| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ADWARE/InstallCore.Gen und TR/Downloader.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.07.2013, 08:18
| #1 |
 |  ADWARE/InstallCore.Gen und TR/Downloader.Gen2 Hallo, gestern Mittag bekam ich bei einem Download 4 Meldungen von Avira, 2mal AWARE/InstallCore.gen und 1mal TR/Downloader.Gen2...leider kann ich den Report dazu seit heute morgen nicht mehr öffnen?! Das wurde dann in Quarantäne verschobenund im nächsten Scan wurde nichts weiter gefunden. Jedoch kam es dann zu "seltsamen Vorfällen". Unten in der Leiste wurden plötzlich mehrere 100 Daten kopiert und es erschienen 3-4 mal schwarze Felder mit Eingabefunktion, die dann aber direkt wieder verschwanden. Zu guter letzt war ich gerade dabei eine Online-Bewerbung auszufüllen als da plötzlich "Schwerer Fehler" auftauchtet und dann noch etwas wie "Stellen Sie bitte sicher, dass sie nur Dienste aufführen, zu denen sie befugt sind." (kann ich nicht mehr wortwörtlich wiedergeben) Jedenfalls kommt mir die ganze Story sehr suspekt vor und bei seltsamen Kopien ist mir dann irgendwie anders geworden? Oder soll das nur n Zufall sein?! Naja, ich habe das Internet ausgestellt und mich jedenfalls auf einem anderen Rechner dann durchs Internet gekämpft, was dann wohl nicht direkt die beste Lösung war..... Jedenfalls habe ich anschließend zunächst Ad-Aware Antivirus runtergeladen, der mir "Tracking Cookies" anzeigte, die ich dann gelöscht habe.. Danach habe ich mit AdwCleaner runtergeladen und ihn suchen lassen: # AdwCleaner v2.306 - Datei am 26/07/2013 um 22:42:38 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzer : Alina - HUGO # Bootmodus : Normal # Ausgeführt unter : C:\Users\Alina\Downloads\adwcleaner06.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\searchplugins\Babylon.xml Datei Gefunden : C:\Windows\Tasks\DSite.job Ordner Gefunden : C:\Program Files (x86)\adawaretb Ordner Gefunden : C:\Program Files (x86)\Ask.com Ordner Gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\ProgramData\blekko toolbars Ordner Gefunden : C:\ProgramData\search protection Ordner Gefunden : C:\ProgramData\Tarma Installer Ordner Gefunden : C:\Users\Alina\AppData\Local\APN Ordner Gefunden : C:\Users\Alina\AppData\Local\AskToolbar Ordner Gefunden : C:\Users\Alina\AppData\Local\Temp\AskSearch Ordner Gefunden : C:\Users\Alina\AppData\LocalLow\adawaretb Ordner Gefunden : C:\Users\Alina\AppData\LocalLow\AskToolbar Ordner Gefunden : C:\Users\Alina\AppData\Roaming\BabSolution Ordner Gefunden : C:\Users\Alina\AppData\Roaming\Babylon Ordner Gefunden : C:\Users\Alina\AppData\Roaming\DealPly Ordner Gefunden : C:\Users\Alina\AppData\Roaming\DSite Ordner Gefunden : C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\adawaretb Ordner Gefunden : C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\96qwt4qp.default\extensions\toolbar@ask.com Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\APN Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\Ask.com Schlüssel Gefunden : HKCU\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\BabSolution Schlüssel Gefunden : HKCU\Software\DataMngr Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar Schlüssel Gefunden : HKCU\Software\Delta Schlüssel Gefunden : HKCU\Software\InstallCore Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gefunden : HKLM\Software\adawaretb Schlüssel Gefunden : HKLM\Software\APN Schlüssel Gefunden : HKLM\Software\AskToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Schlüssel Gefunden : HKLM\Software\DataMngr Schlüssel Gefunden : HKLM\Software\Delta Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\520dedfb538e846 Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer Schlüssel Gefunden : HKU\S-1-5-21-2839774926-952813331-1360698075-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKU\S-1-5-21-2839774926-952813331-1360698075-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gefunden : HKU\S-1-5-21-2839774926-952813331-1360698075-1002\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gefunden : HKU\S-1-5-21-2839774926-952813331-1360698075-1002\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v22.0 (de) Datei : C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\prefs.js Gefunden : user_pref("extensions.delta.admin", false); Gefunden : user_pref("extensions.delta.aflt", "babsst"); Gefunden : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Gefunden : user_pref("extensions.delta.autoRvrt", "false"); Gefunden : user_pref("extensions.delta.dfltLng", "de"); Gefunden : user_pref("extensions.delta.excTlbr", false); Gefunden : user_pref("extensions.delta.ffxUnstlRst", true); Gefunden : user_pref("extensions.delta.id", "9606144700000000000012689d953352"); Gefunden : user_pref("extensions.delta.instlDay", "15912"); Gefunden : user_pref("extensions.delta.instlRef", "sst"); Gefunden : user_pref("extensions.delta.newTab", false); Gefunden : user_pref("extensions.delta.prdct", "delta"); Gefunden : user_pref("extensions.delta.prtnrId", "delta"); Gefunden : user_pref("extensions.delta.rvrt", "false"); Gefunden : user_pref("extensions.delta.smplGrp", "none"); Gefunden : user_pref("extensions.delta.tlbrId", "base"); Gefunden : user_pref("extensions.delta.tlbrSrchUrl", ""); Gefunden : user_pref("extensions.delta.vrsn", "1.8.22.0"); Gefunden : user_pref("extensions.delta.vrsnTs", "1.8.22.012:32:40"); Gefunden : user_pref("extensions.delta.vrsni", "1.8.22.0"); Gefunden : user_pref("extensions.delta_i.babExt", ""); Gefunden : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4955"); Gefunden : user_pref("extensions.delta_i.srcExt", "ss"); -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Preferences Gefunden [l.20] : icon_url = "hxxp://www.delta-search.com/favicon.ico", Gefunden [l.23] : keyword = "delta-search.com", Gefunden [l.27] : search_url = "hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=960612689D953352&affID=119357&tsp=4955", ************************* AdwCleaner[R1].txt - [13353 octets] - [26/07/2013 22:42:38] ########## EOF - C:\AdwCleaner[R1].txt - [13414 octets] ########## Danach habe ich das dann gelöscht und er hat mir das gegeben: # AdwCleaner v2.306 - Datei am 26/07/2013 um 22:43:56 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzer : Alina - HUGO # Bootmodus : Normal # Ausgeführt unter : C:\Users\Alina\Downloads\adwcleaner06.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\searchplugins\Babylon.xml Datei Gelöscht : C:\Windows\Tasks\DSite.job Ordner Gelöscht : C:\Program Files (x86)\adawaretb Ordner Gelöscht : C:\Program Files (x86)\Ask.com Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\blekko toolbars Ordner Gelöscht : C:\ProgramData\search protection Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Users\Alina\AppData\Local\APN Ordner Gelöscht : C:\Users\Alina\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\Alina\AppData\Local\Temp\AskSearch Ordner Gelöscht : C:\Users\Alina\AppData\LocalLow\adawaretb Ordner Gelöscht : C:\Users\Alina\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Alina\AppData\Roaming\BabSolution Ordner Gelöscht : C:\Users\Alina\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Alina\AppData\Roaming\DealPly Ordner Gelöscht : C:\Users\Alina\AppData\Roaming\DSite Ordner Gelöscht : C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\adawaretb Ordner Gelöscht : C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\96qwt4qp.default\extensions\toolbar@ask.com Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\BabSolution Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\Delta Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gelöscht : HKLM\Software\adawaretb Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\Delta Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\520dedfb538e846 Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v22.0 (de) Datei : C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\prefs.js C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\user.js ... Gelöscht ! Gelöscht : user_pref("extensions.delta.admin", false); Gelöscht : user_pref("extensions.delta.aflt", "babsst"); Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Gelöscht : user_pref("extensions.delta.autoRvrt", "false"); Gelöscht : user_pref("extensions.delta.dfltLng", "de"); Gelöscht : user_pref("extensions.delta.excTlbr", false); Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true); Gelöscht : user_pref("extensions.delta.id", "9606144700000000000012689d953352"); Gelöscht : user_pref("extensions.delta.instlDay", "15912"); Gelöscht : user_pref("extensions.delta.instlRef", "sst"); Gelöscht : user_pref("extensions.delta.newTab", false); Gelöscht : user_pref("extensions.delta.prdct", "delta"); Gelöscht : user_pref("extensions.delta.prtnrId", "delta"); Gelöscht : user_pref("extensions.delta.rvrt", "false"); Gelöscht : user_pref("extensions.delta.smplGrp", "none"); Gelöscht : user_pref("extensions.delta.tlbrId", "base"); Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", ""); Gelöscht : user_pref("extensions.delta.vrsn", "1.8.22.0"); Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.22.012:32:40"); Gelöscht : user_pref("extensions.delta.vrsni", "1.8.22.0"); Gelöscht : user_pref("extensions.delta_i.babExt", ""); Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4955"); Gelöscht : user_pref("extensions.delta_i.srcExt", "ss"); -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.20] : icon_url = "hxxp://www.delta-search.com/favicon.ico", Gelöscht [l.23] : keyword = "delta-search.com", Gelöscht [l.27] : search_url = "hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=960612689D953352&[...] ************************* AdwCleaner[R1].txt - [13462 octets] - [26/07/2013 22:42:38] AdwCleaner[S1].txt - [12853 octets] - [26/07/2013 22:43:56] ########## EOF - C:\AdwCleaner[S1].txt - [12914 octets] ########## Danach habe ich wieder gesucht und es kam: # AdwCleaner v2.306 - Datei am 26/07/2013 um 22:58:11 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzer : Alina - HUGO # Bootmodus : Normal # Ausgeführt unter : C:\Users\Alina\Downloads\adwcleaner06.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v22.0 (de) Datei : C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Preferences Gefunden [l.23] : keyword = "delta-search.com", Gefunden [l.27] : search_url = "hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=960612689D953352&[...] ************************* AdwCleaner[R1].txt - [13462 octets] - [26/07/2013 22:42:38] AdwCleaner[R2].txt - [1074 octets] - [26/07/2013 22:58:11] AdwCleaner[S1].txt - [12962 octets] - [26/07/2013 22:43:56] AdwCleaner[S2].txt - [1266 octets] - [26/07/2013 22:51:51] ########## EOF - C:\AdwCleaner[R2].txt - [1255 octets] ########## Also hat er ja erneut gefunden, was er vorher schon gefunden & gelöscht hat...naja ich habe wieder gelöscht und neu gesucht und komme immer wieder zu diesen Funden...da weiß ich nun wirklich nicht weiter. Es wäre super lieb, wenn mir jemand helfen könnte, weil ich mich mit sowas gar nicht auskenne und eigentlich am Laptop weiterarbeiten muss. Vielen Dank im vorraus. |
|
27.07.2013, 09:14
| #2 |
| /// TB-Ausbilder  | ADWARE/InstallCore.Gen und TR/Downloader.Gen2!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte Schritt 2: Scan mit aswMBR Downloade dir bitte Schritt 3: Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
27.07.2013, 09:58
| #3 |
| | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 1.
__________________Code:
ATTFilter 10:19:10.0560 5932 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:19:10.0560 5932 UEFI system
10:19:10.0866 5932 ============================================================
10:19:10.0866 5932 Current date / time: 2013/07/27 10:19:10.0866
10:19:10.0866 5932 SystemInfo:
10:19:10.0866 5932
10:19:10.0866 5932 OS Version: 6.2.9200 ServicePack: 0.0
10:19:10.0866 5932 Product type: Workstation
10:19:10.0866 5932 ComputerName: HUGO
10:19:10.0866 5932 UserName: Alina
10:19:10.0866 5932 Windows directory: C:\Windows
10:19:10.0866 5932 System windows directory: C:\Windows
10:19:10.0867 5932 Running under WOW64
10:19:10.0867 5932 Processor architecture: Intel x64
10:19:10.0867 5932 Number of processors: 4
10:19:10.0867 5932 Page size: 0x1000
10:19:10.0867 5932 Boot type: Normal boot
10:19:10.0867 5932 ============================================================
10:19:12.0052 5932 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:19:12.0074 5932 ============================================================
10:19:12.0074 5932 \Device\Harddisk0\DR0:
10:19:12.0074 5932 GPT partitions:
10:19:12.0074 5932 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7B778B54-70E9-4791-989E-929CFF620E19}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
10:19:12.0074 5932 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {6BB3B0CF-E020-4BB8-900F-C7F511295CA9}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
10:19:12.0074 5932 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4AF23259-7DD5-4AB3-8469-5FBCC8580576}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
10:19:12.0074 5932 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7251B673-C353-46A0-B5FD-05AA1C654F1B}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x552E5800
10:19:12.0074 5932 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D15BA226-DB0D-489D-AAE5-55A84F0335C8}, Name: Basic data partition, StartLBA 0x55470000, BlocksNum 0x20D6000
10:19:12.0074 5932 MBR partitions:
10:19:12.0074 5932 ============================================================
10:19:12.0109 5932 C: <-> \Device\Harddisk0\DR0\Partition4
10:19:12.0154 5932 D: <-> \Device\Harddisk0\DR0\Partition5
10:19:12.0154 5932 ============================================================
10:19:12.0155 5932 Initialize success
10:19:12.0155 5932 ============================================================
10:21:16.0050 3948 ============================================================
10:21:16.0050 3948 Scan started
10:21:16.0050 3948 Mode: Manual; SigCheck; TDLFS;
10:21:16.0050 3948 ============================================================
10:21:17.0226 3948 ================ Scan system memory ========================
10:21:17.0226 3948 System memory - ok
10:21:17.0228 3948 ================ Scan services =============================
10:21:17.0439 3948 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
10:21:17.0563 3948 1394ohci - ok
10:21:17.0594 3948 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
10:21:17.0620 3948 3ware - ok
10:21:17.0659 3948 [ 899B7E724BF19F17978B6A37B864A277 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
10:21:17.0697 3948 Accelerometer - ok
10:21:17.0735 3948 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:21:17.0780 3948 ACPI - ok
10:21:17.0815 3948 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
10:21:17.0841 3948 acpiex - ok
10:21:17.0868 3948 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
10:21:17.0903 3948 acpipagr - ok
10:21:17.0930 3948 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
10:21:17.0965 3948 AcpiPmi - ok
10:21:17.0988 3948 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
10:21:18.0034 3948 acpitime - ok
10:21:18.0203 3948 [ AE1671A3C798A3467DE5E7DD12179803 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
10:21:18.0311 3948 Ad-Aware Service - ok
10:21:18.0392 3948 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:21:18.0411 3948 AdobeARMservice - ok
10:21:18.0573 3948 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:21:18.0594 3948 AdobeFlashPlayerUpdateSvc - ok
10:21:18.0631 3948 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:21:18.0674 3948 adp94xx - ok
10:21:18.0725 3948 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:21:18.0762 3948 adpahci - ok
10:21:18.0794 3948 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:21:18.0823 3948 adpu320 - ok
10:21:18.0882 3948 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:21:18.0922 3948 AeLookupSvc - ok
10:21:18.0974 3948 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
10:21:19.0023 3948 AFD - ok
10:21:19.0050 3948 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:21:19.0073 3948 agp440 - ok
10:21:19.0108 3948 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
10:21:19.0170 3948 ALG - ok
10:21:19.0214 3948 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
10:21:19.0271 3948 AllUserInstallAgent - ok
10:21:19.0317 3948 [ 15223ECAD7D688273DADA63ADA8B6BBA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:21:19.0386 3948 AMD External Events Utility - ok
10:21:19.0440 3948 AMD FUEL Service - ok
10:21:19.0473 3948 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
10:21:19.0504 3948 AmdK8 - ok
10:21:19.0756 3948 [ 8EEBE772FA7D2A6436D6DBDE5EC7191B ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:21:20.0129 3948 amdkmdag - ok
10:21:20.0171 3948 [ 9B08F939F313CC8D57789C528F6B4C4B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:21:20.0237 3948 amdkmdap - ok
10:21:20.0275 3948 [ 02CF5AD93538CCE63EB09364EDD3DCF9 ] amdkmpfd C:\Windows\system32\drivers\amdkmpfd.sys
10:21:20.0288 3948 amdkmpfd - ok
10:21:20.0331 3948 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
10:21:20.0353 3948 AmdPPM - ok
10:21:20.0428 3948 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:21:20.0448 3948 amdsata - ok
10:21:20.0475 3948 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:21:20.0504 3948 amdsbs - ok
10:21:20.0519 3948 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:21:20.0537 3948 amdxata - ok
10:21:20.0568 3948 [ A2EFE3869B976296E097DEF368280F95 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
10:21:20.0582 3948 amd_sata - ok
10:21:20.0601 3948 [ 625396421C29FB305C6C6235D01130B8 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
10:21:20.0614 3948 amd_xata - ok
10:21:20.0675 3948 [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:21:20.0689 3948 AntiVirSchedulerService - ok
10:21:20.0723 3948 [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:21:20.0737 3948 AntiVirService - ok
10:21:20.0875 3948 [ 53DDEA96AA407C3E2BCEF68A44E31A59 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
10:21:20.0904 3948 AntiVirWebService - ok
10:21:20.0967 3948 [ 823F34D1DEF120A657BB7529ABF4461F ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
10:21:21.0042 3948 AppHostSvc - ok
10:21:21.0086 3948 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
10:21:21.0135 3948 AppID - ok
10:21:21.0167 3948 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:21:21.0227 3948 AppIDSvc - ok
10:21:21.0281 3948 [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo C:\Windows\System32\appinfo.dll
10:21:21.0310 3948 Appinfo - ok
10:21:21.0322 3948 APXACC - ok
10:21:21.0365 3948 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
10:21:21.0389 3948 arc - ok
10:21:21.0414 3948 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:21:21.0439 3948 arcsas - ok
10:21:21.0575 3948 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:21:21.0623 3948 aspnet_state - ok
10:21:21.0643 3948 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:21:21.0682 3948 AsyncMac - ok
10:21:21.0707 3948 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
10:21:21.0729 3948 atapi - ok
10:21:21.0845 3948 [ 62B78165A465844CC7552F5D2E051E71 ] athr C:\Windows\system32\DRIVERS\athw8x.sys
10:21:21.0952 3948 athr - ok
10:21:21.0999 3948 [ 506907D2E7F3A5B67DBD39C00A788B7C ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
10:21:22.0015 3948 AtiHDAudioService - ok
10:21:22.0057 3948 [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
10:21:22.0158 3948 AudioEndpointBuilder - ok
10:21:22.0209 3948 [ 810F30FF8490ED5ED510621DF10DE320 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:21:22.0261 3948 Audiosrv - ok
10:21:22.0352 3948 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:21:22.0370 3948 avgntflt - ok
10:21:22.0399 3948 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:21:22.0416 3948 avipbb - ok
10:21:22.0440 3948 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:21:22.0454 3948 avkmgr - ok
10:21:22.0490 3948 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:21:22.0541 3948 AxInstSV - ok
10:21:22.0616 3948 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:21:22.0656 3948 b06bdrv - ok
10:21:22.0686 3948 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
10:21:22.0705 3948 BasicDisplay - ok
10:21:22.0714 3948 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
10:21:22.0754 3948 BasicRender - ok
10:21:22.0801 3948 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
10:21:22.0847 3948 BDESVC - ok
10:21:22.0900 3948 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
10:21:22.0943 3948 Beep - ok
10:21:22.0998 3948 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
10:21:23.0038 3948 BFE - ok
10:21:23.0097 3948 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
10:21:23.0156 3948 BITS - ok
10:21:23.0209 3948 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:21:23.0237 3948 Bonjour Service - ok
10:21:23.0264 3948 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:21:23.0287 3948 bowser - ok
10:21:23.0325 3948 [ 038FA1B55531E7020DB705B42FCCE373 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
10:21:23.0347 3948 BrokerInfrastructure - ok
10:21:23.0387 3948 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
10:21:23.0492 3948 Browser - ok
10:21:23.0531 3948 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
10:21:23.0552 3948 BthAvrcpTg - ok
10:21:23.0593 3948 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
10:21:23.0690 3948 BthHFEnum - ok
10:21:23.0736 3948 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
10:21:23.0778 3948 bthhfhid - ok
10:21:23.0870 3948 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
10:21:23.0917 3948 BTHMODEM - ok
10:21:23.0954 3948 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
10:21:23.0991 3948 bthserv - ok
10:21:24.0009 3948 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:21:24.0034 3948 cdfs - ok
10:21:24.0046 3948 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
10:21:24.0083 3948 cdrom - ok
10:21:24.0113 3948 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
10:21:24.0185 3948 CertPropSvc - ok
10:21:24.0207 3948 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
10:21:24.0257 3948 circlass - ok
10:21:24.0284 3948 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
10:21:24.0327 3948 CLFS - ok
10:21:24.0387 3948 [ 075CCE75090786F124573A788C8656E6 ] CLVirtualDrive C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
10:21:24.0410 3948 CLVirtualDrive - ok
10:21:24.0424 3948 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
10:21:24.0462 3948 CmBatt - ok
10:21:24.0520 3948 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
10:21:24.0565 3948 CNG - ok
10:21:24.0579 3948 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
10:21:24.0630 3948 CompositeBus - ok
10:21:24.0641 3948 COMSysApp - ok
10:21:24.0667 3948 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
10:21:24.0702 3948 condrv - ok
10:21:24.0740 3948 [ AFA426B0E7975CEB21F8B6711EFA8945 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:21:24.0773 3948 CryptSvc - ok
10:21:24.0823 3948 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
10:21:24.0845 3948 dam - ok
10:21:24.0897 3948 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
10:21:24.0958 3948 DcomLaunch - ok
10:21:25.0001 3948 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
10:21:25.0057 3948 defragsvc - ok
10:21:25.0093 3948 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
10:21:25.0152 3948 DeviceAssociationService - ok
10:21:25.0182 3948 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
10:21:25.0233 3948 DeviceInstall - ok
10:21:25.0281 3948 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
10:21:25.0313 3948 Dfsc - ok
10:21:25.0357 3948 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:21:25.0386 3948 Dhcp - ok
10:21:25.0397 3948 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
10:21:25.0430 3948 discache - ok
10:21:25.0440 3948 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
10:21:25.0463 3948 disk - ok
10:21:25.0490 3948 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
10:21:25.0513 3948 dmvsc - ok
10:21:25.0552 3948 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:21:25.0583 3948 Dnscache - ok
10:21:25.0628 3948 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
10:21:25.0698 3948 dot3svc - ok
10:21:25.0712 3948 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
10:21:25.0761 3948 DPS - ok
10:21:25.0800 3948 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:21:25.0837 3948 drmkaud - ok
10:21:25.0863 3948 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
10:21:25.0897 3948 DsmSvc - ok
10:21:25.0960 3948 [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:21:26.0051 3948 DXGKrnl - ok
10:21:26.0089 3948 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
10:21:26.0143 3948 Eaphost - ok
10:21:26.0257 3948 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:21:26.0433 3948 ebdrv - ok
10:21:26.0476 3948 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
10:21:26.0525 3948 EFS - ok
10:21:26.0571 3948 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
10:21:26.0601 3948 EhStorClass - ok
10:21:26.0630 3948 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
10:21:26.0657 3948 EhStorTcgDrv - ok
10:21:26.0676 3948 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
10:21:26.0709 3948 ErrDev - ok
10:21:26.0767 3948 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
10:21:26.0822 3948 EventSystem - ok
10:21:26.0841 3948 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
10:21:26.0901 3948 exfat - ok
10:21:26.0912 3948 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:21:26.0940 3948 fastfat - ok
10:21:26.0995 3948 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
10:21:27.0085 3948 Fax - ok
10:21:27.0107 3948 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
10:21:27.0142 3948 fdc - ok
10:21:27.0178 3948 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
10:21:27.0237 3948 fdPHost - ok
10:21:27.0262 3948 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
10:21:27.0330 3948 FDResPub - ok
10:21:27.0363 3948 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
10:21:27.0415 3948 fhsvc - ok
10:21:27.0450 3948 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:21:27.0488 3948 FileInfo - ok
10:21:27.0516 3948 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:21:27.0594 3948 Filetrace - ok
10:21:27.0619 3948 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
10:21:27.0638 3948 flpydisk - ok
10:21:27.0655 3948 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:21:27.0690 3948 FltMgr - ok
10:21:27.0755 3948 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
10:21:27.0847 3948 FontCache - ok
10:21:27.0894 3948 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:21:27.0920 3948 FontCache3.0.0.0 - ok
10:21:27.0955 3948 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:21:27.0977 3948 FsDepends - ok
10:21:27.0987 3948 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:21:28.0009 3948 Fs_Rec - ok
10:21:28.0067 3948 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:21:28.0111 3948 fvevol - ok
10:21:28.0181 3948 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
10:21:28.0223 3948 FxPPM - ok
10:21:28.0249 3948 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:21:28.0271 3948 gagp30kx - ok
10:21:28.0318 3948 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
10:21:28.0388 3948 gencounter - ok
10:21:28.0462 3948 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
10:21:28.0477 3948 gfibto - ok
10:21:28.0521 3948 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
10:21:28.0547 3948 GPIOClx0101 - ok
10:21:28.0622 3948 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
10:21:28.0721 3948 gpsvc - ok
10:21:28.0772 3948 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:21:28.0811 3948 HdAudAddService - ok
10:21:28.0863 3948 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
10:21:28.0912 3948 HDAudBus - ok
10:21:28.0954 3948 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
10:21:29.0024 3948 HidBatt - ok
10:21:29.0084 3948 [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth C:\Windows\System32\drivers\hidbth.sys
10:21:29.0139 3948 HidBth - ok
10:21:29.0178 3948 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
10:21:29.0214 3948 hidi2c - ok
10:21:29.0268 3948 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
10:21:29.0343 3948 HidIr - ok
10:21:29.0390 3948 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
10:21:29.0448 3948 hidserv - ok
10:21:29.0490 3948 [ 012C354B4AB48E9A7A657DF39E3A2073 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
10:21:29.0533 3948 HidUsb - ok
10:21:29.0580 3948 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:21:29.0655 3948 hkmsvc - ok
10:21:29.0719 3948 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:21:29.0777 3948 HomeGroupListener - ok
10:21:29.0822 3948 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:21:29.0883 3948 HomeGroupProvider - ok
10:21:29.0996 3948 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:21:30.0021 3948 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
10:21:30.0021 3948 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
10:21:30.0068 3948 [ D104FF402FC3DDB686E6DEF00334DB26 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
10:21:30.0107 3948 hpdskflt - ok
10:21:30.0229 3948 [ 514455F6586473791C5C6B25BA4E1BAB ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:21:30.0281 3948 hpqwmiex - ok
10:21:30.0342 3948 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:21:30.0368 3948 HpSAMD - ok
10:21:30.0899 3948 [ 55FFCBB036D7BE4BCA6FA1421203A27F ] hpsrv C:\Windows\system32\Hpservice.exe
10:21:30.0920 3948 hpsrv - ok
10:21:30.0953 3948 [ F50912B0A861ED396F6062E79C37A4A7 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10:21:30.0971 3948 HPWMISVC - ok
10:21:31.0065 3948 [ F4A91D985EB9D1D2717D538F3424603C ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:21:31.0109 3948 HTTP - ok
10:21:31.0138 3948 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:21:31.0157 3948 hwpolicy - ok
10:21:31.0179 3948 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
10:21:31.0220 3948 hyperkbd - ok
10:21:31.0237 3948 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
10:21:31.0270 3948 HyperVideo - ok
10:21:31.0281 3948 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
10:21:31.0307 3948 i8042prt - ok
10:21:31.0371 3948 [ 050F2539E14F9D5E90A4B61738EC29BD ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
10:21:31.0410 3948 iaStorA - ok
10:21:31.0438 3948 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:21:31.0478 3948 iaStorV - ok
10:21:31.0577 3948 [ ABEFA4BD23329FD9BD47496BF2E58774 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
10:21:31.0653 3948 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
10:21:31.0653 3948 IconMan_R - detected UnsignedFile.Multi.Generic (1)
10:21:31.0918 3948 [ 83915E05E168AB63B48302F7DC5D8E00 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:21:32.0349 3948 igfx - ok
10:21:32.0388 3948 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:21:32.0410 3948 iirsp - ok
10:21:32.0468 3948 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
10:21:32.0532 3948 IKEEXT - ok
10:21:32.0557 3948 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
10:21:32.0577 3948 intelide - ok
10:21:32.0610 3948 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
10:21:32.0630 3948 intelppm - ok
10:21:32.0652 3948 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:21:32.0692 3948 IpFilterDriver - ok
10:21:32.0754 3948 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:21:32.0800 3948 iphlpsvc - ok
10:21:32.0820 3948 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
10:21:32.0851 3948 IPMIDRV - ok
10:21:32.0883 3948 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:21:32.0923 3948 IPNAT - ok
10:21:32.0948 3948 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:21:32.0989 3948 IRENUM - ok
10:21:33.0011 3948 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:21:33.0032 3948 isapnp - ok
10:21:33.0076 3948 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
10:21:33.0106 3948 iScsiPrt - ok
10:21:33.0117 3948 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
10:21:33.0139 3948 kbdclass - ok
10:21:33.0168 3948 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
10:21:33.0190 3948 kbdhid - ok
10:21:33.0199 3948 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
10:21:33.0239 3948 kdnic - ok
10:21:33.0264 3948 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
10:21:33.0286 3948 KeyIso - ok
10:21:33.0316 3948 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:21:33.0342 3948 KSecDD - ok
10:21:33.0392 3948 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:21:33.0423 3948 KSecPkg - ok
10:21:33.0447 3948 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:21:33.0505 3948 ksthunk - ok
10:21:33.0576 3948 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:21:33.0636 3948 KtmRm - ok
10:21:33.0697 3948 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
10:21:33.0733 3948 LanmanServer - ok
10:21:33.0765 3948 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:21:33.0821 3948 LanmanWorkstation - ok
10:21:33.0849 3948 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:21:33.0897 3948 lltdio - ok
10:21:33.0938 3948 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:21:33.0985 3948 lltdsvc - ok
10:21:34.0010 3948 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:21:34.0046 3948 lmhosts - ok
10:21:34.0092 3948 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:21:34.0119 3948 LSI_SAS - ok
10:21:34.0145 3948 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:21:34.0170 3948 LSI_SAS2 - ok
10:21:34.0187 3948 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:21:34.0214 3948 LSI_SCSI - ok
10:21:34.0235 3948 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
10:21:34.0260 3948 LSI_SSS - ok
10:21:34.0307 3948 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll
10:21:34.0353 3948 LSM - ok
10:21:34.0383 3948 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
10:21:34.0444 3948 luafv - ok
10:21:34.0472 3948 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
10:21:34.0495 3948 megasas - ok
10:21:34.0518 3948 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:21:34.0557 3948 MegaSR - ok
10:21:34.0649 3948 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:21:34.0678 3948 Microsoft Office Groove Audit Service - ok
10:21:34.0715 3948 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
10:21:34.0740 3948 MMCSS - ok
10:21:34.0763 3948 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
10:21:34.0811 3948 Modem - ok
10:21:34.0850 3948 [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor C:\Windows\System32\drivers\monitor.sys
10:21:34.0878 3948 monitor - ok
10:21:34.0926 3948 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
10:21:34.0949 3948 mouclass - ok
10:21:34.0980 3948 [ C0ADEBED913295803B579ED288936CBB ] mouhid C:\Windows\System32\drivers\mouhid.sys
10:21:35.0013 3948 mouhid - ok
10:21:35.0024 3948 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:21:35.0050 3948 mountmgr - ok
10:21:35.0091 3948 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:21:35.0126 3948 MozillaMaintenance - ok
10:21:35.0170 3948 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:21:35.0208 3948 mpsdrv - ok
10:21:35.0292 3948 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:21:35.0360 3948 MpsSvc - ok
10:21:35.0383 3948 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:21:35.0411 3948 MRxDAV - ok
10:21:35.0455 3948 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:21:35.0495 3948 mrxsmb - ok
10:21:35.0531 3948 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:21:35.0559 3948 mrxsmb10 - ok
10:21:35.0594 3948 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:21:35.0637 3948 mrxsmb20 - ok
10:21:35.0667 3948 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
10:21:35.0724 3948 MsBridge - ok
10:21:35.0751 3948 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
10:21:35.0812 3948 MSDTC - ok
10:21:35.0829 3948 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:21:35.0863 3948 Msfs - ok
10:21:35.0910 3948 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
10:21:35.0932 3948 msgpiowin32 - ok
10:21:35.0953 3948 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:21:35.0977 3948 mshidkmdf - ok
10:21:36.0034 3948 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
10:21:36.0090 3948 mshidumdf - ok
10:21:36.0101 3948 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:21:36.0125 3948 msisadrv - ok
10:21:36.0168 3948 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:21:36.0221 3948 MSiSCSI - ok
10:21:36.0231 3948 msiserver - ok
10:21:36.0255 3948 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:21:36.0296 3948 MSKSSRV - ok
10:21:36.0319 3948 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
10:21:36.0342 3948 MsLldp - ok
10:21:36.0361 3948 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:21:36.0400 3948 MSPCLOCK - ok
10:21:36.0438 3948 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:21:36.0487 3948 MSPQM - ok
10:21:36.0506 3948 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:21:36.0547 3948 MsRPC - ok
10:21:36.0563 3948 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
10:21:36.0586 3948 mssmbios - ok
10:21:36.0623 3948 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:21:36.0646 3948 MSTEE - ok
10:21:36.0670 3948 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
10:21:36.0709 3948 MTConfig - ok
10:21:36.0734 3948 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
10:21:36.0760 3948 Mup - ok
10:21:36.0779 3948 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
10:21:36.0802 3948 mvumis - ok
10:21:36.0840 3948 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
10:21:36.0906 3948 napagent - ok
10:21:36.0940 3948 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:21:36.0998 3948 NativeWifiP - ok
10:21:37.0050 3948 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
10:21:37.0110 3948 NcaSvc - ok
10:21:37.0123 3948 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
10:21:37.0150 3948 NcdAutoSetup - ok
10:21:37.0204 3948 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:21:37.0271 3948 NDIS - ok
10:21:37.0311 3948 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:21:37.0341 3948 NdisCap - ok
10:21:37.0353 3948 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
10:21:37.0401 3948 NdisImPlatform - ok
10:21:37.0432 3948 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:21:37.0490 3948 NdisTapi - ok
10:21:37.0502 3948 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:21:37.0546 3948 Ndisuio - ok
10:21:37.0557 3948 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:37.0597 3948 NdisWan - ok
10:21:37.0606 3948 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:37.0638 3948 NDISWANLEGACY - ok
10:21:37.0680 3948 [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:21:37.0728 3948 NDProxy - ok
10:21:37.0748 3948 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
10:21:37.0792 3948 Ndu - ok
10:21:37.0803 3948 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:21:37.0845 3948 NetBIOS - ok
10:21:37.0859 3948 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:21:37.0933 3948 NetBT - ok
10:21:37.0957 3948 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
10:21:37.0982 3948 Netlogon - ok
10:21:38.0024 3948 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
10:21:38.0084 3948 Netman - ok
10:21:38.0133 3948 [ 79FA9393C67EBBF92A56923592CF7A7C ] netprofm C:\Windows\System32\netprofmsvc.dll
10:21:38.0189 3948 netprofm - ok
10:21:38.0246 3948 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:21:38.0316 3948 NetTcpPortSharing - ok
10:21:38.0368 3948 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:21:38.0391 3948 nfrd960 - ok
10:21:38.0437 3948 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:21:38.0485 3948 NlaSvc - ok
10:21:38.0518 3948 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:21:38.0542 3948 Npfs - ok
10:21:38.0552 3948 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
10:21:38.0605 3948 npsvctrig - ok
10:21:38.0642 3948 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
10:21:38.0670 3948 nsi - ok
10:21:38.0680 3948 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:21:38.0705 3948 nsiproxy - ok
10:21:38.0791 3948 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:21:38.0902 3948 Ntfs - ok
10:21:38.0936 3948 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
10:21:38.0974 3948 Null - ok
10:21:38.0999 3948 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:21:39.0027 3948 nvraid - ok
10:21:39.0046 3948 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:21:39.0073 3948 nvstor - ok
10:21:39.0099 3948 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:21:39.0126 3948 nv_agp - ok
10:21:39.0211 3948 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:21:39.0261 3948 odserv - ok
10:21:39.0296 3948 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:21:39.0329 3948 ose - ok
10:21:39.0389 3948 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:21:39.0446 3948 p2pimsvc - ok
10:21:39.0503 3948 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
10:21:39.0541 3948 p2psvc - ok
10:21:39.0568 3948 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
10:21:39.0607 3948 Parport - ok
10:21:39.0653 3948 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:21:39.0682 3948 partmgr - ok
10:21:39.0739 3948 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:21:39.0844 3948 PcaSvc - ok
10:21:39.0881 3948 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
10:21:39.0915 3948 pci - ok
10:21:39.0943 3948 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
10:21:39.0964 3948 pciide - ok
10:21:39.0999 3948 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:21:40.0030 3948 pcmcia - ok
10:21:40.0042 3948 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
10:21:40.0065 3948 pcw - ok
10:21:40.0099 3948 [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc C:\Windows\system32\drivers\pdc.sys
10:21:40.0125 3948 pdc - ok
10:21:40.0186 3948 [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:21:40.0291 3948 PEAUTH - ok
10:21:40.0463 3948 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:21:40.0496 3948 PerfHost - ok
10:21:40.0597 3948 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
10:21:40.0694 3948 pla - ok
10:21:40.0724 3948 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:21:40.0754 3948 PlugPlay - ok
10:21:40.0780 3948 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:21:40.0831 3948 PNRPAutoReg - ok
10:21:40.0846 3948 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:21:40.0881 3948 PNRPsvc - ok
10:21:40.0936 3948 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:21:40.0996 3948 PolicyAgent - ok
10:21:41.0041 3948 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
10:21:41.0068 3948 Power - ok
10:21:41.0105 3948 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:21:41.0139 3948 PptpMiniport - ok
10:21:41.0255 3948 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
10:21:41.0366 3948 PrintNotify - ok
10:21:41.0414 3948 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
10:21:41.0436 3948 Processor - ok
10:21:41.0472 3948 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
10:21:41.0527 3948 ProfSvc - ok
10:21:41.0553 3948 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:21:41.0607 3948 Psched - ok
10:21:41.0642 3948 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
10:21:41.0746 3948 QWAVE - ok
10:21:41.0767 3948 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:21:41.0790 3948 QWAVEdrv - ok
10:21:41.0811 3948 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:21:41.0840 3948 RasAcd - ok
10:21:41.0878 3948 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:21:41.0909 3948 RasAgileVpn - ok
10:21:41.0926 3948 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
10:21:41.0990 3948 RasAuto - ok
10:21:42.0014 3948 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:42.0045 3948 Rasl2tp - ok
10:21:42.0065 3948 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
10:21:42.0130 3948 RasMan - ok
10:21:42.0144 3948 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:42.0190 3948 RasPppoe - ok
10:21:42.0200 3948 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:21:42.0231 3948 RasSstp - ok
10:21:42.0301 3948 [ CA03D642ACE58E1BA54E4B383F91CD69 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:21:42.0357 3948 rdbss - ok
10:21:42.0373 3948 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
10:21:42.0396 3948 rdpbus - ok
10:21:42.0418 3948 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:21:42.0463 3948 RDPDR - ok
10:21:42.0504 3948 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:21:42.0526 3948 RdpVideoMiniport - ok
10:21:42.0549 3948 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:21:42.0588 3948 RDPWD - ok
10:21:42.0601 3948 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:21:42.0632 3948 rdyboost - ok
10:21:42.0669 3948 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:21:42.0714 3948 RemoteAccess - ok
10:21:42.0757 3948 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:21:42.0820 3948 RemoteRegistry - ok
10:21:42.0849 3948 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:21:42.0895 3948 RpcEptMapper - ok
10:21:42.0924 3948 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
10:21:42.0971 3948 RpcLocator - ok
10:21:43.0036 3948 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
10:21:43.0082 3948 RpcSs - ok
10:21:43.0129 3948 [ D38250F459BF60D6F4B69B79DCD948CC ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
10:21:43.0153 3948 RSP2STOR - ok
10:21:43.0185 3948 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:21:43.0239 3948 rspndr - ok
10:21:43.0296 3948 [ 34DA0D14F5C3F1883A331AFB975AB434 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
10:21:43.0336 3948 RTL8168 - ok
10:21:43.0371 3948 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
10:21:43.0410 3948 s3cap - ok
10:21:43.0448 3948 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
10:21:43.0474 3948 SamSs - ok
10:21:43.0666 3948 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
10:21:43.0814 3948 SBAMSvc - ok
10:21:43.0863 3948 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:21:43.0889 3948 sbp2port - ok
10:21:43.0933 3948 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:21:43.0996 3948 SCardSvr - ok
10:21:44.0028 3948 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:21:44.0057 3948 scfilter - ok
10:21:44.0144 3948 [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule C:\Windows\system32\schedsvc.dll
10:21:44.0213 3948 Schedule - ok
10:21:44.0258 3948 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:21:44.0290 3948 SCPolicySvc - ok
10:21:44.0320 3948 [ 047315E75392CEA447ACC86257824C16 ] sdbus C:\Windows\System32\drivers\sdbus.sys
10:21:44.0350 3948 sdbus - ok
10:21:44.0385 3948 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:21:44.0448 3948 SDRSVC - ok
10:21:44.0486 3948 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
10:21:44.0512 3948 sdstor - ok
10:21:44.0539 3948 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:21:44.0563 3948 secdrv - ok
10:21:44.0585 3948 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
10:21:44.0650 3948 seclogon - ok
10:21:44.0662 3948 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
10:21:44.0707 3948 SENS - ok
10:21:44.0720 3948 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:21:44.0758 3948 SensrSvc - ok
10:21:44.0786 3948 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
10:21:44.0827 3948 SerCx - ok
10:21:44.0847 3948 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
10:21:44.0872 3948 Serenum - ok
10:21:44.0895 3948 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
10:21:44.0938 3948 Serial - ok
10:21:44.0956 3948 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
10:21:44.0979 3948 sermouse - ok
10:21:45.0026 3948 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
10:21:45.0076 3948 SessionEnv - ok
10:21:45.0104 3948 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
10:21:45.0136 3948 sfloppy - ok
10:21:45.0187 3948 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:21:45.0248 3948 SharedAccess - ok
10:21:45.0319 3948 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:21:45.0400 3948 ShellHWDetection - ok
10:21:45.0434 3948 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:21:45.0456 3948 SiSRaid2 - ok
10:21:45.0480 3948 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:21:45.0504 3948 SiSRaid4 - ok
10:21:45.0542 3948 [ AF5CC3F9B88F140D78FC967ABF0F4EC7 ] SmbDrv C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
10:21:45.0557 3948 SmbDrv - ok
10:21:45.0587 3948 [ 19555D03CB179BED8B8AAA239A36BDA4 ] SmbDrvI C:\Windows\System32\drivers\Smb_driver_Intel.sys
10:21:45.0603 3948 SmbDrvI - ok
10:21:45.0632 3948 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:21:45.0683 3948 SNMPTRAP - ok
10:21:45.0730 3948 [ FD3AF5575B99871BADB94E7699DBCE08 ] spaceport C:\Windows\system32\drivers\spaceport.sys
10:21:45.0766 3948 spaceport - ok
10:21:45.0791 3948 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
10:21:45.0824 3948 SpbCx - ok
10:21:45.0881 3948 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
10:21:45.0932 3948 Spooler - ok
10:21:46.0065 3948 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
10:21:46.0243 3948 sppsvc - ok
10:21:46.0278 3948 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:21:46.0331 3948 srv - ok
10:21:46.0402 3948 [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:21:46.0465 3948 srv2 - ok
10:21:46.0513 3948 [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:21:46.0552 3948 srvnet - ok
10:21:46.0591 3948 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:21:46.0635 3948 SSDPSRV - ok
10:21:46.0646 3948 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:21:46.0683 3948 SstpSvc - ok
10:21:46.0790 3948 [ F452B51D895D894BF5487057E11D44CF ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
10:21:46.0818 3948 STacSV ( UnsignedFile.Multi.Generic ) - warning
10:21:46.0818 3948 STacSV - detected UnsignedFile.Multi.Generic (1)
10:21:46.0858 3948 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:21:46.0883 3948 stexstor - ok
10:21:46.0923 3948 [ B05AEC4014FFDC1793B5CCB6D9BD28D1 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
10:21:46.0973 3948 STHDA - ok
10:21:47.0008 3948 [ F38F79114380246B6D40CD53FB2CA28D ] StillCam C:\Windows\System32\drivers\serscan.sys
10:21:47.0062 3948 StillCam - ok
10:21:47.0104 3948 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
10:21:47.0169 3948 stisvc - ok
10:21:47.0198 3948 [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci C:\Windows\system32\drivers\storahci.sys
10:21:47.0241 3948 storahci - ok
10:21:47.0265 3948 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
10:21:47.0288 3948 storflt - ok
10:21:47.0325 3948 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
10:21:47.0374 3948 StorSvc - ok
10:21:47.0416 3948 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:21:47.0438 3948 storvsc - ok
10:21:47.0448 3948 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
10:21:47.0505 3948 svsvc - ok
10:21:47.0528 3948 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
10:21:47.0550 3948 swenum - ok
10:21:47.0581 3948 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
10:21:47.0637 3948 swprv - ok
10:21:47.0691 3948 [ 3F45C3FE208CA5E68832B65C597A35A6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:21:47.0722 3948 SynTP - ok
10:21:47.0795 3948 [ A06CB9269D29EE3D0F3F5630ABB660B8 ] SysMain C:\Windows\system32\sysmain.dll
10:21:47.0858 3948 SysMain - ok
10:21:47.0918 3948 [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
10:21:47.0960 3948 SystemEventsBroker - ok
10:21:47.0997 3948 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
10:21:48.0048 3948 TabletInputService - ok
10:21:48.0083 3948 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
10:21:48.0119 3948 TapiSrv - ok
10:21:48.0217 3948 [ D750CE2A52F1B95E654CF2904C88EF1F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:21:48.0340 3948 Tcpip - ok
10:21:48.0392 3948 [ D750CE2A52F1B95E654CF2904C88EF1F ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:21:48.0508 3948 TCPIP6 - ok
10:21:48.0560 3948 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:21:48.0605 3948 tcpipreg - ok
10:21:48.0621 3948 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:21:48.0650 3948 tdx - ok
10:21:48.0671 3948 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
10:21:48.0695 3948 terminpt - ok
10:21:48.0751 3948 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
10:21:48.0819 3948 TermService - ok
10:21:48.0859 3948 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
10:21:48.0905 3948 Themes - ok
10:21:48.0980 3948 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
10:21:49.0009 3948 THREADORDER - ok
10:21:49.0106 3948 [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
10:21:49.0137 3948 TimeBroker - ok
10:21:49.0358 3948 [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM C:\Windows\system32\drivers\tpm.sys
10:21:49.0387 3948 TPM - ok
10:21:49.0519 3948 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
10:21:49.0550 3948 TrkWks - ok
10:21:49.0903 3948 [ 8ABBB5CE0C62E0A6D28F32F44B7F865C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:21:50.0099 3948 TrustedInstaller - ok
10:21:50.0282 3948 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:21:50.0303 3948 TsUsbFlt - ok
10:21:50.0346 3948 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
10:21:50.0387 3948 TsUsbGD - ok
10:21:50.0496 3948 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:21:50.0558 3948 tunnel - ok
10:21:50.0599 3948 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:21:50.0624 3948 uagp35 - ok
10:21:50.0706 3948 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
10:21:50.0731 3948 UASPStor - ok
10:21:50.0788 3948 [ 7C33D8B8A5EA2321B84A1B6653CBD0DB ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
10:21:50.0817 3948 UCX01000 - ok
10:21:50.0866 3948 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:21:50.0916 3948 udfs - ok
10:21:50.0963 3948 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:21:51.0010 3948 UI0Detect - ok
10:21:51.0067 3948 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:21:51.0091 3948 uliagpkx - ok
10:21:51.0119 3948 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
10:21:51.0205 3948 umbus - ok
10:21:51.0284 3948 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
10:21:51.0308 3948 UmPass - ok
10:21:51.0342 3948 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
10:21:51.0396 3948 UmRdpService - ok
10:21:51.0432 3948 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
10:21:51.0484 3948 upnphost - ok
10:21:51.0496 3948 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
10:21:51.0524 3948 usbccgp - ok
10:21:51.0552 3948 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
10:21:51.0614 3948 usbcir - ok
10:21:51.0665 3948 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
10:21:51.0689 3948 usbehci - ok
10:21:51.0730 3948 [ 4875DC63E548812C75D4FDEF84970C89 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
10:21:51.0745 3948 usbfilter - ok
10:21:51.0789 3948 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\Windows\System32\drivers\usbhub.sys
10:21:51.0835 3948 usbhub - ok
10:21:51.0870 3948 [ EA040D4C6C94F315A85F3D0EAA884B37 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
10:21:51.0912 3948 USBHUB3 - ok
10:21:51.0959 3948 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
10:21:51.0988 3948 usbohci - ok
10:21:52.0027 3948 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
10:21:52.0051 3948 usbprint - ok
10:21:52.0076 3948 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
10:21:52.0101 3948 USBSTOR - ok
10:21:52.0128 3948 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
10:21:52.0150 3948 usbuhci - ok
10:21:52.0173 3948 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:21:52.0223 3948 usbvideo - ok
10:21:52.0275 3948 [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
10:21:52.0313 3948 USBXHCI - ok
10:21:52.0334 3948 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
10:21:52.0363 3948 VaultSvc - ok
10:21:52.0385 3948 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:21:52.0410 3948 vdrvroot - ok
10:21:52.0462 3948 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
10:21:52.0544 3948 vds - ok
10:21:52.0555 3948 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
10:21:52.0581 3948 VerifierExt - ok
10:21:52.0635 3948 [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
10:21:52.0684 3948 vhdmp - ok
10:21:52.0700 3948 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
10:21:52.0723 3948 viaide - ok
10:21:52.0746 3948 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:21:52.0773 3948 vmbus - ok
10:21:52.0798 3948 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
10:21:52.0822 3948 VMBusHID - ok
10:21:52.0873 3948 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
10:21:52.0923 3948 vmicheartbeat - ok
10:21:52.0936 3948 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
10:21:52.0966 3948 vmickvpexchange - ok
10:21:52.0978 3948 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
10:21:53.0008 3948 vmicrdv - ok
10:21:53.0021 3948 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
10:21:53.0053 3948 vmicshutdown - ok
10:21:53.0065 3948 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
10:21:53.0096 3948 vmictimesync - ok
10:21:53.0112 3948 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
10:21:53.0157 3948 vmicvss - ok
10:21:53.0185 3948 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:21:53.0214 3948 volmgr - ok
10:21:53.0232 3948 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:21:53.0272 3948 volmgrx - ok
10:21:53.0296 3948 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:21:53.0335 3948 volsnap - ok
10:21:53.0360 3948 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
10:21:53.0385 3948 vpci - ok
10:21:53.0423 3948 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:21:53.0452 3948 vsmraid - ok
10:21:53.0525 3948 [ D0C69E44BC1E1D4AD290FD84104623D8 ] VSS C:\Windows\system32\vssvc.exe
10:21:53.0592 3948 VSS - ok
10:21:53.0630 3948 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
10:21:53.0667 3948 VSTXRAID - ok
10:21:53.0678 3948 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:21:53.0725 3948 vwifibus - ok
10:21:53.0760 3948 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:21:53.0809 3948 vwififlt - ok
10:21:53.0819 3948 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:21:53.0851 3948 vwifimp - ok
10:21:53.0895 3948 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
10:21:53.0943 3948 W32Time - ok
10:21:53.0968 3948 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
10:21:53.0990 3948 WacomPen - ok
10:21:54.0042 3948 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:21:54.0075 3948 Wanarp - ok
10:21:54.0081 3948 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:21:54.0103 3948 Wanarpv6 - ok
10:21:54.0182 3948 [ 901CC968412F8155B08D7ABE0171166A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
10:21:54.0237 3948 WAS - ok
10:21:54.0319 3948 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
10:21:54.0399 3948 wbengine - ok
10:21:54.0415 3948 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:21:54.0484 3948 WbioSrvc - ok
10:21:54.0521 3948 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
10:21:54.0569 3948 Wcmsvc - ok
10:21:54.0631 3948 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:21:54.0684 3948 wcncsvc - ok
10:21:54.0713 3948 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:21:54.0764 3948 WcsPlugInService - ok
10:21:54.0803 3948 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
10:21:54.0827 3948 Wd - ok
10:21:54.0852 3948 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
10:21:54.0878 3948 WdBoot - ok
10:21:54.0931 3948 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:21:54.0985 3948 Wdf01000 - ok
10:21:55.0014 3948 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
10:21:55.0045 3948 WdFilter - ok
10:21:55.0076 3948 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:21:55.0120 3948 WdiServiceHost - ok
10:21:55.0128 3948 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:21:55.0174 3948 WdiSystemHost - ok
10:21:55.0198 3948 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
10:21:55.0279 3948 WebClient - ok
10:21:55.0313 3948 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:21:55.0378 3948 Wecsvc - ok
10:21:55.0406 3948 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:21:55.0457 3948 wercplsupport - ok
10:21:55.0496 3948 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\Windows\System32\WerSvc.dll
10:21:55.0531 3948 WerSvc - ok
10:21:55.0570 3948 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
10:21:55.0596 3948 WFPLWFS - ok
10:21:55.0635 3948 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
10:21:55.0674 3948 WiaRpc - ok
10:21:55.0696 3948 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:21:55.0718 3948 WIMMount - ok
10:21:55.0741 3948 WinDefend - ok
10:21:55.0809 3948 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
10:21:55.0866 3948 WinHttpAutoProxySvc - ok
10:21:55.0954 3948 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:21:55.0986 3948 Winmgmt - ok
10:21:56.0081 3948 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
10:21:56.0212 3948 WinRM - ok
10:21:56.0250 3948 [ 4F2A80D65AE6F845776E2F06AE6782ED ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
10:21:56.0264 3948 WirelessButtonDriver - ok
10:21:56.0332 3948 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
10:21:56.0390 3948 WlanSvc - ok
10:21:56.0484 3948 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
10:21:56.0546 3948 wlidsvc - ok
10:21:56.0590 3948 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
10:21:56.0626 3948 WmiAcpi - ok
10:21:56.0665 3948 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:21:56.0720 3948 wmiApSrv - ok
10:21:56.0751 3948 WMPNetworkSvc - ok
10:21:56.0782 3948 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
10:21:56.0813 3948 wpcfltr - ok
10:21:56.0847 3948 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:21:56.0872 3948 WPCSvc - ok
10:21:56.0910 3948 [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:21:56.0942 3948 WPDBusEnum - ok
10:21:56.0968 3948 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
10:21:57.0005 3948 WpdUpFltr - ok
10:21:57.0048 3948 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:21:57.0064 3948 ws2ifsl - ok
10:21:57.0104 3948 [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc C:\Windows\System32\wscsvc.dll
10:21:57.0127 3948 wscsvc - ok
10:21:57.0164 3948 [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
10:21:57.0182 3948 WSDPrintDevice - ok
10:21:57.0191 3948 [ 6ED437C0BE2280AF78070B4BEDD0D221 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
10:21:57.0224 3948 WSDScan - ok
10:21:57.0233 3948 WSearch - ok
10:21:57.0325 3948 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
10:21:57.0440 3948 WSService - ok
10:21:57.0543 3948 [ BE302BABE45EC05995F8DC66E37BBB3D ] wuauserv C:\Windows\system32\wuaueng.dll
10:21:57.0632 3948 wuauserv - ok
10:21:57.0669 3948 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:21:57.0713 3948 WudfPf - ok
10:21:57.0742 3948 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
10:21:57.0770 3948 WUDFRd - ok
10:21:57.0800 3948 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:21:57.0830 3948 wudfsvc - ok
10:21:57.0844 3948 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:57.0871 3948 WUDFWpdFs - ok
10:21:57.0917 3948 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
10:21:57.0966 3948 WwanSvc - ok
10:21:57.0993 3948 ================ Scan global ===============================
10:21:58.0048 3948 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
10:21:58.0085 3948 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
10:21:58.0133 3948 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
10:21:58.0167 3948 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
10:21:58.0178 3948 [Global] - ok
10:21:58.0180 3948 ================ Scan MBR ==================================
10:21:58.0195 3948 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
10:21:58.0274 3948 \Device\Harddisk0\DR0 - ok
10:21:58.0275 3948 ================ Scan VBR ==================================
10:21:58.0304 3948 [ BA1CFB303AD729566A066AF574F5A45A ] \Device\Harddisk0\DR0\Partition1
10:21:58.0306 3948 \Device\Harddisk0\DR0\Partition1 - ok
10:21:58.0320 3948 [ DDED1EA9A3A5793A88981538FEBFB9C3 ] \Device\Harddisk0\DR0\Partition2
10:21:58.0322 3948 \Device\Harddisk0\DR0\Partition2 - ok
10:21:58.0331 3948 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
10:21:58.0332 3948 \Device\Harddisk0\DR0\Partition3 - ok
10:21:58.0347 3948 [ 66A40CBBD0E878AC79402866270E52EF ] \Device\Harddisk0\DR0\Partition4
10:21:58.0350 3948 \Device\Harddisk0\DR0\Partition4 - ok
10:21:58.0384 3948 [ 7EC934B0F41AD3BA63DE46368B287684 ] \Device\Harddisk0\DR0\Partition5
10:21:58.0387 3948 \Device\Harddisk0\DR0\Partition5 - ok
10:21:58.0388 3948 ============================================================
10:21:58.0388 3948 Scan finished
10:21:58.0388 3948 ============================================================
10:21:58.0409 2988 Detected object count: 3
10:21:58.0409 2988 Actual detected object count: 3
10:22:38.0307 2988 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:22:38.0307 2988 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:22:38.0308 2988 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
10:22:38.0308 2988 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:22:38.0311 2988 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user
10:22:38.0311 2988 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:55.0391 5316 Deinitialize success
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-27 10:36:09
-----------------------------
10:36:09.629 OS Version: Windows x64 6.2.9200
10:36:09.630 Number of processors: 4 586 0x1001
10:36:09.632 ComputerName: HUGO UserName:
10:36:09.636 Initialze error 1
10:36:48.046 AVAST engine defs: 13072700
10:36:57.881 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d
10:36:57.885 Disk 0 Vendor: ST750LM022_HN-M750MBB 2AR10002 Size: 715404MB BusType: 11
10:36:57.921 Disk 0 MBR read successfully
10:36:57.926 Disk 0 MBR scan
10:36:57.954 Disk 0 unknown MBR code
10:36:57.959 Disk 0 Partition 1 00 EE GPT 715404 MB offset 1
10:36:57.970 Disk 0 scanning C:\Windows\system32\drivers
10:36:57.975 Service scanning
10:36:58.581 Modules scanning
10:36:58.588 Disk 0 trace - called modules:
10:36:58.600 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
10:36:58.608 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006401060]
10:36:58.616 3 CLASSPNP.SYS[fffff880013acfea] -> nt!IofCallDriver -> [0xfffffa8006373b10]
10:36:58.629 5 hpdskflt.sys[fffff88001a78379] -> nt!IofCallDriver -> [0xfffffa8006354b20]
10:36:58.638 7 amd_xata.sys[fffff88001314634] -> nt!IofCallDriver -> \Device\0000002d[0xfffffa80064247f0]
10:36:58.648 AVAST engine scan C:\Windows
10:36:58.657 AVAST engine scan C:\Windows\system32
10:36:58.668 AVAST engine scan C:\Windows\system32\drivers
10:36:58.678 AVAST engine scan C:\Users\Alina
10:36:58.687 AVAST engine scan C:\ProgramData
10:36:58.697 Scan finished successfully
10:37:26.865 Disk 0 MBR has been saved successfully to "C:\Users\Alina\Desktop\MBR.dat"
10:37:26.878 The log file has been saved successfully to "C:\Users\Alina\Desktop\aswMBR.txt"
|
|
27.07.2013, 10:00
| #4 |
| | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 3. FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013
Ran by Alina (administrator) on 27-07-2013 10:41:35
Running from C:\Users\Alina\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(AMD) C:\Windows\system32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKCU\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [icq] - C:\Users\Alina\AppData\Roaming\ICQM\icq.exe [26606072 2012-12-29] (ICQ)
HKCU\...\Run: [lvaira] - C:\Users\Alina\AppData\Roaming\duser4.exe [x]
MountPoints2: {8ad84c6b-0eff-11e2-be72-806e6f6e6963} - "E:\Autorun.exe"
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [x]
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
Startup: C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=6F80B6776684E8F1C132DB51F2DB07B5
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {28A1AFBC-2A66-4FD6-8237-7EAF11857F60} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {28A1AFBC-2A66-4FD6-8237-7EAF11857F60} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {28A1AFBC-2A66-4FD6-8237-7EAF11857F60} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {6B256ACA-6715-4045-8F5A-7755E5A890B7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=109a62ca-bd2e-4093-b0e6-e8913a747005&apn_sauid=D51E9A8E-3C3C-4332-B902-D818F4DB60B2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default
FF SelectedSearchEngine: SecureSearch
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=6F80B6776684E8F1C132DB51F2DB07B5
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ad-Aware Security Add-on - C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Chrome:
=======
CHR HomePage: "homepage": "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=6F80B6776684E8F1C132DB51F2DB07B5",
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=6F80B6776684E8F1C132DB51F2DB07B5"
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Alina\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.13.0.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx
==================== Services (Whitelisted) =================
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-26] (GFI Software)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [x]
U3 aswMBR; \??\C:\Users\Alina\AppData\Local\Temp\aswMBR.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-27 10:41 - 2013-07-27 10:41 - 00000000 ____D C:\FRST
2013-07-27 10:40 - 2013-07-27 10:40 - 01780407 _____ (Farbar) C:\Users\Alina\Downloads\FRST64.exe
2013-07-27 10:37 - 2013-07-27 10:37 - 00001895 _____ C:\Users\Alina\Desktop\aswMBR.txt
2013-07-27 10:37 - 2013-07-27 10:37 - 00000512 _____ C:\Users\Alina\Desktop\MBR.dat
2013-07-27 10:26 - 2013-07-27 10:29 - 04745728 _____ (AVAST Software) C:\Users\Alina\Downloads\aswMBR.exe
2013-07-27 10:18 - 2013-07-27 10:18 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Alina\Desktop\tdsskiller.exe
2013-07-27 10:17 - 2013-07-27 10:17 - 00793536 _____ C:\Users\Alina\Downloads\ZipOpenerSetup.exe
2013-07-26 23:56 - 2013-07-27 10:32 - 00192364 _____ C:\Windows\WindowsUpdate.log
2013-07-26 23:51 - 2013-07-26 23:51 - 00001683 _____ C:\AdwCleaner[R6].txt
2013-07-26 23:42 - 2013-07-26 23:42 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-26 23:42 - 2013-07-26 23:42 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-26 23:42 - 2013-07-26 23:42 - 00000000 ____D C:\Program Files\CCleaner
2013-07-26 23:41 - 2013-07-26 23:41 - 04429440 _____ (Piriform Ltd) C:\Users\Alina\Downloads\ccsetup404.exe
2013-07-26 23:39 - 2013-07-26 23:40 - 00001623 _____ C:\AdwCleaner[R5].txt
2013-07-26 23:11 - 2013-07-26 23:11 - 00001563 _____ C:\AdwCleaner[R4].txt
2013-07-26 23:06 - 2013-07-26 23:06 - 00001505 _____ C:\AdwCleaner[S4].txt
2013-07-26 23:05 - 2013-07-26 23:05 - 00001443 _____ C:\AdwCleaner[R3].txt
2013-07-26 23:05 - 2013-07-26 23:05 - 00000306 _____ C:\AdwCleaner[S3].txt
2013-07-26 22:58 - 2013-07-26 22:58 - 00001324 _____ C:\AdwCleaner[R2].txt
2013-07-26 22:51 - 2013-07-26 22:52 - 00001266 _____ C:\AdwCleaner[S2].txt
2013-07-26 22:43 - 2013-07-26 22:44 - 00012962 _____ C:\AdwCleaner[S1].txt
2013-07-26 22:42 - 2013-07-26 22:42 - 00666633 _____ C:\Users\Alina\Downloads\adwcleaner06.exe
2013-07-26 22:42 - 2013-07-26 22:42 - 00013462 _____ C:\AdwCleaner[R1].txt
2013-07-26 22:31 - 2013-07-26 22:31 - 00004450 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-26 22:31 - 2013-07-26 22:31 - 00000000 ____D C:\Users\Alina\AppData\Roaming\LavasoftStatistics
2013-07-26 22:31 - 2013-07-26 22:31 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-26 22:27 - 2013-07-26 22:27 - 00000000 ____D C:\Users\Alina\AppData\Local\adawarebp
2013-07-26 22:26 - 2013-07-27 09:51 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-26 22:25 - 2013-07-26 22:31 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-26 22:24 - 2013-07-26 22:24 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-26 22:22 - 2013-07-26 23:36 - 00000000 ____D C:\Users\Alina\AppData\Roaming\Ad-Aware Antivirus
2013-07-26 22:22 - 2013-07-26 22:22 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-26 22:22 - 2013-07-26 22:22 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-26 22:21 - 2013-07-26 22:22 - 05616264 _____ (Lavasoft Limited) C:\Users\Alina\Downloads\adaware_installer.exe
2013-07-26 13:12 - 2013-07-26 13:12 - 00000000 ____D C:\Users\Alina\AppData\Local\PDF24
2013-07-26 12:35 - 2013-07-26 12:35 - 00003790 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-26 12:33 - 2013-07-26 12:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-26 12:33 - 2013-07-26 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-26 12:32 - 2013-07-26 12:42 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-26 12:32 - 2013-07-26 12:32 - 00003498 _____ C:\Windows\System32\Tasks\DealPly
2013-07-26 12:32 - 2013-07-26 12:32 - 00002634 _____ C:\Windows\System32\Tasks\DSite
2013-07-26 12:32 - 2013-07-26 12:32 - 00000000 ____D C:\Program Files (x86)\GPLGS
2013-07-26 12:30 - 2013-07-26 20:09 - 00000000 ____D C:\Users\Alina\Desktop\Benteler
2013-07-25 19:21 - 2013-07-26 16:53 - 00000000 ____D C:\Users\Alina\AppData\Roaming\IrfanView
2013-07-24 08:50 - 2013-07-24 08:51 - 00446984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 10:25 - 2013-07-22 10:25 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-10 14:38 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:38 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 14:37 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:37 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:37 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:36 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 14:36 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 14:36 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 14:36 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 14:36 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 14:36 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 14:36 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 14:36 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 14:36 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 14:36 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 14:36 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 14:36 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 14:36 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 14:36 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 14:36 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 14:36 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 14:36 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 14:36 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:36 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-04 20:20 - 2013-07-04 20:20 - 00000326 _____ C:\Users\Alina\Desktop\HP Druckerdiagnosetools.url
2013-07-03 14:44 - 2013-07-26 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-29 09:59 - 2013-06-29 09:59 - 00000303 _____ C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk
2013-06-27 18:26 - 2013-05-16 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
==================== One Month Modified Files and Folders =======
2013-07-27 10:41 - 2013-07-27 10:41 - 00000000 ____D C:\FRST
2013-07-27 10:40 - 2013-07-27 10:40 - 01780407 _____ (Farbar) C:\Users\Alina\Downloads\FRST64.exe
2013-07-27 10:37 - 2013-07-27 10:37 - 00001895 _____ C:\Users\Alina\Desktop\aswMBR.txt
2013-07-27 10:37 - 2013-07-27 10:37 - 00000512 _____ C:\Users\Alina\Desktop\MBR.dat
2013-07-27 10:32 - 2013-07-26 23:56 - 00192364 _____ C:\Windows\WindowsUpdate.log
2013-07-27 10:29 - 2013-07-27 10:26 - 04745728 _____ (AVAST Software) C:\Users\Alina\Downloads\aswMBR.exe
2013-07-27 10:18 - 2013-07-27 10:18 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Alina\Desktop\tdsskiller.exe
2013-07-27 10:17 - 2013-07-27 10:17 - 00793536 _____ C:\Users\Alina\Downloads\ZipOpenerSetup.exe
2013-07-27 10:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-07-27 09:59 - 2012-12-19 16:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-27 09:56 - 2012-11-29 17:58 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2839774926-952813331-1360698075-1002
2013-07-27 09:51 - 2013-07-26 22:26 - 00001868 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-07-27 09:50 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-07-27 08:58 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-26 23:51 - 2013-07-26 23:51 - 00001683 _____ C:\AdwCleaner[R6].txt
2013-07-26 23:45 - 2013-02-11 13:59 - 00000000 ____D C:\Windows\Minidump
2013-07-26 23:45 - 2012-08-04 01:21 - 00000000 ____D C:\Windows\Panther
2013-07-26 23:42 - 2013-07-26 23:42 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-26 23:42 - 2013-07-26 23:42 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-26 23:42 - 2013-07-26 23:42 - 00000000 ____D C:\Program Files\CCleaner
2013-07-26 23:41 - 2013-07-26 23:41 - 04429440 _____ (Piriform Ltd) C:\Users\Alina\Downloads\ccsetup404.exe
2013-07-26 23:40 - 2013-07-26 23:39 - 00001623 _____ C:\AdwCleaner[R5].txt
2013-07-26 23:37 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-26 23:36 - 2013-07-26 22:22 - 00000000 ____D C:\Users\Alina\AppData\Roaming\Ad-Aware Antivirus
2013-07-26 23:11 - 2013-07-26 23:11 - 00001563 _____ C:\AdwCleaner[R4].txt
2013-07-26 23:06 - 2013-07-26 23:06 - 00001505 _____ C:\AdwCleaner[S4].txt
2013-07-26 23:05 - 2013-07-26 23:05 - 00001443 _____ C:\AdwCleaner[R3].txt
2013-07-26 23:05 - 2013-07-26 23:05 - 00000306 _____ C:\AdwCleaner[S3].txt
2013-07-26 22:58 - 2013-07-26 22:58 - 00001324 _____ C:\AdwCleaner[R2].txt
2013-07-26 22:52 - 2013-07-26 22:51 - 00001266 _____ C:\AdwCleaner[S2].txt
2013-07-26 22:45 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-07-26 22:44 - 2013-07-26 22:43 - 00012962 _____ C:\AdwCleaner[S1].txt
2013-07-26 22:42 - 2013-07-26 22:42 - 00666633 _____ C:\Users\Alina\Downloads\adwcleaner06.exe
2013-07-26 22:42 - 2013-07-26 22:42 - 00013462 _____ C:\AdwCleaner[R1].txt
2013-07-26 22:31 - 2013-07-26 22:31 - 00004450 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-26 22:31 - 2013-07-26 22:31 - 00000000 ____D C:\Users\Alina\AppData\Roaming\LavasoftStatistics
2013-07-26 22:31 - 2013-07-26 22:31 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-26 22:31 - 2013-07-26 22:25 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-26 22:27 - 2013-07-26 22:27 - 00000000 ____D C:\Users\Alina\AppData\Local\adawarebp
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-26 22:25 - 2013-07-03 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 22:24 - 2013-07-26 22:24 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-26 22:22 - 2013-07-26 22:22 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-07-26 22:22 - 2013-07-26 22:22 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-26 22:22 - 2013-07-26 22:21 - 05616264 _____ (Lavasoft Limited) C:\Users\Alina\Downloads\adaware_installer.exe
2013-07-26 20:09 - 2013-07-26 12:30 - 00000000 ____D C:\Users\Alina\Desktop\Benteler
2013-07-26 17:33 - 2012-11-29 18:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-26 17:23 - 2012-11-29 18:13 - 00000000 ____D C:\Program Files\Google
2013-07-26 17:00 - 2012-12-21 14:12 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-26 16:59 - 2012-10-05 15:30 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
2013-07-26 16:59 - 2012-10-05 15:30 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2013-07-26 16:53 - 2013-07-25 19:21 - 00000000 ____D C:\Users\Alina\AppData\Roaming\IrfanView
2013-07-26 16:53 - 2013-02-11 21:25 - 00000000 ____D C:\Users\Alina\AppData\Local\DoNotTrackPlus
2013-07-26 16:53 - 2012-11-29 18:08 - 00000000 ____D C:\Users\Alina\AppData\Local\Google
2013-07-26 16:50 - 2012-11-29 17:46 - 00000000 ____D C:\Users\Alina
2013-07-26 15:51 - 2012-12-28 18:48 - 00757760 ___SH C:\Users\Alina\Desktop\Thumbs.db
2013-07-26 15:06 - 2013-02-11 21:01 - 00000000 ____D C:\Users\Alina\Desktop\Arbeit
2013-07-26 13:43 - 2012-12-21 14:12 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-26 13:12 - 2013-07-26 13:12 - 00000000 ____D C:\Users\Alina\AppData\Local\PDF24
2013-07-26 12:42 - 2013-07-26 12:32 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-26 12:35 - 2013-07-26 12:35 - 00003790 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-26 12:33 - 2013-07-26 12:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-26 12:33 - 2013-07-26 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-26 12:32 - 2013-07-26 12:32 - 00003498 _____ C:\Windows\System32\Tasks\DealPly
2013-07-26 12:32 - 2013-07-26 12:32 - 00002634 _____ C:\Windows\System32\Tasks\DSite
2013-07-26 12:32 - 2013-07-26 12:32 - 00000000 ____D C:\Program Files (x86)\GPLGS
2013-07-25 15:44 - 2012-08-24 22:07 - 00830120 _____ C:\Windows\system32\perfh007.dat
2013-07-25 15:44 - 2012-08-24 22:07 - 00188224 _____ C:\Windows\system32\perfc007.dat
2013-07-25 15:44 - 2012-07-26 09:28 - 01949368 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-24 08:51 - 2013-07-24 08:50 - 00446984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-24 08:51 - 2013-03-09 17:09 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForAlina.job
2013-07-23 08:31 - 2013-02-11 20:58 - 00003810 _____ C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2013-07-22 10:25 - 2013-07-22 10:25 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-12 17:38 - 2013-03-09 17:09 - 00003156 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAlina
2013-07-11 20:17 - 2012-11-30 21:57 - 00000000 ____D C:\Users\Alina\AppData\Roaming\HpUpdate
2013-07-10 16:17 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 16:08 - 2012-12-28 17:21 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 16:05 - 2012-12-08 17:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-07 11:55 - 2012-11-29 18:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 20:20 - 2013-07-04 20:20 - 00000326 _____ C:\Users\Alina\Desktop\HP Druckerdiagnosetools.url
2013-06-29 18:28 - 2013-02-11 21:01 - 00000000 ____D C:\Users\Alina\Desktop\Schule
2013-06-29 09:59 - 2013-06-29 09:59 - 00000303 _____ C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk
2013-06-28 18:40 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-06-28 00:04 - 2013-02-02 11:12 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-28 00:04 - 2013-02-02 11:12 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-27 10:53 - 2013-05-07 20:38 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-21 11:28
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2013
Ran by Alina at 2013-07-27 10:42:28
Running from C:\Users\Alina\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Ad-Aware Antivirus (x32 Version: 10.5.3.4405)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Fuel (Version: 2012.0808.1024.16666)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666)
Avira Free Antivirus (x32 Version: 13.0.0.3884)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666)
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666)
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666)
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666)
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666)
CCC Help Czech (x32 Version: 2012.0808.1023.16666)
CCC Help Danish (x32 Version: 2012.0808.1023.16666)
CCC Help Dutch (x32 Version: 2012.0808.1023.16666)
CCC Help English (x32 Version: 2012.0808.1023.16666)
CCC Help Finnish (x32 Version: 2012.0808.1023.16666)
CCC Help French (x32 Version: 2012.0808.1023.16666)
CCC Help German (x32 Version: 2012.0808.1023.16666)
CCC Help Greek (x32 Version: 2012.0808.1023.16666)
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666)
CCC Help Italian (x32 Version: 2012.0808.1023.16666)
CCC Help Japanese (x32 Version: 2012.0808.1023.16666)
CCC Help Korean (x32 Version: 2012.0808.1023.16666)
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666)
CCC Help Polish (x32 Version: 2012.0808.1023.16666)
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666)
CCC Help Russian (x32 Version: 2012.0808.1023.16666)
CCC Help Spanish (x32 Version: 2012.0808.1023.16666)
CCC Help Swedish (x32 Version: 2012.0808.1023.16666)
CCC Help Thai (x32 Version: 2012.0808.1023.16666)
CCC Help Turkish (x32 Version: 2012.0808.1023.16666)
ccc-utility64 (Version: 2012.0808.1024.16666)
Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0)
CyberLink LabelPrint (x32 Version: 2.5.1.5407)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.4.5527)
D3DX10 (x32 Version: 15.4.2368.0902)
Derive 6 (x32 Version: 6.1)
Die Sims™ 3 (x32 Version: 1.50.56)
Die Sims™ 3 Wildes Studentenleben (x32 Version: 18.0.126)
eaner (Version: 4.04)
Energy Star (Version: 1.0.8)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.2.9.1)
HP Connected Music (Meridian - installer) (x32 Version: v1.0)
HP CoolSense (x32 Version: 2.10.51)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Deskjet 3520 series Hilfe (x32 Version: 27.0.0)
HP Deskjet 3520 series Setup Guide (x32 Version: 27.0.0)
HP Documentation (x32 Version: 1.1.0.0)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0)
HP Photo Creations (x32 Version: 1.0.0.7702)
HP Postscript Converter (Version: 3.1.3554)
HP Quick Launch (x32 Version: 3.0.3)
HP Recovery Manager (x32 Version: 7.00)
HP Registration Service (Version: 1.0.5976.4186)
HP Software Framework (x32 Version: 4.6.10.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.003.003.001)
HP Utility Center (x32 Version: 1.0.7)
HP Wireless Button Driver (x32 Version: 1.0.6.1)
HPDiagnosticAlert (x32 Version: 1.00.0000)
ICQ 8.0 (build 5981, für aktuellen Benutzer) (HKCU Version: 8.0.5981.0)
IDT Audio (x32 Version: 1.0.6417.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Project 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Project MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Project Professional 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Visio MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works 6-9 Converter (x32 Version: 14.0.6120.5002)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
Origin (x32 Version: 9.0.14.2148)
Qualcomm Atheros Driver Installation Program (x32 Version: 10.0)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29029)
Studie zur Verbesserung von HP Deskjet 3520 series Produkten (Version: 28.0.1315.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.2.10.12)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Vektoris3D 2.5 PLUS 2.5.2 (x32 Version: 2.5.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
==================== Restore Points =========================
10-07-2013 13:58:34 Windows Update
12-07-2013 14:28:15 HPSF Applying updates
12-07-2013 14:28:16 HPSF Applying updates
21-07-2013 09:42:13 Geplanter Prüfpunkt
26-07-2013 13:09:31 HPSF Applying updates
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0DCA64AF-5799-4078-B8D3-2AA8D9095112} - System32\Tasks\HPCeeScheduleForAlina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {164CB511-0130-48AF-9544-ADD29B9C02A6} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2839774926-952813331-1360698075-500
Task: {16B551D6-AB62-46A9-95EB-42D89A27D70B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1A2655F9-5184-41F0-9CCB-B83DCD17DBC9} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1D316103-C2AE-4B4B-99CA-5E009B3A42DE} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {22F4AD67-A858-4A51-9C84-FCC4FCE5FA13} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {4376A0AF-9FB4-446A-9351-E44BC37AE4CD} - System32\Tasks\DSite => C:\Users\Alina\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {4E5A2747-69DC-46FE-8DD9-C62873686440} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-16] (Hewlett-Packard)
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C297B45-5967-4FFA-A3FF-96C388E78FE3} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {5CA2B887-A184-4740-B56E-3674EA294E22} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File
Task: {601BFEB7-576F-47C3-AE5C-53F6B2D1D15E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {798AAB49-4BCC-4783-95EE-7EE64682E4AD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {8476B324-8849-4195-84AC-E30CE7EE68FA} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2013-05-13] (Microsoft Corporation)
Task: {862F5F49-F73E-46E2-A5AB-2478BC1885E6} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {8A6E0FCB-7BFF-4D9D-9752-4AA8EA65F8ED} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {963EF0EE-B5BE-4837-88D6-2097FF47DD4C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9CC91B03-DCF8-478E-92BD-3ACC86AB2855} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {A0DE1086-A700-4FEC-A0E7-B75756069F1F} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2839774926-952813331-1360698075-1002
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B14DDFE8-F79C-4C84-8FDE-50C984069342} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {B9F43F86-6EA4-401E-ACA6-831FE778E41F} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2839774926-952813331-1360698075-1002 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D33FBFDB-203A-4C17-BAE8-7FC6687A248E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {D480D1AD-D339-4D52-AACF-9E7789506D64} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D6EF41FA-81D5-429C-974C-BFC90AC033A8} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E3136020-ACF2-47D8-A5A0-74F580E829C2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F802DD0D-F201-4D8F-AE4B-1BC34822E053} - System32\Tasks\DealPly => C:\Users\Alina\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File
Task: {FF9D05A0-EA15-43DD-A120-2579A5FA6883} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAlina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/27/2013 10:34:26 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000618d0
ID des fehlerhaften Prozesses: 0x1090
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3
Vollständiger Name des fehlerhaften Pakets: aswMBR.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: aswMBR.exe5
Error: (07/27/2013 10:06:59 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (07/27/2013 09:26:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15569
Error: (07/27/2013 09:26:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15569
Error: (07/27/2013 09:26:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/27/2013 09:25:51 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error
Error: (07/27/2013 08:51:18 AM) (Source: ESENT) (User: )
Description: taskhostex (2540) WebCacheLocal: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\Alina\AppData\Local\Microsoft\Windows\WebCache\V01001D3.log.
Error: (07/27/2013 00:03:03 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU Client event error
Error: (07/27/2013 00:01:55 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433, Zeitstempel: 0x50763312
Name des fehlerhaften Moduls: twinui.dll, Version: 6.2.9200.16604, Zeitstempel: 0x5184a60b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000a43e6
ID des fehlerhaften Prozesses: 0xa20
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5
Error: (07/26/2013 11:09:28 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16433 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a20
Startzeit: 01ce8a4424ff5d29
Endzeit: 0
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 99740239-f637-11e2-bea3-843497723b14
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
System errors:
=============
Error: (07/26/2013 11:37:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/26/2013 11:07:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/26/2013 10:53:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/26/2013 10:46:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/26/2013 08:14:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/26/2013 05:39:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/26/2013 05:24:24 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 26.07.2013 um 16:57:12 unerwartet heruntergefahren.
Error: (07/26/2013 00:42:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WebCakeUpdater" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/25/2013 09:33:55 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (07/25/2013 09:33:55 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (03/09/2013 08:32:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 339 seconds with 300 seconds of active time. This session ended with a crash.
Error: (01/18/2013 11:14:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 338 seconds with 300 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-07-27 10:41:04.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 10:40:59.765
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 10:37:28.876
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 10:36:07.427
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 10:35:25.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 10:29:50.478
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 10:29:47.248
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 10:29:40.848
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 10:29:38.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-07-27 10:19:04.715
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 5602.26 MB
Available physical RAM: 4092.12 MB
Total Pagefile: 11234.26 MB
Available Pagefile: 9362.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:681.45 GB) (Free:617.83 GB) NTFS (Disk=0 Partition=4) ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.42 GB) (Free:2.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Sims3EP09) (CDROM) (Total:5.21 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: B726B7B9)
Partition: GPT Partition Type
==================== End Of Log ============================
|
|
27.07.2013, 14:41
| #5 | |
| /// TB-Ausbilder | ADWARE/InstallCore.Gen und TR/Downloader.Gen2Zitat:
Deinstalliere Ad-Aware - das wird dir hier absolut null bringen. Wir versuchen uns mal das zu entfernen: Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter
2013-07-26 12:32 - 2013-07-26 12:32 - 00003498 _____ C:\Windows\System32\Tasks\DealPly
2013-07-26 12:32 - 2013-07-26 12:32 - 00002634 _____ C:\Windows\System32\Tasks\DSite
2013-07-26 22:22 - 2013-07-26 22:21 - 05616264 _____ (Lavasoft Limited) C:\Users\Alina\Downloads\adaware_installer.exe
2013-07-27 09:56 - 2012-11-29 17:58 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2839774926-952813331-1360698075-1002
2013-07-27 10:17 - 2013-07-27 10:17 - 00793536 _____ C:\Users\Alina\Downloads\ZipOpenerSetup.exe
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [x]
C:\ProgramData\Search Protection
SearchScopes: HKCU - {6B256ACA-6715-4045-8F5A-7755E5A890B7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=109a62ca-bd2e-4093-b0e6-e8913a747005&apn_sauid=D51E9A8E-3C3C-4332-B902-D818F4DB60B2
Schritt 2: Browserreset mit ZOEK Achtung! Sichere vorher deine Bookmarks und persönlichen Einstellungen! Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Schritt 3: Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Es wird nur eine FRST.txt erzeugt. Poste mir diese.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
27.07.2013, 15:03
| #6 |
| | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 Vielen Dank schonmal, ich habe die Datei erstellt und wollte jetzt FRST starten. Dann wurde mir gesagt, dass ich besser eine aktuelle Version runterladen soll. Das hat mich dann zu dem Link geführt: Downloading Farbar Recovery Scan Tool Da wurde mir nur gessagt, dass das nicht häufig runtergeladen wird und auf dem Computer Schaden erzeugen kann. Trotzdem ausführen? |
|
27.07.2013, 16:53
| #7 |
| /// TB-Ausbilder | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 Wenn es die richtige Datei ist ... ja.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
27.07.2013, 17:02
| #8 |
| | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 Habe ich jetzt versucht aber irgendwas klappt da nicht, jedesmal beim Öffnen schickt er mich zu dem Link und will das herunterladen und sagt nach jeder Aktualisierung, dass es wieder aktualisiert werden müsste. Ich werde es dnan jetzt mit der "alten" Version machen? Ist das in Ordnung? |
|
27.07.2013, 18:32
| #9 |
| /// TB-Ausbilder | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 Ja sicher.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
27.07.2013, 19:12
| #10 |
| | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 Vielen Dank schonmal für deine Geduld, ich bin da immer etwas unsicher  1. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013
Ran by Alina at 2013-07-27 19:40:10 Run:1
Running from C:\Users\Alina\Desktop
Boot Mode: Normal
==============================================
C:\Windows\System32\Tasks\DealPly => Moved successfully.
C:\Windows\System32\Tasks\DSite => Moved successfully.
"C:\Users\Alina\Downloads\adaware_installer.exe" => File/Directory not found.
C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2839774926-952813331-1360698075-1002 => Moved successfully.
"C:\Users\Alina\Downloads\ZipOpenerSetup.exe" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Search Protection => Value deleted successfully.
"C:\ProgramData\Search Protection" => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B256ACA-6715-4045-8F5A-7755E5A890B7} => Key deleted successfully.
HKCR\CLSID\{6B256ACA-6715-4045-8F5A-7755E5A890B7} => Key not found.
==== End of Fixlog ====
Code:
ATTFilter Zoek.exe Version 4.0.0.4 Updated 26-07-2013
Tool run by Alina on 27.07.2013 at 19:45:52,09.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Alina\Downloads\zoek.exe [Checkboxes used]
==== System Restore Info ======================
27.07.2013 19:47:59 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2839774926-952813331-1360698075-1002\Software\Microsoft\Internet Explorer\SearchScopes\{28A1AFBC-2A66-4FD6-8237-7EAF11857F60} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=6F80B6776684E8F1C132DB51F2DB07B5");
user_pref("browser.search.selectedEngine", "SecureSearch");
Added to C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\96qwt4qp.default\prefs.js:
Added to C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\96qwt4qp.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default
user.js not found
---- Lines securedsearch removed from prefs.js ----
---- Lines securedsearch modified from prefs.js ----
---- Lines SecureSearch removed from prefs.js ----
---- Lines SecureSearch modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1953_.backup
ProfilePath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\96qwt4qp.default
user.js not found
---- Lines securedsearch removed from prefs.js ----
---- Lines securedsearch modified from prefs.js ----
---- Lines SecureSearch removed from prefs.js ----
---- Lines SecureSearch modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
==== Deleting Files \ Folders ======================
"C:\windows\SysNative\TASKS\Scheduled Update for Ask Toolbar" deleted
"C:\Users\Alina\AppData\Local\adawarebp" deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default
- Ad-Aware Security Add-on - %ProfilePath%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
==== Firefox Plugins ======================
Profilepath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
==== Deleting Files \ Folders ======================
"C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaabfjnbeinlpljodiajipidiompfl - C:\Users\Alina\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.13.0.crx[]
oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=6F80B6776684E8F1C132DB51F2DB07B5"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4"
{FFEBBF0A-C22C-4172-89FF-45215A135AC7} ?????@Mail.Ru Url="hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb"
==== Reset Google Chrome ======================
C:\users\Alina\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Alina\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Alina\Desktop\Excel.lnk - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Alina\Desktop\Powerpoint.lnk - C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
C:\Users\Alina\Desktop\Visio.lnk - C:\Program Files (x86)\Microsoft Office\Office12\VISIO.EXE
C:\Users\Alina\Desktop\Word.lnk - C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Alina\Desktop\Benteler\Ecclesia\Lebenslauf - Verknüpfung.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Derive 6.lnk - C:\Program Files (x86)\TI Education\Derive 6\Derive6.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk -
C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk -
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\Silverlight.Configuration.exe
==== shortcuts in Quick Launch ======================
C:\Users\Alina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Alina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Alina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Alina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Alina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Utility Center.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exe
C:\Users\Alina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\Alina\AppData\Local\Mozilla\Firefox\Profiles\45eydpsi.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Alina\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Alina\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 27.07.2013 at 19:57:19,04 ======================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013
Ran by Alina (administrator) on 27-07-2013 20:01:37
Running from C:\Users\Alina\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKCU\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [icq] - C:\Users\Alina\AppData\Roaming\ICQM\icq.exe [26606072 2012-12-29] (ICQ)
HKCU\...\Run: [lvaira] - C:\Users\Alina\AppData\Roaming\duser4.exe [x]
MountPoints2: {8ad84c6b-0eff-11e2-be72-806e6f6e6963} - "E:\Autorun.exe"
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
Startup: C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series (Netzwerk).lnk
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\45eydpsi.default
FF NewTab: hxxp://www.google.com/
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-06-27] (Avira Operations GmbH & Co. KG)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-26] (GFI Software)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-27 19:59 - 2013-07-27 20:01 - 00000000 ____D C:\Users\Alina\AppData\Local\adawarebp
2013-07-27 19:55 - 2013-07-27 19:45 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-07-27 19:53 - 2013-07-27 19:57 - 00000000 ____D C:\zoek
2013-07-27 19:47 - 2013-07-27 19:57 - 00011840 _____ C:\zoek-results.log
2013-07-27 19:41 - 2013-07-27 19:41 - 01275420 _____ C:\Users\Alina\Downloads\zoek.exe
2013-07-27 19:41 - 2013-07-27 19:41 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2839774926-952813331-1360698075-1002
2013-07-27 15:50 - 2013-07-27 19:56 - 00001162 _____ C:\Windows\PFRO.log
2013-07-27 10:42 - 2013-07-27 10:42 - 00030062 _____ C:\Users\Alina\Desktop\Addition.txt
2013-07-27 10:41 - 2013-07-27 10:41 - 00000000 ____D C:\FRST
2013-07-27 10:40 - 2013-07-27 10:40 - 01780407 _____ (Farbar) C:\Users\Alina\Desktop\FRST64.exe
2013-07-27 10:37 - 2013-07-27 10:37 - 00001895 _____ C:\Users\Alina\Desktop\aswMBR.txt
2013-07-27 10:37 - 2013-07-27 10:37 - 00000512 _____ C:\Users\Alina\Desktop\MBR.dat
2013-07-27 10:26 - 2013-07-27 10:29 - 04745728 _____ (AVAST Software) C:\Users\Alina\Downloads\aswMBR.exe
2013-07-27 10:18 - 2013-07-27 10:18 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Alina\Desktop\tdsskiller.exe
2013-07-26 23:56 - 2013-07-27 19:49 - 00326142 _____ C:\Windows\WindowsUpdate.log
2013-07-26 23:51 - 2013-07-26 23:51 - 00001683 _____ C:\AdwCleaner[R6].txt
2013-07-26 23:42 - 2013-07-26 23:42 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-26 23:42 - 2013-07-26 23:42 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-26 23:42 - 2013-07-26 23:42 - 00000000 ____D C:\Program Files\CCleaner
2013-07-26 23:41 - 2013-07-26 23:41 - 04429440 _____ (Piriform Ltd) C:\Users\Alina\Downloads\ccsetup404.exe
2013-07-26 23:39 - 2013-07-26 23:40 - 00001623 _____ C:\AdwCleaner[R5].txt
2013-07-26 23:11 - 2013-07-26 23:11 - 00001563 _____ C:\AdwCleaner[R4].txt
2013-07-26 23:06 - 2013-07-26 23:06 - 00001505 _____ C:\AdwCleaner[S4].txt
2013-07-26 23:05 - 2013-07-26 23:05 - 00001443 _____ C:\AdwCleaner[R3].txt
2013-07-26 23:05 - 2013-07-26 23:05 - 00000306 _____ C:\AdwCleaner[S3].txt
2013-07-26 22:58 - 2013-07-26 22:58 - 00001324 _____ C:\AdwCleaner[R2].txt
2013-07-26 22:51 - 2013-07-26 22:52 - 00001266 _____ C:\AdwCleaner[S2].txt
2013-07-26 22:43 - 2013-07-26 22:44 - 00012962 _____ C:\AdwCleaner[S1].txt
2013-07-26 22:42 - 2013-07-26 22:42 - 00666633 _____ C:\Users\Alina\Downloads\adwcleaner06.exe
2013-07-26 22:42 - 2013-07-26 22:42 - 00013462 _____ C:\AdwCleaner[R1].txt
2013-07-26 22:31 - 2013-07-26 22:31 - 00004450 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-26 22:31 - 2013-07-26 22:31 - 00000000 ____D C:\Users\Alina\AppData\Roaming\LavasoftStatistics
2013-07-26 22:31 - 2013-07-26 22:31 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-26 22:26 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-26 22:26 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-26 22:26 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-26 22:26 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-26 22:26 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-07-26 22:26 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-26 22:26 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-07-26 22:26 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-26 22:26 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-26 22:26 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-07-26 22:26 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-07-26 22:26 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-07-26 22:26 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-07-26 22:25 - 2013-07-27 15:46 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-26 22:25 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-07-26 22:25 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-07-26 22:25 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-07-26 22:25 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-07-26 22:25 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-26 22:25 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-26 22:25 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-26 22:25 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-26 22:25 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-07-26 22:25 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-26 22:25 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-26 22:25 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-07-26 22:25 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-07-26 22:25 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-07-26 22:25 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-07-26 22:25 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-07-26 22:25 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-26 22:25 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-07-26 22:25 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-07-26 22:25 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-07-26 22:25 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-07-26 22:25 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-07-26 22:24 - 2013-07-26 22:24 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-26 22:22 - 2013-07-26 23:36 - 00000000 ____D C:\Users\Alina\AppData\Roaming\Ad-Aware Antivirus
2013-07-26 22:22 - 2013-07-26 22:22 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-26 13:12 - 2013-07-26 13:12 - 00000000 ____D C:\Users\Alina\AppData\Local\PDF24
2013-07-26 12:35 - 2013-07-26 12:35 - 00003790 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-26 12:33 - 2013-07-26 12:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-26 12:33 - 2013-07-26 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-26 12:32 - 2013-07-26 12:42 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-26 12:32 - 2013-07-26 12:32 - 00000000 ____D C:\Program Files (x86)\GPLGS
2013-07-26 12:30 - 2013-07-26 20:09 - 00000000 ____D C:\Users\Alina\Desktop\Benteler
2013-07-25 19:21 - 2013-07-26 16:53 - 00000000 ____D C:\Users\Alina\AppData\Roaming\IrfanView
2013-07-24 08:50 - 2013-07-24 08:51 - 00446984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-22 10:25 - 2013-07-22 10:25 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-10 14:38 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:38 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 14:37 - 2013-06-01 11:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:37 - 2013-06-01 11:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:37 - 2013-05-31 01:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:36 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 14:36 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 14:36 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 14:36 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 14:36 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 14:36 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 14:36 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 14:36 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 14:36 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 14:36 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 14:36 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 14:36 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 14:36 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 14:36 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 14:36 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 14:36 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 14:36 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 14:36 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:36 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-04 20:20 - 2013-07-04 20:20 - 00000326 _____ C:\Users\Alina\Desktop\HP Druckerdiagnosetools.url
2013-07-03 14:44 - 2013-07-26 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-29 09:59 - 2013-06-29 09:59 - 00000303 _____ C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk
2013-06-27 18:26 - 2013-05-16 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
==================== One Month Modified Files and Folders =======
2013-07-27 20:01 - 2013-07-27 19:59 - 00000000 ____D C:\Users\Alina\AppData\Local\adawarebp
2013-07-27 20:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-07-27 19:59 - 2012-12-19 16:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-27 19:57 - 2013-07-27 19:53 - 00000000 ____D C:\zoek
2013-07-27 19:57 - 2013-07-27 19:47 - 00011840 _____ C:\zoek-results.log
2013-07-27 19:56 - 2013-07-27 15:50 - 00001162 _____ C:\Windows\PFRO.log
2013-07-27 19:56 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-27 19:55 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-07-27 19:49 - 2013-07-26 23:56 - 00326142 _____ C:\Windows\WindowsUpdate.log
2013-07-27 19:45 - 2013-07-27 19:55 - 00024064 _____ C:\Windows\zoek-delete.exe
2013-07-27 19:41 - 2013-07-27 19:41 - 01275420 _____ C:\Users\Alina\Downloads\zoek.exe
2013-07-27 19:41 - 2013-07-27 19:41 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2839774926-952813331-1360698075-1002
2013-07-27 15:56 - 2012-08-24 22:07 - 00830120 _____ C:\Windows\system32\perfh007.dat
2013-07-27 15:56 - 2012-08-24 22:07 - 00188224 _____ C:\Windows\system32\perfc007.dat
2013-07-27 15:56 - 2012-07-26 09:28 - 01949368 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-27 15:46 - 2013-07-26 22:25 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-27 10:42 - 2013-07-27 10:42 - 00030062 _____ C:\Users\Alina\Desktop\Addition.txt
2013-07-27 10:41 - 2013-07-27 10:41 - 00000000 ____D C:\FRST
2013-07-27 10:40 - 2013-07-27 10:40 - 01780407 _____ (Farbar) C:\Users\Alina\Desktop\FRST64.exe
2013-07-27 10:37 - 2013-07-27 10:37 - 00001895 _____ C:\Users\Alina\Desktop\aswMBR.txt
2013-07-27 10:37 - 2013-07-27 10:37 - 00000512 _____ C:\Users\Alina\Desktop\MBR.dat
2013-07-27 10:29 - 2013-07-27 10:26 - 04745728 _____ (AVAST Software) C:\Users\Alina\Downloads\aswMBR.exe
2013-07-27 10:18 - 2013-07-27 10:18 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Alina\Desktop\tdsskiller.exe
2013-07-27 09:50 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-07-27 08:58 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-26 23:51 - 2013-07-26 23:51 - 00001683 _____ C:\AdwCleaner[R6].txt
2013-07-26 23:45 - 2013-02-11 13:59 - 00000000 ____D C:\Windows\Minidump
2013-07-26 23:45 - 2012-08-04 01:21 - 00000000 ____D C:\Windows\Panther
2013-07-26 23:42 - 2013-07-26 23:42 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-07-26 23:42 - 2013-07-26 23:42 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-26 23:42 - 2013-07-26 23:42 - 00000000 ____D C:\Program Files\CCleaner
2013-07-26 23:41 - 2013-07-26 23:41 - 04429440 _____ (Piriform Ltd) C:\Users\Alina\Downloads\ccsetup404.exe
2013-07-26 23:40 - 2013-07-26 23:39 - 00001623 _____ C:\AdwCleaner[R5].txt
2013-07-26 23:36 - 2013-07-26 22:22 - 00000000 ____D C:\Users\Alina\AppData\Roaming\Ad-Aware Antivirus
2013-07-26 23:11 - 2013-07-26 23:11 - 00001563 _____ C:\AdwCleaner[R4].txt
2013-07-26 23:06 - 2013-07-26 23:06 - 00001505 _____ C:\AdwCleaner[S4].txt
2013-07-26 23:05 - 2013-07-26 23:05 - 00001443 _____ C:\AdwCleaner[R3].txt
2013-07-26 23:05 - 2013-07-26 23:05 - 00000306 _____ C:\AdwCleaner[S3].txt
2013-07-26 22:58 - 2013-07-26 22:58 - 00001324 _____ C:\AdwCleaner[R2].txt
2013-07-26 22:52 - 2013-07-26 22:51 - 00001266 _____ C:\AdwCleaner[S2].txt
2013-07-26 22:44 - 2013-07-26 22:43 - 00012962 _____ C:\AdwCleaner[S1].txt
2013-07-26 22:42 - 2013-07-26 22:42 - 00666633 _____ C:\Users\Alina\Downloads\adwcleaner06.exe
2013-07-26 22:42 - 2013-07-26 22:42 - 00013462 _____ C:\AdwCleaner[R1].txt
2013-07-26 22:31 - 2013-07-26 22:31 - 00004450 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-07-26 22:31 - 2013-07-26 22:31 - 00000000 ____D C:\Users\Alina\AppData\Roaming\LavasoftStatistics
2013-07-26 22:31 - 2013-07-26 22:31 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Lavasoft
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-07-26 22:25 - 2013-07-26 22:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-07-26 22:25 - 2013-07-03 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 22:24 - 2013-07-26 22:24 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-07-26 22:22 - 2013-07-26 22:22 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-07-26 20:09 - 2013-07-26 12:30 - 00000000 ____D C:\Users\Alina\Desktop\Benteler
2013-07-26 17:33 - 2012-11-29 18:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-26 17:23 - 2012-11-29 18:13 - 00000000 ____D C:\Program Files\Google
2013-07-26 17:00 - 2012-12-21 14:12 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-26 16:59 - 2012-10-05 15:30 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
2013-07-26 16:59 - 2012-10-05 15:30 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2013-07-26 16:53 - 2013-07-25 19:21 - 00000000 ____D C:\Users\Alina\AppData\Roaming\IrfanView
2013-07-26 16:53 - 2013-02-11 21:25 - 00000000 ____D C:\Users\Alina\AppData\Local\DoNotTrackPlus
2013-07-26 16:53 - 2012-11-29 18:08 - 00000000 ____D C:\Users\Alina\AppData\Local\Google
2013-07-26 16:50 - 2012-11-29 17:46 - 00000000 ____D C:\Users\Alina
2013-07-26 15:51 - 2012-12-28 18:48 - 00757760 ___SH C:\Users\Alina\Desktop\Thumbs.db
2013-07-26 15:06 - 2013-02-11 21:01 - 00000000 ____D C:\Users\Alina\Desktop\Arbeit
2013-07-26 13:43 - 2012-12-21 14:12 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-26 13:12 - 2013-07-26 13:12 - 00000000 ____D C:\Users\Alina\AppData\Local\PDF24
2013-07-26 12:42 - 2013-07-26 12:32 - 00000000 ____D C:\Program Files\PDFCreator
2013-07-26 12:35 - 2013-07-26 12:35 - 00003790 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-26 12:33 - 2013-07-26 12:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-26 12:33 - 2013-07-26 12:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-26 12:32 - 2013-07-26 12:32 - 00000000 ____D C:\Program Files (x86)\GPLGS
2013-07-24 08:51 - 2013-07-24 08:50 - 00446984 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-24 08:51 - 2013-03-09 17:09 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForAlina.job
2013-07-22 10:25 - 2013-07-22 10:25 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-12 17:38 - 2013-03-09 17:09 - 00003156 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAlina
2013-07-11 20:17 - 2012-11-30 21:57 - 00000000 ____D C:\Users\Alina\AppData\Roaming\HpUpdate
2013-07-10 16:17 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 16:08 - 2012-12-28 17:21 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 16:05 - 2012-12-08 17:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-07 11:55 - 2012-11-29 18:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 20:20 - 2013-07-04 20:20 - 00000326 _____ C:\Users\Alina\Desktop\HP Druckerdiagnosetools.url
2013-06-29 18:28 - 2013-02-11 21:01 - 00000000 ____D C:\Users\Alina\Desktop\Schule
2013-06-29 09:59 - 2013-06-29 09:59 - 00000303 _____ C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk
2013-06-28 18:40 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-06-28 00:04 - 2013-02-02 11:12 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-28 00:04 - 2013-02-02 11:12 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-27 10:53 - 2013-05-07 20:38 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-21 11:28
==================== End Of Log ============================
|
|
27.07.2013, 20:49
| #11 |
| /// TB-Ausbilder | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Quick-Scan mit Malwarebytes Downloade Dir bitte Schritt 2: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 3: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
28.07.2013, 00:25
| #12 |
| | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 Das hört sich ja schonmal gut an Alsooo 1 (wurde nichts gefunden) : Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.27.06 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16635 Alina :: HUGO [Administrator] Schutz: Aktiviert 27.07.2013 22:06:07 mbam-log-2013-07-27 (22-06-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214783 Laufzeit: 4 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 2. Hier habe ich mein Avira deaktiviert und bin wie vorgeschrieben vorgegangen..das Programm hat mich dann trotzdem auf Avira aufmerksam gemacht und auf ein anderes von Avast(?) Da habe ich nichts gemacht, ich musste ja auf Anweisung etwas davon runterladen...ich habe da nichts zum deaktivieren gefunden und das ganze dann so durchlaufen lassen. Hat dann keinen Fund ergeben...nach Deinstallation + Löschen des Ordners war die Logdatei dann auch weg, aber ich glaube, das ist jetzt kein Problem oder etwa doch? 3. Code:
ATTFilter Results of screen317's Security Check version 0.99.70 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
28.07.2013, 09:38
| #13 |
| /// TB-Ausbilder | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: Falls du mich jetzt fragen willst, was mit den noch gefundenen Bedrohungen von Eset ist ... lies bitte jetzt nochmal meinen Hinweis zu delfix einige wenige Zeilen weiter oben.Schritt 3: ESET deinstallieren (Optional)
Abschließend noch Tipps zu folgenden Themen:
Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
28.07.2013, 10:55
| #14 |
| | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 Super Ich habe die Tools deinstalliert und habe jetzt noch einige Fragen. Ich möchte Avira deinstallieren und Avast installieren. Dann gehe ich einfach über den Link und deinstalliere Avira damit..die Sachen, die bei Avira in Quarantäne sind, können mich dann aber nicht gefährden oder? Solange bin ich ja dann ohne Schutzprogramm.. Also damit deinstallieren und anschließend Avast installieren ist sicher? Eset habe ich ja bereits nach der einmaligen Nutzung wieder deinstalliert, kann ich es einfach wieder installieren und immer drauf lassen um regelmäßige Scans neben Avast laufen zu lassen? Behindert es also nicht? Und Malwarebytes lasse ich dann auch zum regelmäßigen Scan drauf? Und als letztes: Ich habe das Secunia PSI installiert und überprüen lassen: Kann ich das auch einfach drauf lassen und immer mal wieder überprüfen lassen? Vieeeeeelen Dank schonmal für die Geduld und den Zeitaufwand, ich will das ganze nur jetzt so ordnungsgemäß wie möglich haben |
|
28.07.2013, 11:25
| #15 |
| /// TB-Ausbilder | ADWARE/InstallCore.Gen und TR/Downloader.Gen2 Ja kannst alles lassen. Wenn du Avira wirklich loswerden willst, dann würde ich mir vor dessen Deinstallation die Avast Installationsdatei laden und dann das so schnell wie möglich in einem Rutsch machen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu ADWARE/InstallCore.Gen und TR/Downloader.Gen2 |
| ad-aware, antivirus, appdatalow, avira, browser, dateien, download, explorer, fehler, firefox, gelöscht, google, helper, icon, internet, internet browser, internet explorer, laptop, löschen, microsoft, mozilla, ordner, registrierungsdatenbank, scan, software, suche, super, tarma, temp, tr/downloader.gen2, windows |
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
