system32\Extensions 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Windows\system32\searchplugins 2013-07-28 22:04 - 2013-05-21 18:56 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-28 22:02 - 2013-07-28 22:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\DigitalSite 2013-07-28 11:38 - 2010-08-28 02:49 - 01500254 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-26 20:29 - 2013-07-26 20:26 - 00000000 ____D C:\Windows\system32\MRT 2013-07-26 15:35 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-26 15:28 - 2013-04-28 09:32 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-07-26 15:28 - 2013-01-26 13:17 - 00000000 ____D C:\Users\Hamann Home\Documents\PCSpeedUp 2013-07-26 15:28 - 2012-09-28 00:21 - 00000000 ____D C:\Users\HAMANN~1\AppData\Local\MAGIX_AG 2013-07-26 15:28 - 2012-09-27 14:12 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\simplitec 2013-07-26 15:28 - 2012-09-27 14:10 - 00000000 ____D C:\Users\Hamann Home\Documents\MAGIX 2013-07-26 15:28 - 2012-09-25 12:48 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDAblu Designer 2013-07-26 15:28 - 2012-09-19 22:25 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDAbella Designer 2013-07-26 15:28 - 2012-07-19 19:40 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDA Designer 2013-07-26 15:28 - 2012-07-19 19:30 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDAluna Designer 2013-07-26 15:28 - 2012-01-12 12:46 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo 2013-07-26 15:28 - 2011-12-08 22:30 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DATA BECKER 2013-07-26 15:28 - 2011-12-08 20:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GraphicCorp 2013-07-26 15:28 - 2011-05-15 14:14 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MM-Sprachkurs 2013-07-26 15:28 - 2011-05-15 14:14 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euroglot 2013-07-26 15:28 - 2011-04-07 12:28 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\FreeAudioPack 2013-07-26 15:28 - 2011-01-22 21:33 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\IrfanView 2013-07-26 15:28 - 2010-12-08 18:25 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Buhl Data Service 2013-07-26 15:28 - 2010-12-07 19:17 - 00000000 ___RD C:\Users\Hamann Home\Documents\My Stationery 2013-07-26 15:28 - 2010-12-07 16:32 - 00000000 ___RD C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-07-26 15:28 - 2010-12-07 16:32 - 00000000 ___RD C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-07-26 15:28 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat 2013-07-21 12:38 - 2010-12-07 20:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\SoftGrid Client 2013-07-21 12:38 - 2010-12-07 16:32 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Macromedia 2013-07-21 12:36 - 2010-12-07 16:39 - 00000000 ____D C:\Users\HAMANN~1\AppData\Local\Google 2013-07-21 12:36 - 2010-12-07 16:28 - 00000000 ____D C:\Program Files\Google 2013-07-14 16:54 - 2013-07-14 16:54 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Amazon 2013-07-14 16:52 - 2013-07-14 16:52 - 00000000 ____D C:\Users\Hamann Home\Documents\Amazon MP3 2013-07-12 11:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-12 10:34 - 2009-07-14 06:33 - 00475128 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-12 10:32 - 2010-08-30 18:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-12 10:32 - 2009-07-14 09:49 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-08 15:59 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-07-03 10:24 - 2013-06-26 20:12 - 00000000 ____D C:\Users\HAMANN~1\AppData\Local\Windows Live 2013-07-02 22:17 - 2013-07-02 22:15 - 00055808 ___SH C:\Users\Public\Documents\Thumbs.db ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-28 12:03 ==================== End Of Log ============================ Ist mein gutes Gefühl berechtigt? Gruß marha |
31.07.2013, 15:30 | #14 | |
/// the machine /// TB-Ausbilder | TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12Zitat:
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
un dein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.07.2013, 21:13 | #15 |
| TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 Hallo, hier die Ergebnisse: Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=6ed6f2b6f28aa24ea6a161a02fef8c90 # engine=14605 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-31 07:21:41 # local_time=2013-07-31 09:21:41 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 256647 240721791 249435 0 # compatibility_mode=5893 16776574 100 94 453194 126929692 0 0 # scanned=333327 # found=0 # cleaned=0 # scan_time=4936 Code:
ATTFilter Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities Language Pack (de-DE) Java(TM) 6 Update 21 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 21.0 Firefox out of Date! Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013 Ran by Hamann Home (administrator) on 31-07-2013 21:46:48 Running from C:\Users\Hamann Home\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Teruten) C:\Windows\system32\FsUsbExService.Exe (Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor) HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM\...\Run: [] - [x] HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.) HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [QtraxNotification] - C:\Users\Hamann Home\Qtrax\Player\Notification.exe [110888 2013-07-08] () ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -No Name - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - No File DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab DPF: {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchURL: (Ask) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.210.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Oracle) CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR HKLM\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files\LyriXeeker\125.crx ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG) R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R2 ACEDRV07; C:\Windows\system32\drivers\ACEDRV07.sys [101376 2012-09-23] (Protect Software GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-20] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-20] (Avira Operations GmbH & Co. KG) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation) S3 catchme; \??\C:\Users\HAMANN~1\AppData\Local\Temp\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-31 21:41 - 2013-07-31 21:39 - 00891098 _____ C:\Users\Hamann Home\Desktop\SecurityCheck.exe 2013-07-31 19:53 - 2013-07-31 19:44 - 02347384 _____ (ESET) C:\Users\Hamann Home\Desktop\esetsmartinstaller_enu.exe 2013-07-31 13:20 - 2013-07-29 13:12 - 01221130 _____ (Farbar) C:\Users\Hamann Home\Desktop\FRST.exe 2013-07-31 13:18 - 2013-07-31 13:18 - 00001596 _____ C:\Users\Hamann Home\Desktop\JRT.txt 2013-07-31 13:17 - 2013-07-31 13:17 - 00000000 ____D C:\Windows\ERUNT 2013-07-31 13:16 - 2013-07-31 13:15 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Hamann Home\Desktop\JRT.exe 2013-07-31 13:11 - 2013-07-31 13:11 - 00016126 _____ C:\AdwCleaner[S1].txt 2013-07-31 13:11 - 2013-07-31 13:11 - 00000167 _____ C:\Windows\DeleteOnReboot.bat 2013-07-31 13:10 - 2013-07-31 13:08 - 00666633 _____ C:\Users\Hamann Home\Desktop\adwcleaner.exe 2013-07-31 12:48 - 2013-07-31 12:48 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Malwarebytes 2013-07-31 12:47 - 2013-07-31 12:47 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-31 12:47 - 2013-07-31 12:47 - 00000058 _____ C:\Users\Hamann Home\AppData\Roaming\WB.CFG 2013-07-31 12:47 - 2013-07-31 12:47 - 00000005 _____ C:\Users\Hamann Home\AppData\Roaming\WBPU-TTL.DAT 2013-07-31 12:47 - 2013-07-31 12:47 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-31 12:47 - 2013-07-31 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-31 12:47 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-07-30 10:40 - 2013-07-30 10:49 - 00000000 ___SD C:\ComboFix 2013-07-30 10:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-07-30 10:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-07-30 10:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-07-30 10:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-07-30 10:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-07-30 10:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-07-30 10:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-07-30 10:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-07-30 10:39 - 2013-07-31 13:04 - 00000000 ____D C:\Windows\erdnt 2013-07-30 10:39 - 2013-07-30 10:40 - 00000000 ____D C:\Qoobox 2013-07-30 10:39 - 2013-07-30 10:35 - 05095176 ____R (Swearware) C:\Users\Hamann Home\Desktop\ComboFix.exe 2013-07-29 13:23 - 2013-07-31 13:22 - 00000000 ____D C:\FRST 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Users\Hamann Home\Qtrax 2013-07-28 22:04 - 2013-07-28 22:06 - 00000000 ____D C:\Windows\system32\Extensions 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Windows\system32\searchplugins 2013-07-28 22:02 - 2013-07-31 21:47 - 00000310 _____ C:\Windows\Tasks\DigitalSite.job 2013-07-28 22:02 - 2013-07-28 22:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\DigitalSite 2013-07-26 20:26 - 2013-07-26 20:29 - 00000000 ____D C:\Windows\system32\MRT 2013-07-14 16:54 - 2013-07-14 16:54 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Amazon 2013-07-14 16:52 - 2013-07-14 16:52 - 00000000 ____D C:\Users\Hamann Home\Documents\Amazon MP3 2013-07-12 01:12 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-12 01:12 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-12 01:12 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-12 01:12 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-12 01:12 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-12 01:12 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-11 22:37 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 22:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 22:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 22:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-02 22:15 - 2013-07-02 22:17 - 00055808 ___SH C:\Users\Public\Documents\Thumbs.db ==================== One Month Modified Files and Folders ======= 2013-07-31 21:39 - 2013-07-31 21:41 - 00891098 _____ C:\Users\Hamann Home\Desktop\SecurityCheck.exe 2013-07-31 21:38 - 2010-12-07 16:28 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-31 21:38 - 2010-12-07 16:28 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-31 20:56 - 2012-04-02 10:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-31 19:57 - 2010-12-07 16:23 - 01445642 _____ C:\Windows\WindowsUpdate.log 2013-07-31 19:54 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-31 19:54 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-31 19:47 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-31 19:47 - 2009-07-14 06:39 - 00014341 _____ C:\Windows\setupact.log 2013-07-31 19:44 - 2013-07-31 19:53 - 02347384 _____ (ESET) C:\Users\Hamann Home\Desktop\esetsmartinstaller_enu.exe 2013-07-31 14:21 - 2013-01-26 13:17 - 00000328 _____ C:\Windows\Tasks\PC SpeedUp Service Deactivator.job 2013-07-31 13:22 - 2013-07-29 13:23 - 00000000 ____D C:\FRST 2013-07-31 13:18 - 2013-07-31 13:18 - 00001596 _____ C:\Users\Hamann Home\Desktop\JRT.txt 2013-07-31 13:17 - 2013-07-31 13:17 - 00000000 ____D C:\Windows\ERUNT 2013-07-31 13:15 - 2013-07-31 13:16 - 00562430 _____ (Oleg N. Scherbakov) C:\Users\Hamann Home\Desktop\JRT.exe 2013-07-31 13:11 - 2013-07-31 13:11 - 00016126 _____ C:\AdwCleaner[S1].txt 2013-07-31 13:11 - 2013-07-31 13:11 - 00000167 _____ C:\Windows\DeleteOnReboot.bat 2013-07-31 13:08 - 2013-07-31 13:10 - 00666633 _____ C:\Users\Hamann Home\Desktop\adwcleaner.exe 2013-07-31 13:04 - 2013-07-30 10:39 - 00000000 ____D C:\Windows\erdnt 2013-07-31 13:04 - 2010-08-30 11:48 - 01610340 _____ C:\Windows\PFRO.log 2013-07-31 12:49 - 2010-12-07 16:32 - 00000000 ____D C:\Users\Hamann Home 2013-07-31 12:48 - 2013-07-31 12:48 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Malwarebytes 2013-07-31 12:47 - 2013-07-31 12:47 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-31 12:47 - 2013-07-31 12:47 - 00000058 _____ C:\Users\Hamann Home\AppData\Roaming\WB.CFG 2013-07-31 12:47 - 2013-07-31 12:47 - 00000005 _____ C:\Users\Hamann Home\AppData\Roaming\WBPU-TTL.DAT 2013-07-31 12:47 - 2013-07-31 12:47 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-31 12:47 - 2013-07-31 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-30 10:49 - 2013-07-30 10:40 - 00000000 ___SD C:\ComboFix 2013-07-30 10:40 - 2013-07-30 10:39 - 00000000 ____D C:\Qoobox 2013-07-30 10:35 - 2013-07-30 10:39 - 05095176 ____R (Swearware) C:\Users\Hamann Home\Desktop\ComboFix.exe 2013-07-29 13:12 - 2013-07-31 13:20 - 01221130 _____ (Farbar) C:\Users\Hamann Home\Desktop\FRST.exe 2013-07-28 22:06 - 2013-07-28 22:06 - 00000000 ____D C:\Users\Hamann Home\Qtrax 2013-07-28 22:06 - 2013-07-28 22:04 - 00000000 ____D C:\Windows\system32\Extensions 2013-07-28 22:04 - 2013-07-28 22:04 - 00000000 ____D C:\Windows\system32\searchplugins 2013-07-28 22:04 - 2013-05-21 18:56 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-28 22:02 - 2013-07-28 22:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\DigitalSite 2013-07-28 11:38 - 2010-08-28 02:49 - 01500254 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-26 20:29 - 2013-07-26 20:26 - 00000000 ____D C:\Windows\system32\MRT 2013-07-26 15:35 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-26 15:28 - 2013-04-28 09:32 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-07-26 15:28 - 2013-01-26 13:17 - 00000000 ____D C:\Users\Hamann Home\Documents\PCSpeedUp 2013-07-26 15:28 - 2012-09-28 00:21 - 00000000 ____D C:\Users\HAMANN~1\AppData\Local\MAGIX_AG 2013-07-26 15:28 - 2012-09-27 14:12 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\simplitec 2013-07-26 15:28 - 2012-09-27 14:10 - 00000000 ____D C:\Users\Hamann Home\Documents\MAGIX 2013-07-26 15:28 - 2012-09-25 12:48 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDAblu Designer 2013-07-26 15:28 - 2012-09-19 22:25 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDAbella Designer 2013-07-26 15:28 - 2012-07-19 19:40 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDA Designer 2013-07-26 15:28 - 2012-07-19 19:30 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\AIDAluna Designer 2013-07-26 15:28 - 2012-01-12 12:46 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo 2013-07-26 15:28 - 2011-12-08 22:30 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DATA BECKER 2013-07-26 15:28 - 2011-12-08 20:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GraphicCorp 2013-07-26 15:28 - 2011-05-15 14:14 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MM-Sprachkurs 2013-07-26 15:28 - 2011-05-15 14:14 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euroglot 2013-07-26 15:28 - 2011-04-07 12:28 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\FreeAudioPack 2013-07-26 15:28 - 2011-01-22 21:33 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\IrfanView 2013-07-26 15:28 - 2010-12-08 18:25 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Buhl Data Service 2013-07-26 15:28 - 2010-12-07 19:17 - 00000000 ___RD C:\Users\Hamann Home\Documents\My Stationery 2013-07-26 15:28 - 2010-12-07 16:32 - 00000000 ___RD C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-07-26 15:28 - 2010-12-07 16:32 - 00000000 ___RD C:\Users\Hamann Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-07-26 15:28 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration 2013-07-26 15:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat 2013-07-21 12:38 - 2010-12-07 20:02 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\SoftGrid Client 2013-07-21 12:38 - 2010-12-07 16:32 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Macromedia 2013-07-21 12:36 - 2010-12-07 16:39 - 00000000 ____D C:\Users\HAMANN~1\AppData\Local\Google 2013-07-21 12:36 - 2010-12-07 16:28 - 00000000 ____D C:\Program Files\Google 2013-07-14 16:54 - 2013-07-14 16:54 - 00000000 ____D C:\Users\Hamann Home\AppData\Roaming\Amazon 2013-07-14 16:52 - 2013-07-14 16:52 - 00000000 ____D C:\Users\Hamann Home\Documents\Amazon MP3 2013-07-12 11:42 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-12 10:34 - 2009-07-14 06:33 - 00475128 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-12 10:32 - 2010-08-30 18:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-12 10:32 - 2009-07-14 09:49 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-08 15:59 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-07-03 10:24 - 2013-06-26 20:12 - 00000000 ____D C:\Users\HAMANN~1\AppData\Local\Windows Live 2013-07-02 22:17 - 2013-07-02 22:15 - 00055808 ___SH C:\Users\Public\Documents\Thumbs.db ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-28 12:03 ==================== End Of Log ============================ Apropos Probleme... Nach dem Anmelden erscheinen immer die folgenden Fenster: 1. Minianwendung settings.ini wird von einem anderem Prozess verwendet. Schließen sie das Programm und clicken sie dann auf wiederholen oder clicken sie zum Beenden auf Abbrechen 2. Kurznotizen Es kann nicht von Vorn bekonnen werden. Sehen sie in der Hilfe nach, um weitere Details zu erfahren (Beenden) Beim Deaktivieren von Avira Free Antivirus hat sich folgendes Fenster geöffnet: Benutzerkontensteuerung Möchten Sie zulassen, dass durch das foldende Programm von einem unbekannten Herausgeber Änderungen an diesem Computer vorgenommen werden? Programmname: ccuac.exe Dateiursprung: Festplatte auf diesem Computer Habe auf ja getippt, war das richtig? Gruß marha |
Themen zu TR/ATRAPS.Gen , TR/ATRAPS.Gen2, TR/Sirefef.A.12 |
adware/instelllore.gen, anleitung, dateien, download, gelöscht, laufwerk, medion, meldungen, netzwerk, programm, reparieren, systemwiederherstellung, temporäre, tr/atraps.gen, tr/atraps.gen2, tr/atraps.gen2., tr/sirefef.a., tr/sirefef.a.12., unerwünschtes programm, windows, windows 7 |