| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbung überallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.08.2013, 17:15
| #1 |
 |  Werbung überall Habe auf jeder Seite Werbung sogar auf Google und allem, oder einzelne Worte werden verklinkt mit werbung wie krieg ich das weg? |
|
09.08.2013, 18:03
| #2 |
| /// Malware-holic   | Werbung überall Hi, du warst doch schon mal hier, da solltest du doch noch unsere Anleitung zum start kennen...
__________________Beginnen wir wie folgt: Es folgt gleich eine Anleitung zu FRST, ich benötige folgene zusätzliche Info für die Additions.txt Empfehlungen fürs Deinstallieren Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
09.08.2013, 18:34
| #3 |
| | Werbung überall 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Nötig
__________________Adobe AIR (x32 Version: 1.5.0.7220) Unbekannt Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Nötig Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Nötig Adobe Photoshop Elements 8.0 (x32 Version: 8.0) Hm Nötig/Unnötig ka xD Adobe Reader X (10.1.4) - Deutsch (x32 Version: 10.1.4) Nötig Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95) Unbekannt Audacity 2.0 (x32) Unbekannt Audiograbber 1.83 SE (x32 Version: 1.83 SE ) Unnötig Avira Free Antivirus (x32 Version: 12.1.9.2500) nötig AVM FRITZ!WLAN (x32) Nötog Bejeweled 2 Deluxe (x32 Version: 2.2.0.95) Unbekannt Build-a-lot 2 (x32 Version: 2.2.0.95) Unbekannt Bundled software uninstaller (x32) Unbekannt Cheat Engine 6.1 (x32) unnötig Chuzzle Deluxe (x32 Version: 2.2.0.95) Unbekannt CyberLink MediaShow (x32 Version: 5.0.1308) unbekannt D3DX10 (x32 Version: 15.4.2368.0902) Unbekannt Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95) Unbekannt Emergency 2013 (x32) Nötig eReg (x32 Version: 1.20.138.34) Unbekannt Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) Unnötig Farm Frenzy (x32 Version: 2.2.0.95) Unbekannt FATE (x32 Version: 2.2.0.95) Unbekannt Final Drive Nitro (x32 Version: 2.2.0.95) Unbekannt Fraps (remove only) (x32) Nötig Google Update Helper (x32 Version: 1.3.21.153) Unbekannt GUILD WARS (x32) Nötig Hotkey Utility (x32 Version: 2.05.3009) Unbekannt Identity Card (x32 Version: 1.00.3003) Unbekannt ImagXpress (x32 Version: 7.0.74.0) Unbekannt Insaniquarium Deluxe (x32 Version: 2.2.0.95) Unbekannt Intel(R) Management Engine Components (x32 Version: 7.0.0.1118) Unbekannt Intel(R) Network Connections 16.4.69.0 (Version: 16.4.69.0) Unbekannt Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008) Unbekannt Java 7 Update 21 (64-bit) (Version: 7.0.210) Nötig Java 7 Update 25 (x32 Version: 7.0.250) Nötig Java Auto Updater (x32 Version: 2.1.9.5) Unbekannt JavaFX 2.1.1 (x32 Version: 2.1.1) Unbekannt Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95) Unbekannt John Deere Drive Green (x32 Version: 2.2.0.95) Unbekannt League of Legends (x32 Version: 3.0.1) Nötig Logitech Flow Scroll 4.0 (Version: 4.00.33) Unbekannt Logitech G35 (Version: 1.1.178) Nötig Logitech GamePanel Software 3.06.109 (Version: 3.06.109) Nötig Logitech SetPoint 6.32 (Version: 6.32.20) Nötig Logitech Unifying-Software 2.10 (Version: 2.10.37) Ntöig Lyrics-Pal (x32) Unbekannt Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Nötig Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Unbekann Microsoft Application Error Reporting (Version: 12.0.6015.5000)Unbekannt Microsoft Office 2010 (x32 Version: 14.0.4763.1000)Unbekannt Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)Unbekannt Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)Unbekannt Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)Unbekannt Microsoft Silverlight (Version: 5.1.20513.0)Nötig Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)Unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)Unbekannt Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)Unbekannt Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Unbekannt Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)Unbekannt Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.307Unbekannt29)Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Unbekannt mIRC (x32 Version: 7.19)Nötig Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Nötig Mozilla Maintenance Service (x32 Version: 22.0) Unbekannt Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7) Nötig MSVCRT (x32 Version: 15.4.2862.0708) Unbekannt MSVCRT Redists (x32 Version: 1.0) Unbekannt MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) Unbekannt MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)Unbekannt neroxml (x32 Version: 1.0.0)Unbekannt Nexon Game Manager (x32)Unbekannt Nostale(DE) (x32)Nötig NVIDIA 3D Vision Controller-Treiber 306.97 (Version: 306.97) Nötig NVIDIA 3D Vision Treiber 311.06 (Version: 311.06) Nötig NVIDIA Display Control Panel (Version: 6.14.12.5933) Nötig NVIDIA Grafiktreiber 311.06 (Version: 311.06) Nötig NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) Nötig NVIDIA Install Application (Version: 2.1002.108.688) Nötig NVIDIA PhysX (x32 Version: 9.12.0604) Nötig NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604) Nötig NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106) Nötig NVIDIA Systemsteuerung 311.06 (Version: 311.06) Nötig NVIDIA Update 1.11.3 (Version: 1.11.3) Nötig NVIDIA Update Components (Version: 1.11.3) Nötig OpenOffice.org 3.4 (x32 Version: 3.4.9590) Nötig Packard Bell Game Console (x32) Unbekannt Packard Bell InfoCentre (x32 Version: 3.02.3000)Unbekannt Packard Bell Recovery Management (x32 Version: 4.05.3013)Unbekannt Packard Bell Registration (x32 Version: 1.03.3003)Unbekannt Packard Bell Software Suite SE (x32 Version: 2.01.3003)Unbekannt Packard Bell Updater (x32 Version: 1.02.3001)Unbekannt Pando Media Booster (x32 Version: 2.6.0.7)Unbekannt Penguins! (x32 Version: 2.2.0.95)Unbekannt Personal Backup 5.4 (Version: 5.3)Unbekannt Photo Frame (x32 Version: 5.0.0.8)Unbekannt Plants vs. Zombies (x32 Version: 2.2.0.95)Unbekannt Polar Bowler (x32 Version: 2.2.0.95)Unbekannt Polar Golfer (x32 Version: 2.2.0.95)Unbekannt PricePeep (x32 Version: 2.2.0.2)Unbekannt QuickTime (x32 Version: 7.73.80.64)Unbekannt raggler (Version: 2.10)Unbekannt Realtek Ethernet Controller Driver (x32 Version: 7.36.1224.2010)Nötig Realtek High Definition Audio Driver (x32 Version: 6.0.1.6215)Nötig Recuva (Version: 1.45)Nötig Sandboxie 3.76 (64-bit) (Version: 3.76)Nötig Skype™ 6.5 (x32 Version: 6.5.158)Nötig SmartSound Quicktracks 5 (x32 Version: 5.1.8)Unbekannt TeamSpeak 3 Client (Version: 3.0.10.1)Nötig Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Unbekannt Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Unbekannt Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)Unbekannt Vegas Pro 10.0 (x32 Version: 10.0.469)Nötig Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)Unbekannt VLC media player 1.1.11 (x32 Version: 1.1.11)Nötig Welcome Center (x32 Version: 1.02.3005)Unbekannt Windows Live Communications Platform (x32 Version: 15.4.3502.0922)Unbekannt Windows Live Essentials (x32 Version: 15.4.3502.0922)Unbekannt Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)Unbekannt Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)Unbekannt Windows Live Installer (x32 Version: 15.4.3502.0922)Unbekannt Windows Live Language Selector (Version: 15.4.3502.0922)Unbekannt Windows Live Movie Maker (x32 Version: 15.4.3502.0922)Unbekannt Windows Live Photo Common (x32 Version: 15.4.3502.0922)Unbekannt Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)Unbekannt Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)Unbekannt Windows Live SOXE (x32 Version: 15.4.3502.0922)Unbekannt Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)Unbekannt Windows Live UX Platform (x32 Version: 15.4.3502.0922)Unbekannt Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)Unbekannt Yahoo! Detect (x32)Unbekannt Zuma Deluxe (x32 Version: 2.2.0.95)Unbekannt Zuma's Revenge (x32 Version: 2.2.0.95)Unbekannt Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2013 02 Ran by Rene at 2013-08-09 19:18:39 Running from C:\Users\Rene\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe AIR (x32 Version: 1.5.0.7220) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Photoshop Elements 8.0 (x32 Version: 8.0) Adobe Reader X (10.1.4) - Deutsch (x32 Version: 10.1.4) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95) Audacity 2.0 (x32) Audiograbber 1.83 SE (x32 Version: 1.83 SE ) Avira Free Antivirus (x32 Version: 12.1.9.2500) AVM FRITZ!WLAN (x32) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95) Build-a-lot 2 (x32 Version: 2.2.0.95) Bundled software uninstaller (x32) Cheat Engine 6.1 (x32) Chuzzle Deluxe (x32 Version: 2.2.0.95) CyberLink MediaShow (x32 Version: 5.0.1308) D3DX10 (x32 Version: 15.4.2368.0902) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95) Emergency 2013 (x32) eReg (x32 Version: 1.20.138.34) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) Farm Frenzy (x32 Version: 2.2.0.95) FATE (x32 Version: 2.2.0.95) Final Drive Nitro (x32 Version: 2.2.0.95) Fraps (remove only) (x32) Google Update Helper (x32 Version: 1.3.21.153) GUILD WARS (x32) Hotkey Utility (x32 Version: 2.05.3009) Identity Card (x32 Version: 1.00.3003) ImagXpress (x32 Version: 7.0.74.0) Insaniquarium Deluxe (x32 Version: 2.2.0.95) Intel(R) Management Engine Components (x32 Version: 7.0.0.1118) Intel(R) Network Connections 16.4.69.0 (Version: 16.4.69.0) Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008) Java 7 Update 21 (64-bit) (Version: 7.0.210) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) JavaFX 2.1.1 (x32 Version: 2.1.1) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95) John Deere Drive Green (x32 Version: 2.2.0.95) League of Legends (x32 Version: 3.0.1) Logitech Flow Scroll 4.0 (Version: 4.00.33) Logitech G35 (Version: 1.1.178) Logitech GamePanel Software 3.06.109 (Version: 3.06.109) Logitech SetPoint 6.32 (Version: 6.32.20) Logitech Unifying-Software 2.10 (Version: 2.10.37) Lyrics-Pal (x32) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) mIRC (x32 Version: 7.19) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT Redists (x32 Version: 1.0) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) neroxml (x32 Version: 1.0.0) Nexon Game Manager (x32) Nostale(DE) (x32) NVIDIA 3D Vision Controller-Treiber 306.97 (Version: 306.97) NVIDIA 3D Vision Treiber 311.06 (Version: 311.06) NVIDIA Display Control Panel (Version: 6.14.12.5933) NVIDIA Grafiktreiber 311.06 (Version: 311.06) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (x32 Version: 9.12.0604) NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106) NVIDIA Systemsteuerung 311.06 (Version: 311.06) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OpenOffice.org 3.4 (x32 Version: 3.4.9590) Packard Bell Game Console (x32) Packard Bell InfoCentre (x32 Version: 3.02.3000) Packard Bell Recovery Management (x32 Version: 4.05.3013) Packard Bell Registration (x32 Version: 1.03.3003) Packard Bell Software Suite SE (x32 Version: 2.01.3003) Packard Bell Updater (x32 Version: 1.02.3001) Pando Media Booster (x32 Version: 2.6.0.7) Penguins! (x32 Version: 2.2.0.95) Personal Backup 5.4 (Version: 5.3) Photo Frame (x32 Version: 5.0.0.8) Plants vs. Zombies (x32 Version: 2.2.0.95) Polar Bowler (x32 Version: 2.2.0.95) Polar Golfer (x32 Version: 2.2.0.95) PricePeep (x32 Version: 2.2.0.2) QuickTime (x32 Version: 7.73.80.64) raggler (Version: 2.10) Realtek Ethernet Controller Driver (x32 Version: 7.36.1224.2010) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6215) Recuva (Version: 1.45) Sandboxie 3.76 (64-bit) (Version: 3.76) Skype™ 6.5 (x32 Version: 6.5.158) SmartSound Quicktracks 5 (x32 Version: 5.1.8) TeamSpeak 3 Client (Version: 3.0.10.1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Vegas Pro 10.0 (x32 Version: 10.0.469) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95) VLC media player 1.1.11 (x32 Version: 1.1.11) Welcome Center (x32 Version: 1.02.3005) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3502.0922) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922) Yahoo! Detect (x32) Zuma Deluxe (x32 Version: 2.2.0.95) Zuma's Revenge (x32 Version: 2.2.0.95) ==================== Restore Points ========================= 22-07-2013 21:36:25 Windows Update 26-07-2013 11:54:56 Windows Update 30-07-2013 09:09:16 Windows Update 02-08-2013 18:40:31 Windows Update 07-08-2013 05:19:27 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-07-02 15:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {29167BCC-DD9B-44E7-8CE4-4DA604B652B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-02] (Adobe Systems Incorporated) Task: {6178E5FA-F4D1-4DFE-B781-9B7323E2D731} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20] (Google Inc.) Task: {625C2353-41EA-41E2-8F30-E947B645DE0C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {65738F87-BCEB-4C77-9401-EA952C7634E6} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {80E680BF-FB09-4B9D-9F69-62424CB0EA21} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {CED70DB7-B670-4621-BA7C-28987B6560F2} - System32\Tasks\Lyrics-Pal Update => C:\Program Files (x86)\LyricsPal\Lyrics.exe [2013-08-06] () Task: {E1779CF2-CBF8-43B7-99F1-EDEC2041569E} - System32\Tasks\User_Feed_Synchronization-{EBCA0B2F-EB0C-42F6-B99B-7B40F6563B87} => C:\Windows\system32\msfeedssync.exe [2013-03-30] (Microsoft Corporation) Task: {EDB056E6-CC01-4393-94CC-C34F1A752BAD} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe No File Task: {F097FDE0-9F48-4F5C-89E9-8B4DAE79FC2F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe No File Task: {FFC5FF38-E4D7-4965-B323-D8950085C9DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Lyrics-Pal Update.job => C:\Program Files (x86)\LyricsPal\Lyrics.exe ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: SAMSUNG Mobile USB Composite Device Description: SAMSUNG Mobile USB Composite Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: SAMSUNG Electronics Co., Ltd. Service: dg_ssudbus Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/09/2013 07:41:14 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (08/08/2013 09:44:33 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447 Name des fehlerhaften Moduls: NPSWF32_11_7_700_224.dll, Version: 11.7.700.224, Zeitstempel: 0x51a6761e Ausnahmecode: 0xc0000005 Fehleroffset: 0x007a859c ID des fehlerhaften Prozesses: 0xfec Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_7_700_224.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe1 Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe2 Berichtskennung: FlashPlayerPlugin_11_7_700_224.exe3 Error: (08/08/2013 08:35:48 PM) (Source: Application Hang) (User: ) Description: Programm BetterInstaller.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1d48 Startzeit: 01ce9465f8027f6b Endzeit: 16 Anwendungspfad: C:\Users\Rene\AppData\Local\Temp\BetterInstaller.exe Berichts-ID: Error: (08/06/2013 07:20:55 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (08/02/2013 10:21:13 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447 Name des fehlerhaften Moduls: NPSWF32_11_7_700_224.dll, Version: 11.7.700.224, Zeitstempel: 0x51a6761e Ausnahmecode: 0xc0000005 Fehleroffset: 0x007a854c ID des fehlerhaften Prozesses: 0x1d28 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_7_700_224.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe1 Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe2 Berichtskennung: FlashPlayerPlugin_11_7_700_224.exe3 Error: (07/31/2013 11:08:25 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (07/31/2013 03:07:21 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447 Name des fehlerhaften Moduls: NPSWF32_11_7_700_224.dll, Version: 11.7.700.224, Zeitstempel: 0x51a6761e Ausnahmecode: 0xc0000005 Fehleroffset: 0x007a850a ID des fehlerhaften Prozesses: 0x17c0 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_7_700_224.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe1 Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe2 Berichtskennung: FlashPlayerPlugin_11_7_700_224.exe3 Error: (07/27/2013 11:50:13 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (07/27/2013 00:18:00 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00173668 ID des fehlerhaften Prozesses: 0x1f18 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (07/26/2013 03:05:20 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe, Version: 11.7.700.224, Zeitstempel: 0x51a67447 Name des fehlerhaften Moduls: NPSWF32_11_7_700_224.dll, Version: 11.7.700.224, Zeitstempel: 0x51a6761e Ausnahmecode: 0xc0000005 Fehleroffset: 0x007b5b0e ID des fehlerhaften Prozesses: 0x1090 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_7_700_224.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_224.exe1 Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_7_700_224.exe2 Berichtskennung: FlashPlayerPlugin_11_7_700_224.exe3 System errors: ============= Error: (08/09/2013 04:24:58 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (08/09/2013 04:24:58 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (08/09/2013 04:22:54 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (08/09/2013 01:06:24 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (08/09/2013 01:06:24 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (08/09/2013 01:04:21 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (08/09/2013 07:18:50 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (08/09/2013 07:18:50 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (08/09/2013 07:16:48 AM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SBRE Error: (08/08/2013 07:49:58 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Microsoft Office Sessions: ========================= Error: (08/09/2013 07:41:14 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (08/08/2013 09:44:33 PM) (Source: Application Error)(User: ) Description: FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a67447NPSWF32_11_7_700_224.dll11.7.700.22451a6761ec0000005007a859cfec01ce94678cabc29aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dllf2806c3b-0062-11e3-ac75-bc05430be1a6 Error: (08/08/2013 08:35:48 PM) (Source: Application Hang)(User: ) Description: BetterInstaller.exe1.0.0.11d4801ce9465f8027f6b16C:\Users\Rene\AppData\Local\Temp\BetterInstaller.exe Error: (08/06/2013 07:20:55 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (08/02/2013 10:21:13 PM) (Source: Application Error)(User: ) Description: FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a67447NPSWF32_11_7_700_224.dll11.7.700.22451a6761ec0000005007a854c1d2801ce8fb3c38cbc5eC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll13702312-fbb1-11e2-859d-bc05430be1a6 Error: (07/31/2013 11:08:25 PM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (07/31/2013 03:07:21 PM) (Source: Application Error)(User: ) Description: FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a67447NPSWF32_11_7_700_224.dll11.7.700.22451a6761ec0000005007a850a17c001ce8dc11f4b08a1C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll22614797-f9e2-11e2-ab09-bc05430be1a6 Error: (07/27/2013 11:50:13 AM) (Source: SideBySide)(User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (07/27/2013 00:18:00 AM) (Source: Application Error)(User: ) Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc0000005001736681f1801ce8a4d6ee8f221C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll3aab6524-f641-11e2-abb3-bc05430be1a6 Error: (07/26/2013 03:05:20 PM) (Source: Application Error)(User: ) Description: FlashPlayerPlugin_11_7_700_224.exe11.7.700.22451a67447NPSWF32_11_7_700_224.dll11.7.700.22451a6761ec0000005007b5b0e109001ce89f6acbb8577C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll05c65ea6-f5f4-11e2-abb3-bc05430be1a6 CodeIntegrity Errors: =================================== Date: 2013-07-02 15:27:51.660 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-02 15:27:51.583 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 59% Total physical RAM: 6126.04 MB Available physical RAM: 2453.05 MB Total Pagefile: 12250.25 MB Available Pagefile: 8282.14 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:689.95 GB) (Free:511.75 GB) NTFS (Disk=0 Partition=3) Drive d: (DATA) (Fixed) (Total:690.21 GB) (Free:688.46 GB) NTFS (Disk=0 Partition=4) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 63632FAD) Partition 1: (Not Active) - (Size=17 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=690 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=690 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Rene (administrator) on 09-08-2013 19:17:45
Running from C:\Users\Rene\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(Entwell) C:\Program Files (x86)\NosTale(DE)\nostalex.dat
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Software Suite SE] - C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe [2275360 2009-09-29] (Acer Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [x]
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=10E3BC05430BE1A6&affID=123976&tt=070813_wt3&tsp=4968
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lyrics-Pal - {b54e96c1-85c3-410a-8db1-c276bc3535c4} - C:\Program Files (x86)\LyricsPal\126.dll (Lyrics-Pal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default
FF user.js: detected! => C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "no_proxies_on", "fritz.box,127.0.0.1:9421,localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Rene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\searchplugins\babylon.xml
FF Extension: PricePeep - C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\Extensions\pricepeep@getpricepeep.com
FF Extension: pricepeep - C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\Extensions\pricepeep@getpricepeep.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF HKCU\...\Firefox\Extensions: [{9309FA47-1B48-4768-AFA4-9E0556F5DC81}] C:\Program Files (x86)\LyricsPal\126.xpi
FF Extension: No Name - C:\Program Files (x86)\LyricsPal\126.xpi
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-02] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-27] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-04-25] (Avira GmbH)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-27] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-04-27] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
R3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
R3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
S3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 PDNSp50a64; System32\Drivers\PDNSp50a64.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-09 19:16 - 2013-08-09 19:16 - 01790169 _____ (Farbar) C:\Users\Rene\Downloads\FRST64.exe
2013-08-08 20:38 - 2013-08-08 20:38 - 00000000 ____D C:\Users\Rene\Documents\My Cheat Tables
2013-08-08 20:36 - 2013-08-08 20:36 - 00001097 _____ C:\Users\Rene\Desktop\Cheat Engine.lnk
2013-08-08 20:36 - 2013-08-08 20:36 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-08-08 20:36 - 2013-08-08 20:36 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.1
2013-08-08 20:35 - 2013-08-09 16:23 - 00000372 _____ C:\Windows\Tasks\Lyrics-Pal Update.job
2013-08-08 20:35 - 2013-08-08 20:35 - 00003018 _____ C:\Windows\System32\Tasks\Lyrics-Pal Update
2013-08-08 20:35 - 2013-08-08 20:35 - 00000000 ____D C:\Users\Rene\AppData\Roaming\Babylon
2013-08-08 20:35 - 2013-08-08 20:35 - 00000000 ____D C:\ProgramData\Babylon
2013-08-08 20:35 - 2013-08-08 20:35 - 00000000 ____D C:\Program Files (x86)\LyricsPal
2013-08-08 20:34 - 2013-08-08 20:34 - 00606624 _____ (www.download-sponsor.de) C:\Users\Rene\Downloads\Cheat Engine - CHIP-Downloader.exe
2013-08-04 00:04 - 2013-08-04 00:04 - 00000011 _____ C:\Users\Rene\Desktop\Neues Textdokument (4).TXT
2013-07-28 17:54 - 2013-07-28 17:54 - 00007387 _____ C:\Users\Rene\Desktop\Standards im Ticket.TXT
2013-07-25 21:23 - 2013-07-25 21:23 - 00000237 _____ C:\Users\Rene\Desktop\Neues Textdokument (3).TXT
2013-07-21 13:34 - 2013-07-21 13:34 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-07-21 13:34 - 2013-07-21 13:34 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-21 13:34 - 2013-07-21 13:34 - 00000000 ____D C:\Riot Games
2013-07-21 13:31 - 2013-08-07 16:58 - 00000000 ____D C:\Users\Rene\AppData\Local\PMB Files
2013-07-21 13:31 - 2013-08-07 16:57 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-21 13:31 - 2013-07-21 13:31 - 00000000 ____D C:\Users\Rene\AppData\Roaming\Riot Games
2013-07-21 12:51 - 2013-07-21 12:52 - 34888568 _____ (Riot Games) C:\Users\Rene\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2013-07-20 20:47 - 2013-07-20 20:47 - 00001779 _____ C:\Users\Rene\Documents\OnlineGamesNet Account.eml
2013-07-13 18:21 - 2013-07-13 18:26 - 00000000 ____D C:\Users\Rene\Desktop\Lehrgang TH
2013-07-12 11:59 - 2013-07-22 22:04 - 00001287 _____ C:\Users\Rene\Desktop\Neues Textdokument (2).TXT
2013-07-12 01:10 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 01:10 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 01:10 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 01:10 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 01:10 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 01:10 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 01:10 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 01:10 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 01:10 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 01:10 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 01:10 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 01:10 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 01:10 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 01:10 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 01:10 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 01:10 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 01:10 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 01:10 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 01:10 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 01:10 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 01:10 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 01:10 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 01:10 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 01:10 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 01:10 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 01:10 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 01:10 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 01:10 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 01:10 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 01:10 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 01:10 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 13:12 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 13:12 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 13:12 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 13:12 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 13:12 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 13:12 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 13:12 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2013-08-09 19:17 - 2013-08-09 19:17 - 00000000 ____D C:\FRST
2013-08-09 19:16 - 2013-08-09 19:16 - 01790169 _____ (Farbar) C:\Users\Rene\Downloads\FRST64.exe
2013-08-09 19:06 - 2013-02-12 15:43 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 19:06 - 2011-08-01 21:36 - 00000000 ____D C:\Users\Rene\AppData\Roaming\Skype
2013-08-09 18:31 - 2013-06-21 15:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 18:19 - 2011-08-01 23:17 - 00000000 ____D C:\Users\Rene\AppData\Roaming\mIRC
2013-08-09 17:56 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 17:56 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 17:55 - 2011-08-01 23:53 - 00000000 ____D C:\Program Files (x86)\NosTale(DE)
2013-08-09 17:52 - 2013-07-02 18:54 - 00005010 _____ C:\Windows\setupact.log
2013-08-09 17:52 - 2011-03-30 10:13 - 01589068 _____ C:\Windows\WindowsUpdate.log
2013-08-09 17:06 - 2013-02-12 15:43 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 16:23 - 2013-08-08 20:35 - 00000372 _____ C:\Windows\Tasks\Lyrics-Pal Update.job
2013-08-09 16:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-08-09 16:22 - 2012-11-07 08:15 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-09 16:22 - 2011-08-01 21:18 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-08-09 16:22 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 07:16 - 2013-07-02 19:05 - 00003450 _____ C:\Windows\PFRO.log
2013-08-08 21:44 - 2011-08-06 21:44 - 00000000 ____D C:\Users\Rene\AppData\Local\CrashDumps
2013-08-08 20:38 - 2013-08-08 20:38 - 00000000 ____D C:\Users\Rene\Documents\My Cheat Tables
2013-08-08 20:36 - 2013-08-08 20:36 - 00001097 _____ C:\Users\Rene\Desktop\Cheat Engine.lnk
2013-08-08 20:36 - 2013-08-08 20:36 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-08-08 20:36 - 2013-08-08 20:36 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.1
2013-08-08 20:35 - 2013-08-08 20:35 - 00003018 _____ C:\Windows\System32\Tasks\Lyrics-Pal Update
2013-08-08 20:35 - 2013-08-08 20:35 - 00000000 ____D C:\Users\Rene\AppData\Roaming\Babylon
2013-08-08 20:35 - 2013-08-08 20:35 - 00000000 ____D C:\ProgramData\Babylon
2013-08-08 20:35 - 2013-08-08 20:35 - 00000000 ____D C:\Program Files (x86)\LyricsPal
2013-08-08 20:35 - 2013-07-03 00:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-08 20:34 - 2013-08-08 20:34 - 00606624 _____ (www.download-sponsor.de) C:\Users\Rene\Downloads\Cheat Engine - CHIP-Downloader.exe
2013-08-08 18:40 - 2011-08-04 23:02 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EBCA0B2F-EB0C-42F6-B99B-7B40F6563B87}
2013-08-07 16:58 - 2013-07-21 13:31 - 00000000 ____D C:\Users\Rene\AppData\Local\PMB Files
2013-08-07 16:57 - 2013-07-21 13:31 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-04 00:04 - 2013-08-04 00:04 - 00000011 _____ C:\Users\Rene\Desktop\Neues Textdokument (4).TXT
2013-07-31 22:04 - 2011-09-11 21:31 - 00000000 ____D C:\Users\Rene\AppData\Roaming\TS3Client
2013-07-28 17:54 - 2013-07-28 17:54 - 00007387 _____ C:\Users\Rene\Desktop\Standards im Ticket.TXT
2013-07-25 21:23 - 2013-07-25 21:23 - 00000237 _____ C:\Users\Rene\Desktop\Neues Textdokument (3).TXT
2013-07-22 22:04 - 2013-07-12 11:59 - 00001287 _____ C:\Users\Rene\Desktop\Neues Textdokument (2).TXT
2013-07-21 13:34 - 2013-07-21 13:34 - 00001613 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-07-21 13:34 - 2013-07-21 13:34 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-07-21 13:34 - 2013-07-21 13:34 - 00000000 ____D C:\Riot Games
2013-07-21 13:31 - 2013-07-21 13:31 - 00000000 ____D C:\Users\Rene\AppData\Roaming\Riot Games
2013-07-21 12:52 - 2013-07-21 12:51 - 34888568 _____ (Riot Games) C:\Users\Rene\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe
2013-07-20 20:47 - 2013-07-20 20:47 - 00001779 _____ C:\Users\Rene\Documents\OnlineGamesNet Account.eml
2013-07-15 15:17 - 2011-03-29 03:12 - 00654594 _____ C:\Windows\system32\perfh007.dat
2013-07-15 15:17 - 2011-03-29 03:12 - 00130208 _____ C:\Windows\system32\perfc007.dat
2013-07-15 15:17 - 2009-07-14 07:13 - 01500254 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-13 18:26 - 2013-07-13 18:21 - 00000000 ____D C:\Users\Rene\Desktop\Lehrgang TH
2013-07-13 17:01 - 2013-02-12 15:43 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 17:01 - 2013-02-12 15:43 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 11:39 - 2009-07-14 06:45 - 00309336 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 11:39 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2013-07-12 11:38 - 2012-09-06 12:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 11:38 - 2012-09-06 12:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 11:38 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 11:38 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 11:38 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 01:11 - 2011-08-02 00:57 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 00:00
==================== End Of Log ============================
|
|
09.08.2013, 18:53
| #4 |
| /// Malware-holic | Werbung überall Hi, wichtig: wenn du in Zukunft Software instalierst, mache das direkt vom Hersteller, nich über Seiten wie Chip.de - wenn du ein Programm instalierst, google dies mit dem Stichwort Adware, dass kann bereits helfen auszufiltern. - Lies die Lizenz bzw AGB's suche nach Drittanbietersoftware. - instaliere immer benutzerdefiniert, um evtl. Toolbars etc abwählen zu können. Der Trend bei kostenloser Software Toolbars oder sonstigen Unsinn einzufügen wird immer "stärker" werden und da seit ihr als Nutzer gefragt, wenn ihr nicht ständig irgendwelchen Unsinn auf dem PC haben wollt :-( es sind 2 Logs zu erstellen, bitte gleichzeitig posten. 1. deinstaliere: Wenn es Probleme bei der deinstalation eines Programmes gibt, nutze Rewo. Revo Uninstaller - Download - Filepony Adobe Photoshop Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Agatha Audacity Audiograbber Bejeweled Bundled Cheat Chuzzle CyberLink : falls für dich unnötig Diner Farm FATE Insaniquarium Java 7 Update 21 Jewel John Lyrics-Pal Penguins Personal Photo Frame Plants vs Polar Bowler Polar Golfer PricePeep raggler Virtual Villagers Yahoo: beide Zuma Neustart. 2. Scan mit Combofix
3. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.08.2013, 13:55
| #5 |
| | Werbung überall Konnte nicht alle Programme entfernen, sprich wurden nicht alle angezeigt. Hier die Logs: Combofix Code:
ATTFilter ComboFix 13-08-09.02 - Rene 09.08.2013 21:12:14.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6126.4498 [GMT 2:00]
ausgeführt von:: c:\users\Rene\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\extensions\pricepeep@getpricepeep.com.xpi
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-09 bis 2013-08-09 ))))))))))))))))))))))))))))))
.
.
2013-08-09 19:16 . 2013-08-09 19:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-09 19:16 . 2013-08-09 19:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-09 19:16 . 2013-08-09 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-09 18:42 . 2013-08-09 18:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-09 18:42 . 2013-08-09 18:45 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-09 18:25 . 2013-08-09 18:25 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-08-09 18:19 . 2013-08-09 18:19 -------- d-----w- c:\users\Rene\AppData\Roaming\Avira
2013-08-09 18:14 . 2013-08-09 18:14 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-08-09 18:13 . 2013-08-09 18:09 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-09 18:13 . 2013-08-09 18:09 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-09 18:13 . 2013-08-09 18:09 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-09 18:13 . 2013-08-09 18:13 -------- d-----w- c:\program files (x86)\Avira
2013-08-09 17:17 . 2013-08-09 17:17 -------- d-----w- C:\FRST
2013-08-08 18:35 . 2013-08-08 18:35 -------- d-----w- c:\users\Rene\AppData\Roaming\Babylon
2013-08-08 18:35 . 2013-08-08 18:35 -------- d-----w- c:\programdata\Babylon
2013-08-08 18:35 . 2013-08-08 18:35 -------- d-----w- c:\program files (x86)\LyricsPal
2013-08-07 05:19 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FED3C661-3431-454A-BE54-DCA807FA8097}\mpengine.dll
2013-07-21 11:34 . 2013-07-21 11:34 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-07-21 11:34 . 2013-07-21 11:34 -------- d-----w- C:\Riot Games
2013-07-21 11:31 . 2013-08-07 14:58 -------- d-----w- c:\users\Rene\AppData\Local\PMB Files
2013-07-21 11:31 . 2013-08-07 14:57 -------- d-----w- c:\programdata\PMB Files
2013-07-21 11:31 . 2013-07-21 11:31 -------- d-----w- c:\users\Rene\AppData\Roaming\Riot Games
2013-07-11 11:12 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 23:11 . 2011-08-01 22:57 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-27 12:09 . 2013-06-20 19:15 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-12 19:48 . 2012-05-09 05:46 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 19:48 . 2011-08-17 21:48 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 19:47 . 2013-06-20 19:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-20 15:24 . 2012-06-12 14:50 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-05-18 18:12 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 11:42 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 11:42 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 11:42 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 11:42 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 11:42 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 11:42 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 11:42 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 11:42 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 11:42 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 11:42 43008 ----a-w- c:\windows\SysWow64\certenc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{b54e96c1-85c3-410a-8db1-c276bc3535c4}]
2013-08-06 20:58 137728 ----a-w- c:\program files (x86)\LyricsPal\126.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Suite SE"="c:\program files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe" [2009-09-29 2275360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-09 345144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 PDNSp50a64;PDNSp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PDNSp50a64.sys;c:\windows\SYSNATIVE\Drivers\PDNSp50a64.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb4.sys [x]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-09 18:45]
.
2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 22:21]
.
2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 22:21]
.
2013-08-09 c:\windows\Tasks\Lyrics-Pal Update.job
- c:\program files (x86)\LyricsPal\Lyrics.exe [2013-08-06 20:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = fritz.box;127.0.0.1:9421;<local>
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-08-08 20:35; {9309FA47-1B48-4768-AFA4-9E0556F5DC81}; c:\program files (x86)\LyricsPal\126.xpi
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 10e3a21a000000000000bc05430be1a6
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15925
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.020:35
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=123976&tt=070813_wt3&tsp=4968
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-09 21:18:26
ComboFix-quarantined-files.txt 2013-08-09 19:18
.
Vor Suchlauf: 20 Verzeichnis(se), 550.795.546.624 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 552.040.083.456 Bytes frei
.
- - End Of File - - D5444B1499B598B7BC827FC3214FC233
D41D8CD98F00B204E9800998ECF8427E
Code:
ATTFilter 21:20:54.0472 2532 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:20:54.0715 2532 ============================================================
21:20:54.0715 2532 Current date / time: 2013/08/09 21:20:54.0715
21:20:54.0715 2532 SystemInfo:
21:20:54.0715 2532
21:20:54.0716 2532 OS Version: 6.1.7601 ServicePack: 1.0
21:20:54.0716 2532 Product type: Workstation
21:20:54.0716 2532 ComputerName: COMPUTER
21:20:54.0716 2532 UserName: Rene
21:20:54.0716 2532 Windows directory: C:\Windows
21:20:54.0716 2532 System windows directory: C:\Windows
21:20:54.0716 2532 Running under WOW64
21:20:54.0716 2532 Processor architecture: Intel x64
21:20:54.0716 2532 Number of processors: 8
21:20:54.0716 2532 Page size: 0x1000
21:20:54.0716 2532 Boot type: Normal boot
21:20:54.0716 2532 ============================================================
21:20:55.0023 2532 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:20:55.0059 2532 ============================================================
21:20:55.0059 2532 \Device\Harddisk0\DR0:
21:20:55.0059 2532 MBR partitions:
21:20:55.0059 2532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
21:20:55.0059 2532 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0x563E7000
21:20:55.0059 2532 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x58619800, BlocksNum 0x5646D800
21:20:55.0059 2532 ============================================================
21:20:55.0076 2532 C: <-> \Device\Harddisk0\DR0\Partition2
21:20:55.0116 2532 D: <-> \Device\Harddisk0\DR0\Partition3
21:20:55.0116 2532 ============================================================
21:20:55.0116 2532 Initialize success
21:20:55.0116 2532 ============================================================
21:21:19.0522 1060 ============================================================
21:21:19.0522 1060 Scan started
21:21:19.0522 1060 Mode: Manual; SigCheck; TDLFS;
21:21:19.0522 1060 ============================================================
21:21:19.0734 1060 ================ Scan system memory ========================
21:21:19.0734 1060 System memory - ok
21:21:19.0735 1060 ================ Scan services =============================
21:21:19.0866 1060 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:21:19.0938 1060 1394ohci - ok
21:21:19.0958 1060 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:21:19.0972 1060 ACPI - ok
21:21:19.0983 1060 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:21:20.0022 1060 AcpiPmi - ok
21:21:20.0102 1060 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:21:20.0115 1060 AdobeARMservice - ok
21:21:20.0202 1060 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:21:20.0216 1060 AdobeFlashPlayerUpdateSvc - ok
21:21:20.0255 1060 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:21:20.0268 1060 adp94xx - ok
21:21:20.0288 1060 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:21:20.0299 1060 adpahci - ok
21:21:20.0312 1060 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:21:20.0321 1060 adpu320 - ok
21:21:20.0336 1060 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:21:20.0358 1060 AeLookupSvc - ok
21:21:20.0397 1060 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:21:20.0434 1060 AFD - ok
21:21:20.0446 1060 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:21:20.0452 1060 agp440 - ok
21:21:20.0461 1060 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:21:20.0480 1060 ALG - ok
21:21:20.0490 1060 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:21:20.0496 1060 aliide - ok
21:21:20.0501 1060 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:21:20.0507 1060 amdide - ok
21:21:20.0521 1060 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:21:20.0553 1060 AmdK8 - ok
21:21:20.0565 1060 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:21:20.0596 1060 AmdPPM - ok
21:21:20.0617 1060 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:21:20.0629 1060 amdsata - ok
21:21:20.0650 1060 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:21:20.0658 1060 amdsbs - ok
21:21:20.0671 1060 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:21:20.0677 1060 amdxata - ok
21:21:20.0696 1060 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
21:21:20.0716 1060 androidusb - ok
21:21:20.0871 1060 [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:21:20.0881 1060 AntiVirSchedulerService - ok
21:21:20.0963 1060 [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:21:20.0973 1060 AntiVirService - ok
21:21:21.0035 1060 [ 53DDEA96AA407C3E2BCEF68A44E31A59 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:21:21.0054 1060 AntiVirWebService - ok
21:21:21.0077 1060 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:21:21.0144 1060 AppID - ok
21:21:21.0167 1060 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:21:21.0225 1060 AppIDSvc - ok
21:21:21.0250 1060 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
21:21:21.0284 1060 Appinfo - ok
21:21:21.0291 1060 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:21:21.0305 1060 arc - ok
21:21:21.0310 1060 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:21:21.0317 1060 arcsas - ok
21:21:21.0336 1060 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:21:21.0359 1060 AsyncMac - ok
21:21:21.0386 1060 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:21:21.0393 1060 atapi - ok
21:21:21.0426 1060 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:21:21.0457 1060 AudioEndpointBuilder - ok
21:21:21.0464 1060 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:21:21.0488 1060 AudioSrv - ok
21:21:21.0549 1060 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:21:21.0563 1060 avgntflt - ok
21:21:21.0594 1060 [ 34E9A86B0EF71BA72B58D72215EBFABC ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
21:21:21.0608 1060 avgtp - ok
21:21:21.0644 1060 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:21:21.0659 1060 avipbb - ok
21:21:21.0687 1060 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:21:21.0699 1060 avkmgr - ok
21:21:21.0742 1060 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
21:21:21.0766 1060 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
21:21:21.0766 1060 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
21:21:21.0792 1060 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
21:21:21.0804 1060 avmeject - ok
21:21:21.0828 1060 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:21:21.0865 1060 AxInstSV - ok
21:21:21.0893 1060 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:21:21.0925 1060 b06bdrv - ok
21:21:21.0939 1060 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:21:21.0964 1060 b57nd60a - ok
21:21:21.0977 1060 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:21:21.0991 1060 BDESVC - ok
21:21:22.0004 1060 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:21:22.0062 1060 Beep - ok
21:21:22.0109 1060 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:21:22.0172 1060 BFE - ok
21:21:22.0201 1060 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:21:22.0228 1060 BITS - ok
21:21:22.0231 1060 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:21:22.0247 1060 blbdrive - ok
21:21:22.0273 1060 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:21:22.0318 1060 bowser - ok
21:21:22.0336 1060 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:21:22.0376 1060 BrFiltLo - ok
21:21:22.0379 1060 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:21:22.0393 1060 BrFiltUp - ok
21:21:22.0397 1060 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:21:22.0432 1060 BridgeMP - ok
21:21:22.0469 1060 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:21:22.0477 1060 Browser - ok
21:21:22.0490 1060 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:21:22.0505 1060 Brserid - ok
21:21:22.0519 1060 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:21:22.0528 1060 BrSerWdm - ok
21:21:22.0530 1060 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:21:22.0544 1060 BrUsbMdm - ok
21:21:22.0547 1060 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:21:22.0554 1060 BrUsbSer - ok
21:21:22.0565 1060 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:21:22.0574 1060 BTHMODEM - ok
21:21:22.0589 1060 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:21:22.0610 1060 bthserv - ok
21:21:22.0636 1060 catchme - ok
21:21:22.0650 1060 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:21:22.0672 1060 cdfs - ok
21:21:22.0689 1060 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:21:22.0708 1060 cdrom - ok
21:21:22.0727 1060 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:21:22.0749 1060 CertPropSvc - ok
21:21:22.0763 1060 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:21:22.0773 1060 circlass - ok
21:21:22.0784 1060 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:21:22.0793 1060 CLFS - ok
21:21:22.0853 1060 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:21:22.0866 1060 clr_optimization_v2.0.50727_32 - ok
21:21:22.0896 1060 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:21:22.0906 1060 clr_optimization_v2.0.50727_64 - ok
21:21:22.0982 1060 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:21:22.0990 1060 clr_optimization_v4.0.30319_32 - ok
21:21:23.0012 1060 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:21:23.0019 1060 clr_optimization_v4.0.30319_64 - ok
21:21:23.0026 1060 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:21:23.0041 1060 CmBatt - ok
21:21:23.0051 1060 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:21:23.0058 1060 cmdide - ok
21:21:23.0079 1060 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:21:23.0110 1060 CNG - ok
21:21:23.0125 1060 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:21:23.0132 1060 Compbatt - ok
21:21:23.0154 1060 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:21:23.0165 1060 CompositeBus - ok
21:21:23.0177 1060 COMSysApp - ok
21:21:23.0195 1060 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:21:23.0203 1060 crcdisk - ok
21:21:23.0231 1060 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:21:23.0240 1060 CryptSvc - ok
21:21:23.0296 1060 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:21:23.0312 1060 cvhsvc - ok
21:21:23.0332 1060 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:21:23.0357 1060 DcomLaunch - ok
21:21:23.0368 1060 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:21:23.0402 1060 defragsvc - ok
21:21:23.0423 1060 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:21:23.0444 1060 DfsC - ok
21:21:23.0461 1060 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
21:21:23.0467 1060 dg_ssudbus - ok
21:21:23.0503 1060 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:21:23.0512 1060 Dhcp - ok
21:21:23.0527 1060 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:21:23.0557 1060 discache - ok
21:21:23.0569 1060 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:21:23.0576 1060 Disk - ok
21:21:23.0602 1060 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:21:23.0631 1060 Dnscache - ok
21:21:23.0657 1060 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:21:23.0706 1060 dot3svc - ok
21:21:23.0743 1060 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:21:23.0765 1060 DPS - ok
21:21:23.0788 1060 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:21:23.0820 1060 drmkaud - ok
21:21:23.0855 1060 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:21:23.0885 1060 DXGKrnl - ok
21:21:23.0918 1060 [ 426A0AE0B9F4F1CF4BA6FAF4EE28E5B0 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
21:21:23.0935 1060 e1cexpress - ok
21:21:23.0939 1060 EagleX64 - ok
21:21:23.0946 1060 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:21:23.0973 1060 EapHost - ok
21:21:24.0053 1060 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:21:24.0096 1060 ebdrv - ok
21:21:24.0122 1060 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:21:24.0129 1060 EFS - ok
21:21:24.0183 1060 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:21:24.0196 1060 ehRecvr - ok
21:21:24.0222 1060 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:21:24.0243 1060 ehSched - ok
21:21:24.0259 1060 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:21:24.0270 1060 elxstor - ok
21:21:24.0285 1060 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:21:24.0305 1060 ErrDev - ok
21:21:24.0329 1060 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:21:24.0353 1060 EventSystem - ok
21:21:24.0363 1060 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:21:24.0386 1060 exfat - ok
21:21:24.0396 1060 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:21:24.0426 1060 fastfat - ok
21:21:24.0488 1060 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:21:24.0509 1060 Fax - ok
21:21:24.0524 1060 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:21:24.0531 1060 fdc - ok
21:21:24.0542 1060 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:21:24.0564 1060 fdPHost - ok
21:21:24.0566 1060 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:21:24.0587 1060 FDResPub - ok
21:21:24.0611 1060 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:21:24.0617 1060 FileInfo - ok
21:21:24.0624 1060 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:21:24.0645 1060 Filetrace - ok
21:21:24.0680 1060 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:21:24.0693 1060 FLEXnet Licensing Service - ok
21:21:24.0695 1060 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:21:24.0702 1060 flpydisk - ok
21:21:24.0726 1060 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:21:24.0735 1060 FltMgr - ok
21:21:24.0776 1060 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:21:24.0804 1060 FontCache - ok
21:21:24.0865 1060 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:21:24.0876 1060 FontCache3.0.0.0 - ok
21:21:24.0893 1060 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:21:24.0900 1060 FsDepends - ok
21:21:24.0925 1060 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:21:24.0932 1060 Fs_Rec - ok
21:21:24.0961 1060 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:21:24.0972 1060 fvevol - ok
21:21:25.0002 1060 [ 4632BB93B668004965246D7911E2DD05 ] fwlanusb4 C:\Windows\system32\DRIVERS\fwlanusb4.sys
21:21:25.0022 1060 fwlanusb4 - ok
21:21:25.0033 1060 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:21:25.0040 1060 gagp30kx - ok
21:21:25.0093 1060 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
21:21:25.0107 1060 GameConsoleService - ok
21:21:25.0137 1060 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:21:25.0180 1060 gpsvc - ok
21:21:25.0213 1060 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
21:21:25.0224 1060 GREGService - ok
21:21:25.0270 1060 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:21:25.0283 1060 gupdate - ok
21:21:25.0302 1060 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:21:25.0314 1060 gupdatem - ok
21:21:25.0342 1060 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:21:25.0353 1060 hamachi - ok
21:21:25.0371 1060 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:21:25.0390 1060 hcw85cir - ok
21:21:25.0422 1060 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:21:25.0445 1060 HdAudAddService - ok
21:21:25.0457 1060 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:21:25.0491 1060 HDAudBus - ok
21:21:25.0506 1060 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:21:25.0520 1060 HidBatt - ok
21:21:25.0540 1060 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:21:25.0566 1060 HidBth - ok
21:21:25.0570 1060 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:21:25.0592 1060 HidIr - ok
21:21:25.0616 1060 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:21:25.0657 1060 hidserv - ok
21:21:25.0697 1060 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:21:25.0711 1060 HidUsb - ok
21:21:25.0747 1060 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:21:25.0792 1060 hkmsvc - ok
21:21:25.0831 1060 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:21:25.0842 1060 HomeGroupListener - ok
21:21:25.0859 1060 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:21:25.0877 1060 HomeGroupProvider - ok
21:21:25.0885 1060 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:21:25.0893 1060 HpSAMD - ok
21:21:25.0936 1060 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:21:25.0979 1060 HTTP - ok
21:21:25.0990 1060 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:21:25.0998 1060 hwpolicy - ok
21:21:26.0028 1060 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:21:26.0038 1060 i8042prt - ok
21:21:26.0078 1060 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:21:26.0097 1060 iaStor - ok
21:21:26.0128 1060 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:21:26.0136 1060 IAStorDataMgrSvc - ok
21:21:26.0162 1060 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:21:26.0177 1060 iaStorV - ok
21:21:26.0219 1060 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:21:26.0239 1060 idsvc - ok
21:21:26.0256 1060 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:21:26.0266 1060 iirsp - ok
21:21:26.0305 1060 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:21:26.0361 1060 IKEEXT - ok
21:21:26.0441 1060 [ C03463214D23B46B991F582821C8DF69 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:21:26.0482 1060 IntcAzAudAddService - ok
21:21:26.0513 1060 [ FB2DE1F382BA4BF0B4E30A006C8B925E ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
21:21:26.0520 1060 Intel(R) PROSet Monitoring Service - ok
21:21:26.0544 1060 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:21:26.0551 1060 intelide - ok
21:21:26.0553 1060 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:21:26.0576 1060 intelppm - ok
21:21:26.0606 1060 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:21:26.0629 1060 IPBusEnum - ok
21:21:26.0659 1060 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:21:26.0686 1060 IpFilterDriver - ok
21:21:26.0716 1060 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:21:26.0741 1060 iphlpsvc - ok
21:21:26.0756 1060 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:21:26.0764 1060 IPMIDRV - ok
21:21:26.0775 1060 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:21:26.0805 1060 IPNAT - ok
21:21:26.0835 1060 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:21:26.0896 1060 IRENUM - ok
21:21:26.0904 1060 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:21:26.0911 1060 isapnp - ok
21:21:26.0923 1060 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:21:26.0933 1060 iScsiPrt - ok
21:21:26.0964 1060 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:21:26.0971 1060 kbdclass - ok
21:21:26.0978 1060 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:21:27.0002 1060 kbdhid - ok
21:21:27.0014 1060 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:21:27.0023 1060 KeyIso - ok
21:21:27.0046 1060 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:21:27.0054 1060 KSecDD - ok
21:21:27.0080 1060 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:21:27.0089 1060 KSecPkg - ok
21:21:27.0095 1060 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:21:27.0121 1060 ksthunk - ok
21:21:27.0167 1060 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:21:27.0233 1060 KtmRm - ok
21:21:27.0273 1060 [ 86DCBF8A41C78561A1DA07AB5E7B1CCC ] LADF_DHP2 C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
21:21:27.0284 1060 LADF_DHP2 - ok
21:21:27.0297 1060 [ 175C04C7813CE64616B5CB046E5E1383 ] LADF_SBVM C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
21:21:27.0312 1060 LADF_SBVM - ok
21:21:27.0349 1060 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:21:27.0400 1060 LanmanServer - ok
21:21:27.0415 1060 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:21:27.0437 1060 LanmanWorkstation - ok
21:21:27.0539 1060 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:21:27.0557 1060 LBTServ - ok
21:21:27.0585 1060 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
21:21:27.0597 1060 LGBusEnum - ok
21:21:27.0637 1060 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
21:21:27.0648 1060 LGVirHid - ok
21:21:27.0659 1060 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:21:27.0671 1060 LHidFilt - ok
21:21:27.0695 1060 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:21:27.0739 1060 lltdio - ok
21:21:27.0772 1060 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:21:27.0813 1060 lltdsvc - ok
21:21:27.0823 1060 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:21:27.0853 1060 lmhosts - ok
21:21:27.0864 1060 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:21:27.0872 1060 LMouFilt - ok
21:21:27.0916 1060 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:21:27.0933 1060 LMS - ok
21:21:27.0950 1060 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:21:27.0962 1060 LSI_FC - ok
21:21:27.0969 1060 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:21:27.0980 1060 LSI_SAS - ok
21:21:27.0999 1060 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:21:28.0010 1060 LSI_SAS2 - ok
21:21:28.0025 1060 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:21:28.0037 1060 LSI_SCSI - ok
21:21:28.0071 1060 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:21:28.0113 1060 luafv - ok
21:21:28.0135 1060 [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
21:21:28.0142 1060 ManyCam - ok
21:21:28.0205 1060 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:21:28.0215 1060 MBAMProtector - ok
21:21:28.0258 1060 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:21:28.0271 1060 MBAMScheduler - ok
21:21:28.0293 1060 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:21:28.0309 1060 MBAMService - ok
21:21:28.0336 1060 [ 2E7FFDEF8BAFD04CBB517507B821E878 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
21:21:28.0364 1060 mcaudrv_simple - ok
21:21:28.0394 1060 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:21:28.0416 1060 Mcx2Svc - ok
21:21:28.0429 1060 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:21:28.0442 1060 megasas - ok
21:21:28.0456 1060 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:21:28.0474 1060 MegaSR - ok
21:21:28.0487 1060 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:21:28.0494 1060 MEIx64 - ok
21:21:28.0514 1060 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:21:28.0542 1060 MMCSS - ok
21:21:28.0558 1060 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:21:28.0585 1060 Modem - ok
21:21:28.0605 1060 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:21:28.0614 1060 monitor - ok
21:21:28.0620 1060 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:21:28.0627 1060 mouclass - ok
21:21:28.0633 1060 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:21:28.0640 1060 mouhid - ok
21:21:28.0663 1060 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:21:28.0670 1060 mountmgr - ok
21:21:28.0719 1060 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:21:28.0732 1060 MozillaMaintenance - ok
21:21:28.0746 1060 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:21:28.0757 1060 mpio - ok
21:21:28.0775 1060 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:21:28.0803 1060 mpsdrv - ok
21:21:28.0844 1060 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:21:28.0876 1060 MpsSvc - ok
21:21:28.0902 1060 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:21:28.0913 1060 MRxDAV - ok
21:21:28.0942 1060 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:21:28.0967 1060 mrxsmb - ok
21:21:29.0000 1060 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:21:29.0022 1060 mrxsmb10 - ok
21:21:29.0035 1060 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:21:29.0054 1060 mrxsmb20 - ok
21:21:29.0077 1060 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:21:29.0086 1060 msahci - ok
21:21:29.0106 1060 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:21:29.0117 1060 msdsm - ok
21:21:29.0131 1060 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:21:29.0150 1060 MSDTC - ok
21:21:29.0174 1060 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:21:29.0212 1060 Msfs - ok
21:21:29.0230 1060 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:21:29.0277 1060 mshidkmdf - ok
21:21:29.0284 1060 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:21:29.0292 1060 msisadrv - ok
21:21:29.0313 1060 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:21:29.0336 1060 MSiSCSI - ok
21:21:29.0338 1060 msiserver - ok
21:21:29.0361 1060 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:21:29.0383 1060 MSKSSRV - ok
21:21:29.0395 1060 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:21:29.0416 1060 MSPCLOCK - ok
21:21:29.0431 1060 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:21:29.0465 1060 MSPQM - ok
21:21:29.0481 1060 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:21:29.0491 1060 MsRPC - ok
21:21:29.0509 1060 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:21:29.0515 1060 mssmbios - ok
21:21:29.0517 1060 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:21:29.0579 1060 MSTEE - ok
21:21:29.0592 1060 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:21:29.0615 1060 MTConfig - ok
21:21:29.0645 1060 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:21:29.0654 1060 Mup - ok
21:21:29.0683 1060 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:21:29.0742 1060 napagent - ok
21:21:29.0782 1060 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:21:29.0816 1060 NativeWifiP - ok
21:21:29.0855 1060 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:21:29.0875 1060 NDIS - ok
21:21:29.0890 1060 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:21:29.0919 1060 NdisCap - ok
21:21:29.0938 1060 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:21:29.0959 1060 NdisTapi - ok
21:21:29.0999 1060 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:21:30.0020 1060 Ndisuio - ok
21:21:30.0040 1060 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:21:30.0062 1060 NdisWan - ok
21:21:30.0098 1060 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:21:30.0141 1060 NDProxy - ok
21:21:30.0155 1060 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:21:30.0197 1060 NetBIOS - ok
21:21:30.0210 1060 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:21:30.0245 1060 NetBT - ok
21:21:30.0254 1060 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:21:30.0261 1060 Netlogon - ok
21:21:30.0289 1060 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:21:30.0312 1060 Netman - ok
21:21:30.0331 1060 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:21:30.0369 1060 netprofm - ok
21:21:30.0394 1060 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:21:30.0400 1060 NetTcpPortSharing - ok
21:21:30.0420 1060 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:21:30.0426 1060 nfrd960 - ok
21:21:30.0450 1060 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:21:30.0459 1060 NlaSvc - ok
21:21:30.0462 1060 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:21:30.0483 1060 Npfs - ok
21:21:30.0500 1060 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:21:30.0522 1060 nsi - ok
21:21:30.0532 1060 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:21:30.0563 1060 nsiproxy - ok
21:21:30.0616 1060 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:21:30.0650 1060 Ntfs - ok
21:21:30.0660 1060 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:21:30.0681 1060 Null - ok
21:21:30.0716 1060 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:21:30.0724 1060 NVHDA - ok
21:21:30.0920 1060 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:21:31.0036 1060 nvlddmkm - ok
21:21:31.0074 1060 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:21:31.0081 1060 nvraid - ok
21:21:31.0097 1060 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:21:31.0105 1060 nvstor - ok
21:21:31.0146 1060 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:21:31.0161 1060 nvsvc - ok
21:21:31.0217 1060 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:21:31.0235 1060 nvUpdatusService - ok
21:21:31.0255 1060 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:21:31.0262 1060 nv_agp - ok
21:21:31.0286 1060 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:21:31.0301 1060 ohci1394 - ok
21:21:31.0341 1060 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:21:31.0354 1060 ose - ok
21:21:31.0462 1060 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:21:31.0518 1060 osppsvc - ok
21:21:31.0551 1060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:21:31.0561 1060 p2pimsvc - ok
21:21:31.0575 1060 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:21:31.0588 1060 p2psvc - ok
21:21:31.0607 1060 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:21:31.0631 1060 Parport - ok
21:21:31.0649 1060 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:21:31.0659 1060 partmgr - ok
21:21:31.0669 1060 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:21:31.0693 1060 PcaSvc - ok
21:21:31.0697 1060 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:21:31.0707 1060 pci - ok
21:21:31.0719 1060 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:21:31.0725 1060 pciide - ok
21:21:31.0743 1060 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:21:31.0751 1060 pcmcia - ok
21:21:31.0766 1060 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:21:31.0773 1060 pcw - ok
21:21:31.0790 1060 PDNSp50a64 - ok
21:21:31.0806 1060 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:21:31.0832 1060 PEAUTH - ok
21:21:31.0910 1060 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:21:31.0926 1060 PerfHost - ok
21:21:31.0977 1060 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:21:32.0032 1060 pla - ok
21:21:32.0058 1060 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:21:32.0090 1060 PlugPlay - ok
21:21:32.0100 1060 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:21:32.0113 1060 PNRPAutoReg - ok
21:21:32.0120 1060 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:21:32.0136 1060 PNRPsvc - ok
21:21:32.0156 1060 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:21:32.0193 1060 PolicyAgent - ok
21:21:32.0212 1060 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:21:32.0241 1060 Power - ok
21:21:32.0268 1060 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:21:32.0296 1060 PptpMiniport - ok
21:21:32.0313 1060 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:21:32.0328 1060 Processor - ok
21:21:32.0347 1060 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:21:32.0369 1060 ProfSvc - ok
21:21:32.0378 1060 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:21:32.0385 1060 ProtectedStorage - ok
21:21:32.0402 1060 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:21:32.0423 1060 Psched - ok
21:21:32.0463 1060 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:21:32.0484 1060 ql2300 - ok
21:21:32.0500 1060 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:21:32.0507 1060 ql40xx - ok
21:21:32.0519 1060 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:21:32.0531 1060 QWAVE - ok
21:21:32.0541 1060 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:21:32.0551 1060 QWAVEdrv - ok
21:21:32.0565 1060 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:21:32.0586 1060 RasAcd - ok
21:21:32.0622 1060 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:21:32.0654 1060 RasAgileVpn - ok
21:21:32.0682 1060 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:21:32.0732 1060 RasAuto - ok
21:21:32.0751 1060 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:21:32.0772 1060 Rasl2tp - ok
21:21:32.0790 1060 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:21:32.0813 1060 RasMan - ok
21:21:32.0827 1060 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:21:32.0849 1060 RasPppoe - ok
21:21:32.0852 1060 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:21:32.0874 1060 RasSstp - ok
21:21:32.0901 1060 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:21:32.0924 1060 rdbss - ok
21:21:32.0935 1060 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:21:32.0945 1060 rdpbus - ok
21:21:32.0958 1060 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:21:32.0992 1060 RDPCDD - ok
21:21:33.0009 1060 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:21:33.0031 1060 RDPENCDD - ok
21:21:33.0034 1060 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:21:33.0055 1060 RDPREFMP - ok
21:21:33.0078 1060 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:21:33.0086 1060 RDPWD - ok
21:21:33.0109 1060 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:21:33.0118 1060 rdyboost - ok
21:21:33.0141 1060 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:21:33.0171 1060 RemoteAccess - ok
21:21:33.0175 1060 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:21:33.0197 1060 RemoteRegistry - ok
21:21:33.0214 1060 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:21:33.0236 1060 RpcEptMapper - ok
21:21:33.0259 1060 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:21:33.0267 1060 RpcLocator - ok
21:21:33.0280 1060 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:21:33.0304 1060 RpcSs - ok
21:21:33.0323 1060 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:21:33.0344 1060 rspndr - ok
21:21:33.0347 1060 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:21:33.0354 1060 SamSs - ok
21:21:33.0371 1060 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
21:21:33.0377 1060 SBFWIMCL - ok
21:21:33.0390 1060 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
21:21:33.0396 1060 SBFWIMCLMP - ok
21:21:33.0425 1060 [ CCBF62280DAF6D94A4C73E391CDAC68C ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
21:21:33.0434 1060 SbieDrv - ok
21:21:33.0446 1060 [ 8A1F63C6EC01C56C9EC4C681E593FE34 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
21:21:33.0452 1060 SbieSvc - ok
21:21:33.0484 1060 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:21:33.0491 1060 sbp2port - ok
21:21:33.0509 1060 SBRE - ok
21:21:33.0530 1060 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:21:33.0584 1060 SCardSvr - ok
21:21:33.0618 1060 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:21:33.0667 1060 scfilter - ok
21:21:33.0706 1060 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:21:33.0746 1060 Schedule - ok
21:21:33.0768 1060 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:21:33.0789 1060 SCPolicySvc - ok
21:21:33.0809 1060 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:21:33.0830 1060 SDRSVC - ok
21:21:33.0834 1060 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:21:33.0878 1060 secdrv - ok
21:21:33.0906 1060 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:21:33.0944 1060 seclogon - ok
21:21:33.0957 1060 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:21:33.0997 1060 SENS - ok
21:21:34.0010 1060 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:21:34.0037 1060 SensrSvc - ok
21:21:34.0046 1060 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:21:34.0060 1060 Serenum - ok
21:21:34.0083 1060 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:21:34.0092 1060 Serial - ok
21:21:34.0114 1060 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:21:34.0131 1060 sermouse - ok
21:21:34.0150 1060 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:21:34.0176 1060 SessionEnv - ok
21:21:34.0192 1060 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:21:34.0199 1060 sffdisk - ok
21:21:34.0205 1060 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:21:34.0227 1060 sffp_mmc - ok
21:21:34.0229 1060 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:21:34.0237 1060 sffp_sd - ok
21:21:34.0239 1060 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:21:34.0246 1060 sfloppy - ok
21:21:34.0299 1060 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:21:34.0325 1060 Sftfs - ok
21:21:34.0386 1060 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:21:34.0407 1060 sftlist - ok
21:21:34.0443 1060 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:21:34.0452 1060 Sftplay - ok
21:21:34.0469 1060 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:21:34.0478 1060 Sftredir - ok
21:21:34.0490 1060 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:21:34.0497 1060 Sftvol - ok
21:21:34.0511 1060 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:21:34.0522 1060 sftvsa - ok
21:21:34.0550 1060 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:21:34.0580 1060 SharedAccess - ok
21:21:34.0590 1060 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:21:34.0613 1060 ShellHWDetection - ok
21:21:34.0615 1060 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:21:34.0621 1060 SiSRaid2 - ok
21:21:34.0624 1060 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:21:34.0630 1060 SiSRaid4 - ok
21:21:34.0706 1060 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:21:34.0719 1060 SkypeUpdate - ok
21:21:34.0724 1060 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:21:34.0784 1060 Smb - ok
21:21:34.0815 1060 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:21:34.0832 1060 SNMPTRAP - ok
21:21:34.0850 1060 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:21:34.0863 1060 spldr - ok
21:21:34.0890 1060 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:21:34.0908 1060 Spooler - ok
21:21:34.0989 1060 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:21:35.0050 1060 sppsvc - ok
21:21:35.0070 1060 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:21:35.0092 1060 sppuinotify - ok
21:21:35.0111 1060 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:21:35.0133 1060 srv - ok
21:21:35.0144 1060 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:21:35.0169 1060 srv2 - ok
21:21:35.0173 1060 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:21:35.0189 1060 srvnet - ok
21:21:35.0222 1060 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
21:21:35.0231 1060 ssadbus - ok
21:21:35.0243 1060 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:21:35.0261 1060 ssadmdfl - ok
21:21:35.0287 1060 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
21:21:35.0309 1060 ssadmdm - ok
21:21:35.0341 1060 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
21:21:35.0370 1060 ssadserd - ok
21:21:35.0384 1060 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:21:35.0421 1060 SSDPSRV - ok
21:21:35.0447 1060 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:21:35.0481 1060 SstpSvc - ok
21:21:35.0502 1060 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
21:21:35.0510 1060 ssudmdm - ok
21:21:35.0544 1060 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:21:35.0553 1060 Stereo Service - ok
21:21:35.0569 1060 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:21:35.0576 1060 stexstor - ok
21:21:35.0609 1060 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:21:35.0649 1060 stisvc - ok
21:21:35.0679 1060 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:21:35.0692 1060 swenum - ok
21:21:35.0707 1060 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:21:35.0743 1060 swprv - ok
21:21:35.0790 1060 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:21:35.0836 1060 SysMain - ok
21:21:35.0855 1060 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:21:35.0869 1060 TabletInputService - ok
21:21:35.0884 1060 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:21:35.0909 1060 TapiSrv - ok
21:21:35.0926 1060 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:21:35.0949 1060 TBS - ok
21:21:35.0994 1060 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:21:36.0026 1060 Tcpip - ok
21:21:36.0075 1060 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:21:36.0111 1060 TCPIP6 - ok
21:21:36.0131 1060 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:21:36.0138 1060 tcpipreg - ok
21:21:36.0149 1060 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:21:36.0155 1060 TDPIPE - ok
21:21:36.0171 1060 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:21:36.0199 1060 TDTCP - ok
21:21:36.0217 1060 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:21:36.0242 1060 tdx - ok
21:21:36.0258 1060 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:21:36.0265 1060 TermDD - ok
21:21:36.0288 1060 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:21:36.0312 1060 TermService - ok
21:21:36.0328 1060 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:21:36.0351 1060 Themes - ok
21:21:36.0373 1060 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:21:36.0395 1060 THREADORDER - ok
21:21:36.0405 1060 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:21:36.0427 1060 TrkWks - ok
21:21:36.0457 1060 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:21:36.0495 1060 TrustedInstaller - ok
21:21:36.0512 1060 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:21:36.0539 1060 tssecsrv - ok
21:21:36.0570 1060 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:21:36.0577 1060 TsUsbFlt - ok
21:21:36.0618 1060 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:21:36.0655 1060 tunnel - ok
21:21:36.0674 1060 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:21:36.0681 1060 uagp35 - ok
21:21:36.0700 1060 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:21:36.0723 1060 udfs - ok
21:21:36.0742 1060 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:21:36.0772 1060 UI0Detect - ok
21:21:36.0793 1060 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:21:36.0807 1060 uliagpkx - ok
21:21:36.0829 1060 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:21:36.0845 1060 umbus - ok
21:21:36.0864 1060 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:21:36.0890 1060 UmPass - ok
21:21:36.0977 1060 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:21:37.0024 1060 UNS - ok
21:21:37.0082 1060 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
21:21:37.0096 1060 Updater Service - ok
21:21:37.0111 1060 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:21:37.0173 1060 upnphost - ok
21:21:37.0192 1060 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:21:37.0218 1060 usbaudio - ok
21:21:37.0252 1060 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:21:37.0280 1060 usbccgp - ok
21:21:37.0295 1060 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:21:37.0307 1060 usbcir - ok
21:21:37.0319 1060 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:21:37.0326 1060 usbehci - ok
21:21:37.0343 1060 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:21:37.0352 1060 usbhub - ok
21:21:37.0366 1060 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:21:37.0379 1060 usbohci - ok
21:21:37.0404 1060 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:21:37.0414 1060 usbprint - ok
21:21:37.0462 1060 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:21:37.0480 1060 usbscan - ok
21:21:37.0498 1060 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:21:37.0512 1060 USBSTOR - ok
21:21:37.0525 1060 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:21:37.0545 1060 usbuhci - ok
21:21:37.0558 1060 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:21:37.0585 1060 UxSms - ok
21:21:37.0587 1060 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:21:37.0596 1060 VaultSvc - ok
21:21:37.0613 1060 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:21:37.0621 1060 vdrvroot - ok
21:21:37.0643 1060 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:21:37.0673 1060 vds - ok
21:21:37.0683 1060 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:21:37.0693 1060 vga - ok
21:21:37.0709 1060 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:21:37.0746 1060 VgaSave - ok
21:21:37.0758 1060 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:21:37.0766 1060 vhdmp - ok
21:21:37.0785 1060 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:21:37.0792 1060 viaide - ok
21:21:37.0816 1060 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:21:37.0823 1060 volmgr - ok
21:21:37.0857 1060 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:21:37.0867 1060 volmgrx - ok
21:21:37.0881 1060 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:21:37.0891 1060 volsnap - ok
21:21:37.0915 1060 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:21:37.0922 1060 vsmraid - ok
21:21:37.0958 1060 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:21:37.0992 1060 VSS - ok
21:21:38.0115 1060 [ 254E8F9BA44E9F55416B0E51DBFF3C5F ] vToolbarUpdater15.3.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
21:21:38.0143 1060 vToolbarUpdater15.3.0 - ok
21:21:38.0150 1060 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:21:38.0175 1060 vwifibus - ok
21:21:38.0195 1060 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:21:38.0220 1060 W32Time - ok
21:21:38.0236 1060 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:21:38.0243 1060 WacomPen - ok
21:21:38.0266 1060 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:21:38.0287 1060 WANARP - ok
21:21:38.0289 1060 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:21:38.0311 1060 Wanarpv6 - ok
21:21:38.0343 1060 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:21:38.0371 1060 wbengine - ok
21:21:38.0390 1060 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:21:38.0402 1060 WbioSrvc - ok
21:21:38.0434 1060 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:21:38.0460 1060 wcncsvc - ok
21:21:38.0474 1060 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:21:38.0489 1060 WcsPlugInService - ok
21:21:38.0502 1060 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:21:38.0508 1060 Wd - ok
21:21:38.0547 1060 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:21:38.0561 1060 Wdf01000 - ok
21:21:38.0568 1060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:21:38.0579 1060 WdiServiceHost - ok
21:21:38.0581 1060 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:21:38.0592 1060 WdiSystemHost - ok
21:21:38.0609 1060 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:21:38.0621 1060 WebClient - ok
21:21:38.0632 1060 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:21:38.0667 1060 Wecsvc - ok
21:21:38.0683 1060 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:21:38.0711 1060 wercplsupport - ok
21:21:38.0734 1060 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:21:38.0772 1060 WerSvc - ok
21:21:38.0783 1060 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:21:38.0804 1060 WfpLwf - ok
21:21:38.0806 1060 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:21:38.0813 1060 WIMMount - ok
21:21:38.0827 1060 WinDefend - ok
21:21:38.0843 1060 WinHttpAutoProxySvc - ok
21:21:38.0885 1060 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:21:38.0931 1060 Winmgmt - ok
21:21:38.0983 1060 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:21:39.0040 1060 WinRM - ok
21:21:39.0093 1060 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:21:39.0109 1060 WinUsb - ok
21:21:39.0138 1060 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:21:39.0162 1060 Wlansvc - ok
21:21:39.0292 1060 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:21:39.0327 1060 wlidsvc - ok
21:21:39.0348 1060 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:21:39.0355 1060 WmiAcpi - ok
21:21:39.0373 1060 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:21:39.0382 1060 wmiApSrv - ok
21:21:39.0399 1060 WMPNetworkSvc - ok
21:21:39.0412 1060 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:21:39.0419 1060 WPCSvc - ok
21:21:39.0427 1060 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:21:39.0436 1060 WPDBusEnum - ok
21:21:39.0445 1060 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:21:39.0476 1060 ws2ifsl - ok
21:21:39.0491 1060 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:21:39.0512 1060 wscsvc - ok
21:21:39.0515 1060 WSearch - ok
21:21:39.0565 1060 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:21:39.0600 1060 wuauserv - ok
21:21:39.0619 1060 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:21:39.0626 1060 WudfPf - ok
21:21:39.0644 1060 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:21:39.0652 1060 WUDFRd - ok
21:21:39.0662 1060 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:21:39.0670 1060 wudfsvc - ok
21:21:39.0682 1060 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:21:39.0691 1060 WwanSvc - ok
21:21:39.0706 1060 ================ Scan global ===============================
21:21:39.0718 1060 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:21:39.0747 1060 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:21:39.0751 1060 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:21:39.0763 1060 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:21:39.0783 1060 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:21:39.0785 1060 [Global] - ok
21:21:39.0785 1060 ================ Scan MBR ==================================
21:21:39.0794 1060 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:21:40.0043 1060 \Device\Harddisk0\DR0 - ok
21:21:40.0044 1060 ================ Scan VBR ==================================
21:21:40.0046 1060 [ 91E4E51D1BEF86B0BEB21894E86E158A ] \Device\Harddisk0\DR0\Partition1
21:21:40.0048 1060 \Device\Harddisk0\DR0\Partition1 - ok
21:21:40.0055 1060 [ 17E2B3A729F0C3F2582333416D6F4FB8 ] \Device\Harddisk0\DR0\Partition2
21:21:40.0056 1060 \Device\Harddisk0\DR0\Partition2 - ok
21:21:40.0081 1060 [ A2952948BEB40E28E0A54F598F77ABD2 ] \Device\Harddisk0\DR0\Partition3
21:21:40.0083 1060 \Device\Harddisk0\DR0\Partition3 - ok
21:21:40.0084 1060 ============================================================
21:21:40.0084 1060 Scan finished
21:21:40.0084 1060 ============================================================
21:21:40.0093 1328 Detected object count: 1
21:21:40.0093 1328 Actual detected object count: 1
21:21:56.0075 1328 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:56.0075 1328 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:22:10.0533 5500 Deinitialize success
|
|
12.08.2013, 15:57
| #6 |
| /// Malware-holic | Werbung überall Hi, und sagst du mir vllt auch was nicht entfernt wurde, macht die arbeit ungemein leichter.... Schau auch mal mit Rewo ob du die Programme findest
__________________ --> Werbung überall |
|
13.08.2013, 07:15
| #7 |
| | Werbung überall Auch mit Revo nicht das sind die ganzen Spiele und sowas also Bejewled etc. |
|
13.08.2013, 17:22
| #8 |
| /// Malware-holic | Werbung überall Hi, ok weiter hiermit. Es sind 3 Logs zu erstellen, poste sie gleichzeitig bitte. 1. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Neustarten. 2. Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Neustarten 3. HitmanPro - Download - Filepony Hitmanpro laden, doppelklicken, Scan klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängen. Hitmanpro schließen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.08.2013, 11:48
| #9 |
| | Werbung überall ADW Code:
ATTFilter # AdwCleaner v3.000 - Report created15/08/2013at12:33:42
# Updated 13/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rene - COMPUTER
# Running from : C:\Users\Rene\Downloads\adwcleaner.exe
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\LyricsPal
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Rene\AppData\Roaming\Babylon
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\5a68bdae53eed10
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas-pro_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vegas-pro_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5AC1A638-313E-4C1D-8579-D1687644E095}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5AC1A638-313E-4C1D-8579-D1687644E095}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72082FCF-9791-4192-81CB-DA086C490CEB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b54e96c1-85c3-410a-8db1-c276bc3535c4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b54e96c1-85c3-410a-8db1-c276bc3535c4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4f78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\AVGRewards.AVGRewardsWorker
Key Deleted : HKLM\SOFTWARE\Classes\AVGRewards.AVGRewardsWorker.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\OCS
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lrcspal@lyricspal.co
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] No bad entry found.
-\\ Mozilla Firefox v22.0 (de)
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{9309FA47-1B48-4768-AFA4-9E0556F5DC81}]
File Deleted : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\user.js
[ File : C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\prefs.js ]
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "8");
Line Deleted : user_pref("extensions.delta.cntry", "DE");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "1C1BD8561913FCD0A8FBDD8F023D6E05");
Line Deleted : user_pref("extensions.delta.id", "10e3a21a000000000000bc05430be1a6");
Line Deleted : user_pref("extensions.delta.instlDay", "15925");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.22.020:35:43");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "azb");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.020:35:43");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=123976&tt=070813_wt3&tsp=4968");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
*************************
AdwCleaner[0].txt - [4680 octets] - [15/08/2013 12:33:42]
########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [4739 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Windows 7 Home Premium x64
Ran by Rene on 15.08.2013 at 12:37:38,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricspal
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASDLG
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
~~~ Files
Successfully deleted: [File] C:\Windows\Tasks\Lyrics-Pal Update.job
Successfully deleted: [File] C:\Windows\prefetch\LYRICS.EXE-DC13D20B.pf
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Rene\AppData\Roaming\mozilla\firefox\profiles\qkvom1zb.default\minidumps [41 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.08.2013 at 12:40:28,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hitman Pro Code:
ATTFilter HitmanPro 3.7.7.203
www.hitmanpro.com
Computer name . . . . : COMPUTER
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : Computer\Rene
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-08-15 12:43:27
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 39s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 7
Traces . . . . . . . : 819
Objects scanned . . . : 1.509.107
Files scanned . . . . : 21.617
Remnants scanned . . : 509.614 files / 977.876 keys
Malware _____________________________________________________________________
C:\Users\Rene\Downloads\JRT.exe
Size . . . . . . . : 1.158.897 bytes
Age . . . . . . . : 1.0 days (2013-08-14 13:21:55)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 4724C5E19DA74197D1B4A2A4851EE907548BA06ACFAB2B6D7B3C878A9052C8D7
Product . . . . . : Junkware Removal Tool
Publisher . . . . : Thisisu
> Ikarus . . . . . . : Virus.Win32.PePatch!IK
Fuzzy . . . . . . : 117.0
Forensic Cluster
-19.2s C:\Users\Rene\Downloads\adwcleaner.exe
-19.2s C:\Users\Rene\Downloads\adwcleaner.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
-1.0s C:\Users\Rene\Downloads\JRT.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
17.1s C:\Users\Rene\Downloads\HitmanPro_x64.exe
33.6s C:\Users\Rene\Downloads\HitmanPro_x64(1).exe
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
HKU\.DEFAULT\Software\Ask.com\ (AskBar)
HKU\.DEFAULT\Software\AskToolbar\ (AskBar)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
HKU\S-1-5-18\Software\Ask.com\ (AskBar)
HKU\S-1-5-18\Software\AskToolbar\ (AskBar)
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
HKU\S-1-5-21-2156778911-2319240665-715706893-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
Cookies _____________________________________________________________________
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\2LY5HNQJ.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\31Q0IFSQ.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\5ATSS79A.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\5SZ7EAWV.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\BQ1UZV79.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\DSV83OQ8.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\E50A1OOO.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\JWAW3YQJ.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\JXHWXICP.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\KNGULQ32.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\LX8BBIBK.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\MJO8AJTN.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\OO336N75.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\QSUQ00ZV.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\RGNSTNII.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\S1TFDENX.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\SSP80E8E.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\VHUVXDDW.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\WL8FSJ7B.txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\XSH8C41T.txt
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:2o7.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ad-emea.doubleclick.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ad.360yield.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ad.ad-srv.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ad.dyntracker.de
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ad.movad.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ad.zanox.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:adopteunmec.solution.weborama.fr
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ads.aubi-plus.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ads.brandwire.tv
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ads.creative-serving.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ads.escinteractive.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ads.gameforge.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ads.p161.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ads.pointroll.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ads.pubmatic.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ads.us.e-planning.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ads.webme.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:adserv.me
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:adtech.de
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:adtechus.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:advertising.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:apmebf.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:at.atwola.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:atdmt.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:autoscout24.112.2o7.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:bs.serving-sys.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:burstnet.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:c.atdmt.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:casalemedia.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:collective-media.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:content-ssl.yieldmanager.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:content.yieldmanager.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:de.sitestat.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:deutschepostag.112.2o7.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:doubleclick.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:eas.apm.emediate.eu
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:emjcd.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ero-advertising.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:exoclick.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ext.myshopres.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:fastclick.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:h.atdmt.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:invitemedia.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:linksynergy.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:livejasmin.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:media6degrees.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:mediaplex.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:pointroll.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:pool-eu-ie.creative-serving.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:questionmarket.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:revsci.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ru4.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:serving-sys.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:smartadserver.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:specificclick.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:statcounter.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:stats.computecmedia.de
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:statse.webtrendslive.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:tacoda.at.atwola.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:track.adform.net
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:track.effiliation.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:track.tnm.de
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:tradedoubler.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:weborama.fr
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:ww251.smartadserver.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:www.etracker.de
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:www.googleadservices.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:xiti.com
C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\qkvom1zb.default\cookies.sqlite:yadro.ru
|
|
15.08.2013, 15:37
| #10 |
| /// Malware-holic | Werbung überall Hi, bitte alle browser schließen, Hitmanpro alles gefundene löschen lassen. Neustarten, neues FRST Log
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Werbung überall |
| einzelne, google, krieg, seite, werbung, worte, überall |
WARNUNG an die MITLESER: 
Linear-Darstellung
