| |
| |||||||
Log-Analyse und Auswertung: Windows Firewall lässt sich nicht aktivierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.08.2013, 18:50
| #1 |
 |  Windows Firewall lässt sich nicht aktivieren Hallo, ich kann meine Windows Firewall nicht mehr aktivieren. Beim Versuch erscheint diese Fehlermeldung: "Aufgrund eines unbekannten Problems können die Einstellungen der Windows-Firewall nicht angezeigt werden". Folgendes habe ich bereits versucht, hat aber nicht geklappt: hxxp://support.microsoft.com/kb/920074 Mein Betriebssystem ist Vista. Ich hatte vorher die Comodo Firewall, musste diese aber aufgrund von Kompatibilitätsproblemen mit dem Avira Update deinstallieren. Könnt Ihr mir weiterhelfen? Danke! Geändert von Boris.K (22.08.2013 um 18:56 Uhr) |
|
22.08.2013, 19:03
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Firewall lässt sich nicht aktivieren Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
22.08.2013, 19:33
| #3 |
| | Windows Firewall lässt sich nicht aktivieren Hi,
__________________hier die Logfile von Avira: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 19. August 2013 21:13
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows (TM) Vista Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : BK-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3885 54851 Bytes 01.08.2013 08:55:00
AVSCAN.EXE : 13.6.0.1722 634936 Bytes 19.08.2013 18:05:24
AVSCANRC.DLL : 13.6.0.1550 62520 Bytes 19.08.2013 18:05:24
LUKE.DLL : 13.6.0.1550 65080 Bytes 19.08.2013 18:06:05
AVSCPLR.DLL : 13.6.0.1712 92216 Bytes 19.08.2013 18:05:24
AVREG.DLL : 13.6.0.1550 247864 Bytes 19.08.2013 18:05:23
avlode.dll : 13.6.2.1704 449592 Bytes 19.08.2013 18:05:21
avlode.rdf : 13.0.1.32 27196 Bytes 19.08.2013 18:06:51
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 20:30:41
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 08:07:47
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 18:40:38
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 01:13:33
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 19:15:49
VBASE005.VDF : 7.11.91.177 2048 Bytes 23.07.2013 19:15:50
VBASE006.VDF : 7.11.91.178 2048 Bytes 23.07.2013 19:15:50
VBASE007.VDF : 7.11.91.179 2048 Bytes 23.07.2013 19:15:50
VBASE008.VDF : 7.11.91.180 2048 Bytes 23.07.2013 19:15:50
VBASE009.VDF : 7.11.91.181 2048 Bytes 23.07.2013 19:15:50
VBASE010.VDF : 7.11.91.182 2048 Bytes 23.07.2013 19:15:50
VBASE011.VDF : 7.11.91.183 2048 Bytes 23.07.2013 19:15:50
VBASE012.VDF : 7.11.91.184 2048 Bytes 23.07.2013 19:15:50
VBASE013.VDF : 7.11.92.32 156160 Bytes 24.07.2013 19:15:50
VBASE014.VDF : 7.11.92.147 168960 Bytes 25.07.2013 19:15:50
VBASE015.VDF : 7.11.93.93 419328 Bytes 28.07.2013 21:08:07
VBASE016.VDF : 7.11.93.170 1403392 Bytes 29.07.2013 21:08:26
VBASE017.VDF : 7.11.94.31 222208 Bytes 31.07.2013 02:44:29
VBASE018.VDF : 7.11.94.141 273408 Bytes 03.08.2013 19:17:38
VBASE019.VDF : 7.11.94.203 200192 Bytes 04.08.2013 19:17:38
VBASE020.VDF : 7.11.95.8 1925632 Bytes 05.08.2013 19:17:40
VBASE021.VDF : 7.11.95.81 203776 Bytes 06.08.2013 21:15:03
VBASE022.VDF : 7.11.95.175 148480 Bytes 07.08.2013 18:11:05
VBASE023.VDF : 7.11.95.248 1224192 Bytes 09.08.2013 18:10:58
VBASE024.VDF : 7.11.96.43 861184 Bytes 10.08.2013 22:24:28
VBASE025.VDF : 7.11.97.50 1084416 Bytes 19.08.2013 17:54:50
VBASE026.VDF : 7.11.97.51 2048 Bytes 19.08.2013 17:54:50
VBASE027.VDF : 7.11.97.52 2048 Bytes 19.08.2013 17:54:50
VBASE028.VDF : 7.11.97.53 2048 Bytes 19.08.2013 17:54:50
VBASE029.VDF : 7.11.97.54 2048 Bytes 19.08.2013 17:54:50
VBASE030.VDF : 7.11.97.55 2048 Bytes 19.08.2013 17:54:50
VBASE031.VDF : 7.11.97.78 127488 Bytes 19.08.2013 18:04:59
Engineversion : 8.2.12.106
AEVDF.DLL : 8.1.3.4 102774 Bytes 16.06.2013 18:57:26
AESCRIPT.DLL : 8.1.4.142 512382 Bytes 17.08.2013 22:24:37
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 18:42:18
AESBX.DLL : 8.2.16.22 1241464 Bytes 17.08.2013 22:24:37
AERDL.DLL : 8.2.0.128 688504 Bytes 16.06.2013 18:57:26
AEPACK.DLL : 8.3.2.24 749945 Bytes 20.06.2013 21:23:21
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 08.08.2013 18:11:22
AEHEUR.DLL : 8.1.4.556 6115706 Bytes 17.08.2013 22:24:36
AEHELP.DLL : 8.1.27.4 266617 Bytes 28.06.2013 01:13:32
AEGEN.DLL : 8.1.7.12 442743 Bytes 08.08.2013 18:11:09
AEEXP.DLL : 8.4.1.46 287095 Bytes 08.08.2013 18:11:26
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 21:29:31
AECORE.DLL : 8.1.31.6 201081 Bytes 28.06.2013 01:13:32
AEBB.DLL : 8.1.1.4 53619 Bytes 06.11.2012 18:22:21
AVWINLL.DLL : 13.6.0.1550 23608 Bytes 19.08.2013 18:04:54
AVPREF.DLL : 13.6.0.1550 48184 Bytes 19.08.2013 18:05:23
AVREP.DLL : 13.6.0.1550 175672 Bytes 19.08.2013 18:05:23
AVARKT.DLL : 13.6.0.1626 258104 Bytes 19.08.2013 18:05:12
AVEVTLOG.DLL : 13.6.0.1550 164920 Bytes 19.08.2013 18:05:14
SQLITE3.DLL : 3.7.0.1 394824 Bytes 19.08.2013 18:06:22
AVSMTP.DLL : 13.6.0.1550 59960 Bytes 19.08.2013 18:05:26
NETNT.DLL : 13.6.0.1550 13368 Bytes 19.08.2013 18:06:09
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 19.08.2013 18:04:55
RCTEXT.DLL : 13.6.0.1624 67128 Bytes 19.08.2013 18:04:56
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_52126138\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Montag, 19. August 2013 21:13
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'a2service.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV64.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'DockLogin.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRYSVC.EXE' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'bcmwltry.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'AESTSr64.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'quickset.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRAY.EXE' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'DellDock.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'DataSafeOnline.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDDXSrv.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'sprtsvc.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_224.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_224.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunes.exe' - '150' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceHelper.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'distnoted.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\BK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\64183e9c-4628790b'
[0] Archivtyp: RSRC
--> C:\Users\BK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\64183e9c-4628790b
[1] Archivtyp: ZIP
--> Archive.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.42
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Dtoa.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.22
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Gem.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.B.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Golopogos.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.19
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Intoma.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.32
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Keitering.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.47
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Kimsufif.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.4255
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Krabbe.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.39
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Naub.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.43
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Potk.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.41
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Ro.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.18
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Tanek.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.17
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Pirna.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.4251
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\BK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\64183e9c-4628790b
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.4251
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5767fb7c.qua' verschoben!
Ende des Suchlaufs: Montag, 19. August 2013 21:15
Benötigte Zeit: 01:40 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1854 Dateien wurden geprüft
14 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1840 Dateien ohne Befall
4 Archive wurden durchsucht
13 Warnungen
1 Hinweise
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.18.01 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 BK :: BK-PC [Administrator] 21.08.2013 00:22:23 mbam-log-2013-08-21 (00-22-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 424591 Laufzeit: 1 Stunde(n), 42 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\BK\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.Babylon.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 2 HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\Users\BK\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\Users\BK\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Löschen bei Neustart. C:\Users\BK\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Löschen bei Neustart. Infizierte Dateien: 35 C:\Users\BK\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.Babylon.A) -> Löschen bei Neustart. C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JHBW6UU\LyricsGet_1060-1054_v122[1].exe (PUP.Optional.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JHBW6UU\MinibarChrome[1].exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DLS3UQL\IminentMinibarIE[1].exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DLS3UQL\iminent[1].msi (PUP.Optional.Iminent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL6XBR87\IminentSetup[1].exe (PUP.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL6XBR87\MinibarFirefox[1].exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL6XBR87\MixiSmart[1].exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Temp\1_Offer_3.exe (PUP.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Temp\setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Temp\91DB7F11-BAB0-7891-9751-237AB23DF53A\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Temp\91DB7F11-BAB0-7891-9751-237AB23DF53A\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Temp\91DB7F11-BAB0-7891-9751-237AB23DF53A\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Temp\91DB7F11-BAB0-7891-9751-237AB23DF53A\Latest\Setup.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\BK\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. (Ende) HIer die FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by BK (administrator) on 22-08-2013 20:24:28
Running from C:\Users\BK\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc.) C:\WINDOWS\System32\WLTRAY.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Dropbox, Inc.) C:\Users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-25] (Synaptics, Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [2041112 2008-09-26] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [4119552 2008-12-21] (Dell Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [2928040 2013-08-18] (Emsisoft GmbH)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1762032 2009-04-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-19] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: [0 ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dfitrbruvdigcsdwlpv.lnk
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default
FF user.js: detected! => C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\user.js
FF NewTab: hxxp://www.google.com/firefox
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\searchplugins\mixidj.xml
FF Extension: LyricsGet - C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\Extensions\128
FF Extension: Bitdefender QuickScan - C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\BK\AppData\Roaming\11016
FF Extension: Java Link Helper - C:\Users\BK\AppData\Roaming\11016
Chrome:
=======
CHR Extension: (MixiDj Chrome Toolbar) - C:\Users\BORISK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2938408 2013-08-18] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-19] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE [32768 2008-12-21] ()
==================== Drivers (Whitelisted) ====================
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-08-18] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-08-18] (Emsisoft GmbH)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-19] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-08-18] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-08-18] (Emsisoft GmbH)
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [159840 2009-03-06] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [313696 2009-05-06] (Creative Technology Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-22 20:22 - 2013-08-22 20:22 - 01576476 _____ (Farbar) C:\Users\BK\Desktop\FRST64.exe
2013-08-22 20:14 - 2013-08-22 20:14 - 00029216 _____ C:\Users\BK\Desktop\AVSCAN-20130819-211258-6EF0211E.LOG
2013-08-22 19:12 - 2013-08-22 19:25 - 00002881 _____ C:\Users\BK\Desktop\sharedaccess.reg
2013-08-22 19:11 - 2013-08-22 19:11 - 00001098 _____ C:\Users\BK\Downloads\sharedaccess.zip
2013-08-22 19:05 - 2013-08-22 19:05 - 02828552 _____ (AVAST Software) C:\Users\BK\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-08-20 23:47 - 2013-08-20 23:55 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-20 23:45 - 2013-08-20 23:45 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\avgchrome
2013-08-20 23:44 - 2013-08-20 23:44 - 00000000 ____D C:\ProgramData\Babylon
2013-08-20 23:43 - 2013-08-21 00:12 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-20 23:43 - 2013-08-20 23:43 - 00001142 _____ C:\Users\BK\Desktop\Continue Free Flac to MP3.lnk
2013-08-20 23:41 - 2013-08-20 23:41 - 00894600 _____ (CNET Download.com) C:\Users\BK\Downloads\cbsidlm-cbsi134-Free_Flac_to_MP3-ORG-75758784.exe
2013-08-19 20:23 - 2013-08-19 20:23 - 00000000 ____D C:\Users\BK\AppData\Roaming\Avira
2013-08-19 20:17 - 2013-08-19 20:17 - 00001903 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-19 20:17 - 2013-08-19 20:06 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-19 20:17 - 2013-08-19 20:06 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-19 20:17 - 2013-08-19 20:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-19 20:16 - 2013-08-19 20:17 - 00000000 ____D C:\ProgramData\Avira
2013-08-19 20:16 - 2013-08-19 20:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-18 12:08 - 2013-08-18 12:11 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 12:08 - 2013-08-18 12:08 - 02092792 _____ C:\Users\BK\Downloads\avira_free_antivirus(1).exe
2013-08-18 12:03 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-18 12:03 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-18 12:03 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-18 12:03 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-18 12:03 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-18 12:03 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-18 12:03 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-18 12:03 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-18 12:03 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-18 12:03 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-18 12:03 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-18 12:03 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 12:03 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 12:03 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 12:03 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 12:03 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 12:03 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-18 12:03 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-18 12:03 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-18 12:03 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 12:03 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 12:03 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-18 11:52 - 2013-08-18 11:52 - 00000000 __SHD C:\found.000
2013-08-18 00:59 - 2013-08-18 00:59 - 00000165 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.reg
2013-08-18 00:59 - 2013-08-18 00:59 - 00000070 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.bat
2013-08-18 00:32 - 2013-07-17 22:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-18 00:32 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-18 00:32 - 2013-07-10 11:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-18 00:32 - 2013-07-10 11:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-18 00:32 - 2013-07-09 14:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-18 00:32 - 2013-07-09 14:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-18 00:32 - 2013-07-08 06:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-18 00:32 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-18 00:32 - 2013-07-08 06:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-18 00:32 - 2013-07-08 06:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-18 00:32 - 2013-07-08 06:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-18 00:32 - 2013-07-08 06:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-18 00:32 - 2013-07-08 06:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-18 00:32 - 2013-07-08 03:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-18 00:32 - 2013-07-08 03:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-18 00:32 - 2013-07-08 03:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-18 00:32 - 2013-07-05 06:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-18 00:32 - 2013-06-15 15:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-18 00:32 - 2013-06-15 13:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
==================== One Month Modified Files and Folders =======
2013-08-22 20:24 - 2013-08-22 20:24 - 00000000 ____D C:\FRST
2013-08-22 20:22 - 2013-08-22 20:22 - 01576476 _____ (Farbar) C:\Users\BK\Desktop\FRST64.exe
2013-08-22 20:21 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 20:21 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-22 20:16 - 2012-10-10 22:56 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-08-22 20:14 - 2013-08-22 20:14 - 00029216 _____ C:\Users\BK\Desktop\AVSCAN-20130819-211258-6EF0211E.LOG
2013-08-22 19:58 - 2012-09-02 13:13 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-22 19:51 - 2012-08-09 22:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-22 19:31 - 2009-08-05 13:00 - 01700706 _____ C:\Windows\WindowsUpdate.log
2013-08-22 19:28 - 2012-04-01 22:12 - 00000000 ___RD C:\Users\BK\Dropbox
2013-08-22 19:28 - 2012-04-01 22:08 - 00000000 ____D C:\Users\BK\AppData\Roaming\Dropbox
2013-08-22 19:27 - 2012-09-02 13:13 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-22 19:26 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 19:25 - 2013-08-22 19:12 - 00002881 _____ C:\Users\BK\Desktop\sharedaccess.reg
2013-08-22 19:25 - 2006-11-02 17:42 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-22 19:11 - 2013-08-22 19:11 - 00001098 _____ C:\Users\BK\Downloads\sharedaccess.zip
2013-08-22 19:05 - 2013-08-22 19:05 - 02828552 _____ (AVAST Software) C:\Users\BK\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-08-22 00:59 - 2012-04-22 03:02 - 00003758 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CFAF3200-B0F5-4291-86E5-6952ABD96C3C}
2013-08-21 08:23 - 2012-08-25 02:15 - 00034466 _____ C:\Windows\PFRO.log
2013-08-21 00:26 - 2012-10-10 22:42 - 00000000 ____D C:\Users\BK\AppData\Roaming\QuickScan
2013-08-21 00:12 - 2013-08-20 23:43 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-21 00:12 - 2012-04-01 10:35 - 00000000 ___RD C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-20 23:55 - 2013-08-20 23:47 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-20 23:54 - 2012-08-09 22:39 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 23:53 - 2012-04-01 17:30 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 23:53 - 2012-04-01 17:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 23:45 - 2013-08-20 23:45 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\avgchrome
2013-08-20 23:45 - 2012-04-01 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 23:44 - 2013-08-20 23:44 - 00000000 ____D C:\ProgramData\Babylon
2013-08-20 23:43 - 2013-08-20 23:43 - 00001142 _____ C:\Users\BK\Desktop\Continue Free Flac to MP3.lnk
2013-08-20 23:41 - 2013-08-20 23:41 - 00894600 _____ (CNET Download.com) C:\Users\BK\Downloads\cbsidlm-cbsi134-Free_Flac_to_MP3-ORG-75758784.exe
2013-08-19 22:40 - 2008-01-21 13:10 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 22:40 - 2008-01-21 13:09 - 00628992 _____ C:\Windows\system32\perfh007.dat
2013-08-19 22:40 - 2008-01-21 13:09 - 00126704 _____ C:\Windows\system32\perfc007.dat
2013-08-19 20:23 - 2013-08-19 20:23 - 00000000 ____D C:\Users\BK\AppData\Roaming\Avira
2013-08-19 20:17 - 2013-08-19 20:17 - 00001903 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-19 20:17 - 2013-08-19 20:16 - 00000000 ____D C:\ProgramData\Avira
2013-08-19 20:16 - 2013-08-19 20:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-19 20:06 - 2013-08-19 20:17 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-19 20:06 - 2013-08-19 20:17 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-19 20:06 - 2013-08-19 20:17 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-18 17:01 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2013-08-18 12:11 - 2013-08-18 12:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 12:08 - 2013-08-18 12:08 - 02092792 _____ C:\Users\BK\Downloads\avira_free_antivirus(1).exe
2013-08-18 12:07 - 2006-11-02 14:35 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-18 11:52 - 2013-08-18 11:52 - 00000000 __SHD C:\found.000
2013-08-18 00:59 - 2013-08-18 00:59 - 00000165 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.reg
2013-08-18 00:59 - 2013-08-18 00:59 - 00000070 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.bat
2013-08-18 00:50 - 2012-04-19 22:59 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-18 00:48 - 2012-04-19 22:59 - 00000000 ____D C:\ProgramData\Comodo
2013-08-06 23:50 - 2012-09-16 15:21 - 00006656 _____ C:\Users\BORISK~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-03 12:48 - 2012-04-03 00:08 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\Adobe
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-03 05:05 - 2012-09-02 13:14 - 00002027 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-25 05:54 - 2013-08-18 12:03 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 05:37 - 2013-08-18 12:03 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 05:35 - 2013-08-18 12:03 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 05:31 - 2013-08-18 12:03 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 05:30 - 2013-08-18 12:03 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 05:29 - 2013-08-18 12:03 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-25 05:29 - 2013-08-18 12:03 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-25 05:29 - 2013-08-18 12:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-25 05:27 - 2013-08-18 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 05:27 - 2013-08-18 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-25 05:26 - 2013-08-18 12:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 04:40 - 2013-08-18 12:03 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 04:32 - 2013-08-18 12:03 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 04:30 - 2013-08-18 12:03 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 04:26 - 2013-08-18 12:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 04:26 - 2013-08-18 12:03 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 04:25 - 2013-08-18 12:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-25 04:24 - 2013-08-18 12:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-25 04:24 - 2013-08-18 12:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-25 04:22 - 2013-08-18 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 04:22 - 2013-08-18 12:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 04:22 - 2013-08-18 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-627939072-2950054468-2049668736-1000\$868f5a3cfc42a8ab921613f554dfd63b
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$868f5a3cfc42a8ab921613f554dfd63b
Files to move or delete:
====================
C:\ProgramData\0tbpw.pad
C:\ProgramData\dfitrbruvdigcsdwlpv.bat
C:\ProgramData\dfitrbruvdigcsdwlpv.reg
C:\ProgramData\H6Sq7Tt.bat
C:\ProgramData\H6Sq7Tt.pad
C:\ProgramData\H6Sq7Tt.reg
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 19:33
==================== End Of Log ============================
--- --- --- Und hier die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2013 02 Ran by BK at 2013-08-22 20:27:17 Running from C:\Users\BK\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader 9 - Deutsch (x32 Version: 9.0.0) Advanced Audio FX Engine (x32 Version: 1.12.05) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) ATI Catalyst Control Center (x32 Version: 2.008.1114.2148) Avira Free Antivirus (x32 Version: 13.0.0.3885) Bonjour (Version: 3.0.0.10) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Core Implementation (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Graphics Full Existing (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Graphics Full New (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Graphics Light (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Graphics Previews Common (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.1114.2149.39131) Catalyst Control Center InstallProxy (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Danish (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Dutch (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Finnish (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization French (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization German (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Italian (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Japanese (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Korean (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Norwegian (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Portuguese (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Russian (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Spanish (x32 Version: 2008.1114.2149.39131) Catalyst Control Center Localization Swedish (x32 Version: 2008.1114.2149.39131) CCC Help Chinese Standard (x32 Version: 2008.1114.2148.39131) CCC Help Chinese Traditional (x32 Version: 2008.1114.2148.39131) CCC Help Danish (x32 Version: 2008.1114.2148.39131) CCC Help Dutch (x32 Version: 2008.1114.2148.39131) CCC Help English (x32 Version: 2008.1114.2148.39131) CCC Help Finnish (x32 Version: 2008.1114.2148.39131) CCC Help French (x32 Version: 2008.1114.2148.39131) CCC Help German (x32 Version: 2008.1114.2148.39131) CCC Help Italian (x32 Version: 2008.1114.2148.39131) CCC Help Japanese (x32 Version: 2008.1114.2148.39131) CCC Help Korean (x32 Version: 2008.1114.2148.39131) CCC Help Norwegian (x32 Version: 2008.1114.2148.39131) CCC Help Portuguese (x32 Version: 2008.1114.2148.39131) CCC Help Russian (x32 Version: 2008.1114.2148.39131) CCC Help Spanish (x32 Version: 2008.1114.2148.39131) CCC Help Swedish (x32 Version: 2008.1114.2148.39131) ccc-core-static (x32 Version: 2008.1114.2149.39131) ccc-utility64 (Version: 2008.1114.2149.39131) CCleaner (Version: 3.21) Choice Guard (x32 Version: 1.2.87.0) Cisco EAP-FAST Module (x32 Version: 2.1.6) Cisco LEAP Module (x32 Version: 1.0.12) Cisco PEAP Module (x32 Version: 1.0.13) Compatibility Pack für 2007 Office System (x32 Version: 12.0.4518.1014) Dell DataSafe Online (x32 Version: 1.1.0027) Dell Dock (Version: 1.0.0) Dell Edoc Viewer (Version: 1.0.0) Dell Getting Started Guide (x32 Version: 1.00.0000) Dell Support Center (Support Software) (x32 Version: 2.5.09100) Dell Touchpad (Version: 12.0.1.0) Dell Video Chat (x32 Version: 6.0 (6567)) Dell Webcam Central (x32 Version: 1.03.04) Dropbox (HKCU Version: 2.0.22) Duke Nukem 3D (x32 Version: 2.0.0.84) Emsisoft Anti-Malware (x32 Version: 7.0) Google Chrome (x32 Version: 28.0.1500.95) Google Update Helper (x32 Version: 1.3.21.153) Hex-Editor MX (x32 Version: 6.0) iCloud (Version: 1.1.0.40) Integrated Webcam Driver (1.04.01.0601) (Version: 1.04.01.0601) iTunes (Version: 11.0.4.4) Java Auto Updater (x32 Version: 2.0.7.1) Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130) Java(TM) 6 Update 31 (x32 Version: 6.0.310) Junk Mail filter update (x32 Version: 14.0.8050.1202) l Wireless WLAN Card Utility (Version: 5.10.38.30) Live! Cam Avatar Creator (x32 Version: 4.6.2919.1) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) McAfee Security Scan Plus (x32 Version: 3.0.318.3) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Default Manager (x32 Version: 2.0.69.0) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.4518.1014) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Suite Activation Assistant (x32 Version: 2.9) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Search Enhancement Pack (x32 Version: 1.2.121.0) Microsoft Silverlight (x32 Version: 2.0.31005.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0) Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.58299) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Works (x32 Version: 9.7.0621) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 14.0.1468.721) OpenOffice.org 3.3 (x32 Version: 3.3.9567) PowerDVD (x32 Version: 8.1) Quickset (Version: 9.2.13) Roxio Creator Audio (x32 Version: 3.7.0) Roxio Creator Copy (x32 Version: 3.7.0) Roxio Creator Data (x32 Version: 3.7.0) Roxio Creator DE (x32 Version: 10.1) Roxio Creator DE (x32 Version: 3.7.0) Roxio Creator Tools (x32 Version: 3.7.0) Roxio Express Labeler 3 (x32 Version: 3.2.1) Roxio Update Manager (x32 Version: 6.0.0) Skins (x32 Version: 2008.1114.2149.39131) Skype™ 6.1 (x32 Version: 6.1.129) Speed-Link SL-6535 USB Pad (x32 Version: 1.00.0000) Spotify (HKCU Version: 0.8.4.124.ga3559d86) Ultima 4 - Quest of the Avatar (x32) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) WAV To MP3 V2 (x32) Windows Live Anmelde-Assistent (x32 Version: 5.000.817.1) Windows Live Call (x32 Version: 14.0.8050.1202) Windows Live Communications Platform (x32 Version: 14.0.8050.1202) Windows Live Essentials (x32 Version: 14.0.8050.1202) Windows Live Fotogalerie (x32 Version: 14.0.8051.1204) Windows Live Mail (x32 Version: 14.0.8050.1202) Windows Live Messenger (x32 Version: 14.0.8050.1202) Windows Live Sync (x32 Version: 14.0.8050.1202) Windows Live Toolbar (x32 Version: 14.0.8052.1208) Windows Live Writer (x32 Version: 14.0.8050.1202) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) WinRAR 4.11 (64-Bit) (Version: 4.11.0) Worlds of Ultima - The Savage Empire (x32) ==================== Restore Points ========================= 28-07-2013 23:26:49 Geplanter Prüfpunkt 04-08-2013 23:40:58 Geplanter Prüfpunkt 09-08-2013 00:51:49 Geplanter Prüfpunkt 09-08-2013 18:38:32 Geplanter Prüfpunkt 17-08-2013 22:49:10 Removed GeekBuddy. 18-08-2013 10:01:55 Windows Update 19-08-2013 22:15:45 Avira DE-Cleaner - 20.08.2013 00:15 21-08-2013 00:54:21 Geplanter Prüfpunkt 22-08-2013 01:42:09 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {2DE7684B-FA7A-4B3E-964B-21F0743BFB03} - System32\Tasks\User_Feed_Synchronization-{CFAF3200-B0F5-4291-86E5-6952ABD96C3C} => C:\Windows\system32\msfeedssync.exe [2012-04-21] (Microsoft Corporation) Task: {2E5509C3-3C78-41E9-B4CE-C4C320C8853F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {476B90B5-F762-4BCA-90B6-FDB17957F184} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated) Task: {4A14917C-2003-43C9-9319-822B8376A3DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.) Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {8AC3418B-4FAD-41CB-A94F-92A79038ECA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.) Task: {96A924C4-BFA8-4093-BF41-357E34ACCE97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd) Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {BD628A6A-F771-4F40-9805-ADA205B78812} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-21] (Dell Inc.) Task: {D7299801-E8FE-4538-AA44-0AF775CB8689} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/22/2013 07:27:33 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2013 07:14:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2013 07:07:57 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung firefox.exe, Version 22.0.0.4917, Zeitstempel 0x51c06b1b, fehlerhaftes Modul xul.dll, Version 22.0.0.4917, Zeitstempel 0x51c06a5b, Ausnahmecode 0xc0000005, Fehleroffset 0x00173668, Prozess-ID 0x10d4, Anwendungsstartzeit firefox.exe0. Error: (08/22/2013 07:03:00 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2013 08:14:45 AM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (08/22/2013 00:15:51 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/21/2013 08:30:02 AM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (08/21/2013 08:25:35 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/21/2013 00:09:38 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/21/2013 00:05:34 AM) (Source: EventSystem) (User: ) Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} System errors: ============= Error: (08/22/2013 07:27:35 PM) (Source: Service Control Manager) (User: ) Description: IPsec-Richtlinien-AgentBFE Error: (08/22/2013 07:27:35 PM) (Source: Service Control Manager) (User: ) Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE Error: (08/22/2013 07:27:35 PM) (Source: Service Control Manager) (User: ) Description: Computerbrowser%%1060 Error: (08/22/2013 07:25:29 PM) (Source: Service Control Manager) (User: ) Description: Computerbrowser%%1060 Error: (08/22/2013 07:25:28 PM) (Source: Service Control Manager) (User: ) Description: Computerbrowser%%1060 Error: (08/22/2013 07:14:49 PM) (Source: Service Control Manager) (User: ) Description: IPsec-Richtlinien-AgentBFE Error: (08/22/2013 07:14:49 PM) (Source: Service Control Manager) (User: ) Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE Error: (08/22/2013 07:14:49 PM) (Source: Service Control Manager) (User: ) Description: Computerbrowser%%1060 Error: (08/22/2013 07:12:40 PM) (Source: Service Control Manager) (User: ) Description: Computerbrowser%%1060 Error: (08/22/2013 07:03:02 PM) (Source: Service Control Manager) (User: ) Description: IPsec-Richtlinien-AgentBFE Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-21 01:30:26.765 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-21 01:30:26.313 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-21 01:30:25.860 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-21 01:30:25.408 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-21 01:30:24.955 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-21 01:30:24.503 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-21 01:30:23.941 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-21 01:30:23.489 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-21 01:30:23.021 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-21 01:30:22.584 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 60% Total physical RAM: 4059.94 MB Available physical RAM: 1622.31 MB Total Pagefile: 8349.17 MB Available Pagefile: 5558.38 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:132.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.53 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: DEFC2293) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
22.08.2013, 19:44
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall lässt sich nicht aktivierenZitat:
Lesestoff:Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.08.2013, 20:03
| #5 |
| | Windows Firewall lässt sich nicht aktivieren Hi, ich würde gerne die Bereinigung versuchen. |
|
22.08.2013, 20:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall lässt sich nicht aktivieren Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Windows Firewall lässt sich nicht aktivieren |
|
22.08.2013, 21:17
| #7 |
| | Windows Firewall lässt sich nicht aktivieren Hier das Logfile: (ich konnte übrigens Avira nicht deaktivieren, auch nicht über den TAskmanager und die Registerkarte "Prozesse") Code:
ATTFilter ComboFix 13-08-22.01 - BK 22.08.2013 21:51:59.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4060.1616 [GMT 2:00]
ausgeführt von:: c:\users\BK\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\0tbpw.pad
c:\programdata\H6Sq7Tt.bat
c:\programdata\H6Sq7Tt.pad
c:\users\BK\AppData\Roaming\AcroIEHelpe.txt
c:\users\BK\AppData\Roaming\Microsoft\~DFK977dc9.tmp
c:\users\BK\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\BK\AppData\Roaming\Microsoft\bass.dll
c:\users\BK\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\BK\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\BK\AppData\Roaming\Microsoft\peaadje.dll
c:\users\BK\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\BK\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\BK\AppData\Roaming\srvblck5.tmp
c:\windows\IsUn0407.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-22 bis 2013-08-22 ))))))))))))))))))))))))))))))
.
.
2013-08-22 18:24 . 2013-08-22 18:24 -------- d-----w- C:\FRST
2013-08-20 21:45 . 2013-08-20 21:45 -------- d-----w- c:\users\BK\AppData\Local\avgchrome
2013-08-20 21:44 . 2013-08-20 21:44 -------- d-----w- c:\programdata\Babylon
2013-08-20 21:43 . 2013-08-20 22:12 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-08-19 18:23 . 2013-08-19 18:23 -------- d-----w- c:\users\BK\AppData\Roaming\Avira
2013-08-19 18:17 . 2013-08-19 18:06 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-19 18:17 . 2013-08-19 18:06 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-19 18:17 . 2013-08-19 18:06 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-19 18:16 . 2013-08-19 18:17 -------- d-----w- c:\programdata\Avira
2013-08-19 18:16 . 2013-08-19 18:16 -------- d-----w- c:\program files (x86)\Avira
2013-08-18 10:08 . 2013-08-18 10:11 -------- d-----w- c:\windows\system32\MRT
2013-08-18 09:52 . 2013-08-18 09:52 -------- d-----w- C:\found.000
2013-08-17 22:59 . 2013-08-17 22:59 70 ----a-w- c:\programdata\dfitrbruvdigcsdwlpv.bat
2013-08-17 22:59 . 2013-08-17 22:59 165 ----a-w- c:\programdata\dfitrbruvdigcsdwlpv.reg
2013-08-03 10:45 . 2013-08-03 10:45 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-08-03 10:45 . 2013-08-03 10:45 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-08-03 10:45 . 2013-08-03 10:45 263576 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-03 10:45 . 2013-08-03 10:45 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-08-03 10:45 . 2013-08-03 10:45 193824 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-08-03 10:45 . 2013-08-03 10:45 117144 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-08-03 10:45 . 2013-08-03 10:45 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-08-03 10:45 . 2013-08-03 10:45 92056 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-08-03 10:45 . 2013-08-03 10:45 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-08-03 10:45 . 2013-08-03 10:45 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 21:53 . 2012-04-01 15:30 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 21:53 . 2012-04-01 15:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-18 10:07 . 2006-11-02 12:35 78161360 ----a-w- c:\windows\system32\mrt.exe
2013-07-08 04:16 . 2013-08-17 22:32 43008 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-04 02:03 . 2013-07-12 20:51 2775040 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:19 . 2013-07-12 20:52 619008 ----a-w- c:\windows\system32\qedit.dll
2013-06-01 04:06 . 2013-07-12 20:52 505344 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2013-08-18 2928040]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-19 345144]
.
c:\users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
Dropbox.lnk - c:\users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-03 02:59 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:54]
.
2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02 11:13]
.
2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02 11:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - user.js: extensions.mixidj.tlbrSrchUrl -
FF - user.js: extensions.mixidj.id - fa79c3e200000000000000265e39a1fb
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15937
FF - user.js: extensions.mixidj.vrsn - 1.8.18.8
FF - user.js: extensions.mixidj.vrsni - 1.8.18.8
FF - user.js: extensions.mixidj.vrsnTs - 1.8.18.823:45
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - baseyh
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - de
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.ffxUnstlRst - false
FF - user.js: extensions.mixidj.admin - false
FF - user.js: extensions.mixidj.autoRvrt - false
FF - user.js: extensions.mixidj.rvrt - false
FF - user.js: extensions.mixidj.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dfitrbruvdigcsdwlpv.lnk - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-22 22:10:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-22 20:10
.
Vor Suchlauf: 20 Verzeichnis(se), 142.326.349.824 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 148.648.710.144 Bytes frei
.
- - End Of File - - 37F4D5674ED29A40B5988C69074E981F
CDB4DE4BBD714F152979DA2DCBEF57EB
|
|
22.08.2013, 21:35
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall lässt sich nicht aktivieren Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.08.2013, 22:13
| #9 |
| | Windows Firewall lässt sich nicht aktivieren Logfile von MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org
Database version: v2013.08.22.08
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Boris Kannowski :: BK-PC [administrator]
22.08.2013 22:51:44
mbar-log-2013-08-22 (22-51-44).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 274019
Time elapsed: 15 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
22.08.2013, 22:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall lässt sich nicht aktivieren TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.08.2013, 22:35
| #11 |
| | Windows Firewall lässt sich nicht aktivieren TDSSKiller Logfile: Code:
ATTFilter 23:31:12.0301 3136 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:31:12.0516 3136 ============================================================
23:31:12.0517 3136 Current date / time: 2013/08/22 23:31:12.0516
23:31:12.0517 3136 SystemInfo:
23:31:12.0517 3136
23:31:12.0517 3136 OS Version: 6.0.6002 ServicePack: 2.0
23:31:12.0517 3136 Product type: Workstation
23:31:12.0517 3136 ComputerName: BK-PC
23:31:12.0517 3136 UserName: BK
23:31:12.0517 3136 Windows directory: C:\Windows
23:31:12.0517 3136 System windows directory: C:\Windows
23:31:12.0517 3136 Running under WOW64
23:31:12.0517 3136 Processor architecture: Intel x64
23:31:12.0517 3136 Number of processors: 2
23:31:12.0517 3136 Page size: 0x1000
23:31:12.0517 3136 Boot type: Normal boot
23:31:12.0517 3136 ============================================================
23:31:13.0721 3136 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:31:13.0729 3136 ============================================================
23:31:13.0729 3136 \Device\Harddisk0\DR0:
23:31:13.0730 3136 MBR partitions:
23:31:13.0730 3136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
23:31:13.0730 3136 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
23:31:13.0730 3136 ============================================================
23:31:13.0774 3136 C: <-> \Device\Harddisk0\DR0\Partition2
23:31:13.0806 3136 D: <-> \Device\Harddisk0\DR0\Partition1
23:31:13.0806 3136 ============================================================
23:31:13.0806 3136 Initialize success
23:31:13.0806 3136 ============================================================
23:32:24.0275 3220 ============================================================
23:32:24.0275 3220 Scan started
23:32:24.0275 3220 Mode: Manual; SigCheck; TDLFS;
23:32:24.0275 3220 ============================================================
23:32:24.0729 3220 ================ Scan system memory ========================
23:32:24.0729 3220 System memory - ok
23:32:24.0730 3220 ================ Scan services =============================
23:32:24.0830 3220 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
23:32:24.0990 3220 a2acc - ok
23:32:25.0126 3220 [ 4B9C5EEBEE862574CF794582104F0C91 ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
23:32:25.0312 3220 a2AntiMalware - ok
23:32:25.0349 3220 [ D27A8B7BB0E15DFBFC6B4E774EE17AD9 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
23:32:25.0365 3220 A2DDA - ok
23:32:25.0502 3220 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:32:25.0531 3220 ACPI - ok
23:32:25.0636 3220 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:32:25.0664 3220 AdobeFlashPlayerUpdateSvc - ok
23:32:25.0725 3220 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:32:25.0768 3220 adp94xx - ok
23:32:25.0821 3220 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:32:25.0857 3220 adpahci - ok
23:32:25.0874 3220 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:32:25.0899 3220 adpu160m - ok
23:32:25.0924 3220 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:32:25.0950 3220 adpu320 - ok
23:32:25.0995 3220 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:32:26.0182 3220 AeLookupSvc - ok
23:32:26.0324 3220 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
23:32:26.0387 3220 AESTFilters - ok
23:32:26.0465 3220 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
23:32:26.0563 3220 AFD - ok
23:32:26.0602 3220 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:32:26.0626 3220 agp440 - ok
23:32:26.0671 3220 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:32:26.0696 3220 aic78xx - ok
23:32:26.0726 3220 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
23:32:26.0925 3220 ALG - ok
23:32:26.0963 3220 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
23:32:26.0986 3220 aliide - ok
23:32:27.0011 3220 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
23:32:27.0033 3220 amdide - ok
23:32:27.0052 3220 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:32:27.0111 3220 AmdK8 - ok
23:32:27.0176 3220 [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:32:27.0193 3220 AntiVirSchedulerService - ok
23:32:27.0209 3220 [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:32:27.0231 3220 AntiVirService - ok
23:32:27.0267 3220 [ 53DDEA96AA407C3E2BCEF68A44E31A59 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
23:32:27.0314 3220 AntiVirWebService - ok
23:32:27.0393 3220 [ AD12F5C7251BB8D575D560894E73CBBA ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
23:32:27.0414 3220 Apowersoft_AudioDevice - ok
23:32:27.0471 3220 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
23:32:27.0534 3220 Appinfo - ok
23:32:27.0612 3220 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:32:27.0636 3220 Apple Mobile Device - ok
23:32:27.0704 3220 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
23:32:27.0728 3220 arc - ok
23:32:27.0778 3220 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:32:27.0804 3220 arcsas - ok
23:32:27.0844 3220 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:32:27.0929 3220 AsyncMac - ok
23:32:27.0978 3220 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
23:32:28.0002 3220 atapi - ok
23:32:28.0063 3220 [ 00DACE1D9A0DA60215022C6B1FAC1673 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
23:32:28.0227 3220 Ati External Event Utility - ok
23:32:28.0400 3220 [ CEF278088637401F07A0064B0B900A32 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:32:29.0048 3220 atikmdag - ok
23:32:29.0148 3220 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:32:29.0229 3220 AudioEndpointBuilder - ok
23:32:29.0270 3220 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:32:29.0361 3220 AudioSrv - ok
23:32:29.0408 3220 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:32:29.0433 3220 avgntflt - ok
23:32:29.0455 3220 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:32:29.0478 3220 avipbb - ok
23:32:29.0494 3220 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:32:29.0514 3220 avkmgr - ok
23:32:29.0557 3220 [ A7C9995BA861FCE78B2CEAAE61D39FD7 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
23:32:29.0576 3220 BCM42RLY - ok
23:32:29.0657 3220 [ 912012B708A7D8E8CE2EE55AFB663DFF ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
23:32:29.0776 3220 BCM43XX - ok
23:32:29.0823 3220 Beep - ok
23:32:29.0872 3220 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
23:32:29.0971 3220 BFE - ok
23:32:30.0078 3220 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
23:32:30.0209 3220 BITS - ok
23:32:30.0249 3220 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:32:30.0326 3220 blbdrive - ok
23:32:30.0400 3220 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:32:30.0432 3220 Bonjour Service - ok
23:32:30.0461 3220 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:32:30.0511 3220 bowser - ok
23:32:30.0537 3220 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:32:30.0582 3220 BrFiltLo - ok
23:32:30.0601 3220 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:32:30.0659 3220 BrFiltUp - ok
23:32:30.0700 3220 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
23:32:30.0780 3220 Browser - ok
23:32:30.0816 3220 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
23:32:31.0057 3220 Brserid - ok
23:32:31.0089 3220 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:32:31.0195 3220 BrSerWdm - ok
23:32:31.0209 3220 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:32:31.0289 3220 BrUsbMdm - ok
23:32:31.0311 3220 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:32:31.0379 3220 BrUsbSer - ok
23:32:31.0413 3220 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:32:31.0481 3220 BTHMODEM - ok
23:32:31.0514 3220 catchme - ok
23:32:31.0527 3220 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:32:31.0585 3220 cdfs - ok
23:32:31.0647 3220 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:32:31.0691 3220 cdrom - ok
23:32:31.0734 3220 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
23:32:31.0787 3220 CertPropSvc - ok
23:32:31.0807 3220 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
23:32:31.0853 3220 circlass - ok
23:32:31.0910 3220 [ 3C6A8D415FF38AFEB03A6206213D9D96 ] cleanhlp C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys
23:32:31.0927 3220 cleanhlp - ok
23:32:31.0980 3220 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
23:32:32.0019 3220 CLFS - ok
23:32:32.0104 3220 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:32:32.0127 3220 clr_optimization_v2.0.50727_32 - ok
23:32:32.0182 3220 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:32:32.0204 3220 clr_optimization_v2.0.50727_64 - ok
23:32:32.0276 3220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:32:32.0301 3220 clr_optimization_v4.0.30319_32 - ok
23:32:32.0342 3220 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:32:32.0363 3220 clr_optimization_v4.0.30319_64 - ok
23:32:32.0392 3220 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:32:32.0492 3220 CmBatt - ok
23:32:32.0516 3220 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:32:32.0537 3220 cmdide - ok
23:32:32.0581 3220 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:32:32.0605 3220 Compbatt - ok
23:32:32.0613 3220 COMSysApp - ok
23:32:32.0624 3220 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:32:32.0647 3220 crcdisk - ok
23:32:32.0698 3220 [ 5AAC48EAF8EACF247DB44FB61B900D89 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:32:32.0747 3220 CryptSvc - ok
23:32:32.0777 3220 [ 0D260D60FC1302E482850BB8F432D8D5 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:32:32.0820 3220 CtClsFlt - ok
23:32:32.0884 3220 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:32:32.0992 3220 DcomLaunch - ok
23:32:33.0023 3220 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:32:33.0062 3220 DfsC - ok
23:32:33.0186 3220 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
23:32:33.0406 3220 DFSR - ok
23:32:33.0467 3220 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:32:33.0533 3220 Dhcp - ok
23:32:33.0563 3220 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
23:32:33.0591 3220 disk - ok
23:32:33.0651 3220 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:32:33.0705 3220 Dnscache - ok
23:32:33.0770 3220 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
23:32:33.0790 3220 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
23:32:33.0790 3220 DockLoginService - detected UnsignedFile.Multi.Generic (1)
23:32:33.0837 3220 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
23:32:33.0898 3220 dot3svc - ok
23:32:33.0945 3220 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
23:32:34.0007 3220 DPS - ok
23:32:34.0069 3220 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:32:34.0128 3220 drmkaud - ok
23:32:34.0179 3220 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:32:34.0251 3220 DXGKrnl - ok
23:32:34.0292 3220 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
23:32:34.0377 3220 e1express - ok
23:32:34.0410 3220 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
23:32:34.0483 3220 E1G60 - ok
23:32:34.0522 3220 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
23:32:34.0587 3220 EapHost - ok
23:32:34.0653 3220 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
23:32:34.0684 3220 Ecache - ok
23:32:34.0749 3220 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:32:34.0814 3220 ehRecvr - ok
23:32:34.0851 3220 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
23:32:34.0886 3220 ehSched - ok
23:32:34.0900 3220 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
23:32:34.0961 3220 ehstart - ok
23:32:35.0005 3220 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:32:35.0041 3220 elxstor - ok
23:32:35.0097 3220 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:32:35.0209 3220 EMDMgmt - ok
23:32:35.0235 3220 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:32:35.0282 3220 ErrDev - ok
23:32:35.0344 3220 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
23:32:35.0439 3220 EventSystem - ok
23:32:35.0478 3220 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
23:32:35.0548 3220 exfat - ok
23:32:35.0595 3220 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:32:35.0660 3220 fastfat - ok
23:32:35.0679 3220 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:32:35.0737 3220 fdc - ok
23:32:35.0767 3220 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
23:32:35.0836 3220 fdPHost - ok
23:32:35.0854 3220 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
23:32:35.0961 3220 FDResPub - ok
23:32:35.0978 3220 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:32:36.0004 3220 FileInfo - ok
23:32:36.0019 3220 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:32:36.0082 3220 Filetrace - ok
23:32:36.0106 3220 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:32:36.0163 3220 flpydisk - ok
23:32:36.0214 3220 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:32:36.0250 3220 FltMgr - ok
23:32:36.0327 3220 [ F20A97F51C104DD0A163251325460747 ] FontCache C:\Windows\system32\FntCache.dll
23:32:36.0453 3220 FontCache - ok
23:32:36.0532 3220 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:32:36.0552 3220 FontCache3.0.0.0 - ok
23:32:36.0577 3220 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:32:36.0629 3220 Fs_Rec - ok
23:32:36.0659 3220 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:32:36.0683 3220 gagp30kx - ok
23:32:36.0734 3220 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:32:36.0753 3220 GEARAspiWDM - ok
23:32:36.0820 3220 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
23:32:36.0893 3220 gpsvc - ok
23:32:36.0946 3220 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:32:36.0968 3220 gupdate - ok
23:32:36.0980 3220 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:32:37.0000 3220 gupdatem - ok
23:32:37.0052 3220 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:32:37.0107 3220 HdAudAddService - ok
23:32:37.0167 3220 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:32:37.0294 3220 HDAudBus - ok
23:32:37.0334 3220 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:32:37.0438 3220 HidBth - ok
23:32:37.0461 3220 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:32:37.0566 3220 HidIr - ok
23:32:37.0617 3220 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
23:32:37.0695 3220 hidserv - ok
23:32:37.0736 3220 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:32:37.0792 3220 HidUsb - ok
23:32:37.0816 3220 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
23:32:37.0878 3220 hkmsvc - ok
23:32:37.0918 3220 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:32:37.0942 3220 HpCISSs - ok
23:32:37.0996 3220 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:32:38.0093 3220 HTTP - ok
23:32:38.0112 3220 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:32:38.0126 3220 i2omp - ok
23:32:38.0159 3220 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:32:38.0213 3220 i8042prt - ok
23:32:38.0240 3220 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:32:38.0259 3220 iaStorV - ok
23:32:38.0345 3220 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:32:38.0394 3220 idsvc - ok
23:32:38.0433 3220 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:32:38.0449 3220 iirsp - ok
23:32:38.0521 3220 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
23:32:38.0603 3220 IKEEXT - ok
23:32:38.0646 3220 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
23:32:38.0669 3220 intelide - ok
23:32:38.0685 3220 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:32:38.0760 3220 intelppm - ok
23:32:38.0780 3220 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:32:38.0851 3220 IPBusEnum - ok
23:32:38.0912 3220 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:32:38.0974 3220 IpFilterDriver - ok
23:32:39.0024 3220 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:32:39.0087 3220 iphlpsvc - ok
23:32:39.0094 3220 IpInIp - ok
23:32:39.0120 3220 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:32:39.0188 3220 IPMIDRV - ok
23:32:39.0212 3220 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:32:39.0298 3220 IPNAT - ok
23:32:39.0355 3220 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:32:39.0408 3220 iPod Service - ok
23:32:39.0447 3220 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:32:39.0523 3220 IRENUM - ok
23:32:39.0563 3220 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:32:39.0587 3220 isapnp - ok
23:32:39.0644 3220 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:32:39.0673 3220 iScsiPrt - ok
23:32:39.0705 3220 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:32:39.0726 3220 iteatapi - ok
23:32:39.0766 3220 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:32:39.0788 3220 iteraid - ok
23:32:39.0826 3220 [ EB5C7891B9E6E4A1A4428F2160B12B53 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
23:32:39.0871 3220 k57nd60a - ok
23:32:39.0887 3220 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:32:39.0913 3220 kbdclass - ok
23:32:39.0943 3220 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:32:40.0014 3220 kbdhid - ok
23:32:40.0058 3220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
23:32:40.0124 3220 KeyIso - ok
23:32:40.0152 3220 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:32:40.0207 3220 KSecDD - ok
23:32:40.0229 3220 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:32:40.0306 3220 ksthunk - ok
23:32:40.0345 3220 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
23:32:40.0485 3220 KtmRm - ok
23:32:40.0546 3220 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:32:40.0602 3220 LanmanServer - ok
23:32:40.0650 3220 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:32:40.0707 3220 LanmanWorkstation - ok
23:32:40.0730 3220 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:32:40.0808 3220 lltdio - ok
23:32:40.0855 3220 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:32:40.0937 3220 lltdsvc - ok
23:32:40.0964 3220 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:32:41.0036 3220 lmhosts - ok
23:32:41.0086 3220 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:32:41.0116 3220 LSI_FC - ok
23:32:41.0138 3220 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:32:41.0163 3220 LSI_SAS - ok
23:32:41.0201 3220 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:32:41.0227 3220 LSI_SCSI - ok
23:32:41.0259 3220 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
23:32:41.0338 3220 luafv - ok
23:32:41.0364 3220 mbamswissarmy - ok
23:32:41.0430 3220 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
23:32:41.0456 3220 McComponentHostService - ok
23:32:41.0506 3220 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:32:41.0531 3220 Mcx2Svc - ok
23:32:41.0568 3220 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
23:32:41.0591 3220 megasas - ok
23:32:41.0642 3220 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:32:41.0680 3220 MegaSR - ok
23:32:41.0699 3220 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
23:32:41.0778 3220 MMCSS - ok
23:32:41.0799 3220 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
23:32:41.0859 3220 Modem - ok
23:32:41.0883 3220 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:32:41.0920 3220 monitor - ok
23:32:41.0928 3220 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:32:41.0944 3220 mouclass - ok
23:32:41.0975 3220 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:32:42.0022 3220 mouhid - ok
23:32:42.0044 3220 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:32:42.0061 3220 MountMgr - ok
23:32:42.0101 3220 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:32:42.0117 3220 MozillaMaintenance - ok
23:32:42.0140 3220 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
23:32:42.0156 3220 mpio - ok
23:32:42.0188 3220 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:32:42.0247 3220 mpsdrv - ok
23:32:42.0329 3220 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
23:32:42.0391 3220 MpsSvc - ok
23:32:42.0406 3220 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:32:42.0423 3220 Mraid35x - ok
23:32:42.0458 3220 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:32:42.0495 3220 MRxDAV - ok
23:32:42.0525 3220 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:32:42.0612 3220 mrxsmb - ok
23:32:42.0623 3220 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:32:42.0671 3220 mrxsmb10 - ok
23:32:42.0693 3220 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:32:42.0736 3220 mrxsmb20 - ok
23:32:42.0787 3220 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
23:32:42.0813 3220 msahci - ok
23:32:42.0849 3220 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:32:42.0877 3220 msdsm - ok
23:32:42.0913 3220 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
23:32:43.0015 3220 MSDTC - ok
23:32:43.0049 3220 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:32:43.0125 3220 Msfs - ok
23:32:43.0151 3220 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:32:43.0175 3220 msisadrv - ok
23:32:43.0207 3220 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:32:43.0289 3220 MSiSCSI - ok
23:32:43.0296 3220 msiserver - ok
23:32:43.0319 3220 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:32:43.0398 3220 MSKSSRV - ok
23:32:43.0422 3220 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:32:43.0499 3220 MSPCLOCK - ok
23:32:43.0531 3220 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:32:43.0601 3220 MSPQM - ok
23:32:43.0654 3220 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:32:43.0689 3220 MsRPC - ok
23:32:43.0711 3220 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:32:43.0734 3220 mssmbios - ok
23:32:43.0756 3220 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:32:43.0834 3220 MSTEE - ok
23:32:43.0862 3220 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
23:32:43.0891 3220 Mup - ok
23:32:43.0947 3220 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
23:32:44.0038 3220 napagent - ok
23:32:44.0105 3220 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:32:44.0150 3220 NativeWifiP - ok
23:32:44.0214 3220 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:32:44.0272 3220 NDIS - ok
23:32:44.0280 3220 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:32:44.0341 3220 NdisTapi - ok
23:32:44.0357 3220 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:32:44.0428 3220 Ndisuio - ok
23:32:44.0478 3220 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:32:44.0544 3220 NdisWan - ok
23:32:44.0565 3220 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:32:44.0623 3220 NDProxy - ok
23:32:44.0647 3220 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:32:44.0726 3220 NetBIOS - ok
23:32:44.0780 3220 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:32:44.0845 3220 netbt - ok
23:32:44.0872 3220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
23:32:44.0897 3220 Netlogon - ok
23:32:44.0942 3220 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
23:32:45.0047 3220 Netman - ok
23:32:45.0077 3220 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
23:32:45.0161 3220 netprofm - ok
23:32:45.0200 3220 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:32:45.0222 3220 NetTcpPortSharing - ok
23:32:45.0255 3220 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:32:45.0277 3220 nfrd960 - ok
23:32:45.0314 3220 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
23:32:45.0395 3220 NlaSvc - ok
23:32:45.0441 3220 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:32:45.0498 3220 Npfs - ok
23:32:45.0522 3220 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
23:32:45.0593 3220 nsi - ok
23:32:45.0600 3220 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:32:45.0672 3220 nsiproxy - ok
23:32:45.0745 3220 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:32:45.0849 3220 Ntfs - ok
23:32:45.0867 3220 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
23:32:45.0941 3220 Null - ok
23:32:45.0962 3220 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:32:45.0987 3220 nvraid - ok
23:32:46.0012 3220 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:32:46.0036 3220 nvstor - ok
23:32:46.0061 3220 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:32:46.0087 3220 nv_agp - ok
23:32:46.0095 3220 NwlnkFlt - ok
23:32:46.0101 3220 NwlnkFwd - ok
23:32:46.0152 3220 [ 404B0121AE1A75D9A63B6934EB07C258 ] OA008Ufd C:\Windows\system32\DRIVERS\OA008Ufd.sys
23:32:46.0207 3220 OA008Ufd - ok
23:32:46.0234 3220 [ 126885007E8F601861165FC77C93F1BE ] OA008Vid C:\Windows\system32\DRIVERS\OA008Vid.sys
23:32:46.0268 3220 OA008Vid - ok
23:32:46.0356 3220 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:32:46.0390 3220 odserv - ok
23:32:46.0461 3220 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:32:46.0516 3220 ohci1394 - ok
23:32:46.0553 3220 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:32:46.0575 3220 ose - ok
23:32:46.0646 3220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:32:46.0768 3220 p2pimsvc - ok
23:32:46.0806 3220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
23:32:46.0848 3220 p2psvc - ok
23:32:46.0901 3220 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
23:32:47.0008 3220 Parport - ok
23:32:47.0045 3220 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:32:47.0068 3220 partmgr - ok
23:32:47.0092 3220 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
23:32:47.0145 3220 PcaSvc - ok
23:32:47.0183 3220 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
23:32:47.0201 3220 pci - ok
23:32:47.0220 3220 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
23:32:47.0233 3220 pciide - ok
23:32:47.0284 3220 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:32:47.0300 3220 pcmcia - ok
23:32:47.0342 3220 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:32:47.0452 3220 PEAUTH - ok
23:32:47.0546 3220 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:32:47.0601 3220 PerfHost - ok
23:32:47.0673 3220 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
23:32:47.0780 3220 pla - ok
23:32:47.0824 3220 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:32:47.0864 3220 PlugPlay - ok
23:32:47.0900 3220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:32:47.0935 3220 PNRPAutoReg - ok
23:32:47.0989 3220 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:32:48.0022 3220 PNRPsvc - ok
23:32:48.0083 3220 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:32:48.0170 3220 PolicyAgent - ok
23:32:48.0219 3220 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:32:48.0284 3220 PptpMiniport - ok
23:32:48.0320 3220 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
23:32:48.0402 3220 Processor - ok
23:32:48.0451 3220 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
23:32:48.0526 3220 ProfSvc - ok
23:32:48.0552 3220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
23:32:48.0579 3220 ProtectedStorage - ok
23:32:48.0628 3220 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:32:48.0674 3220 PSched - ok
23:32:48.0728 3220 [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
23:32:48.0747 3220 PxHlpa64 - ok
23:32:48.0803 3220 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:32:48.0910 3220 ql2300 - ok
23:32:48.0956 3220 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:32:48.0980 3220 ql40xx - ok
23:32:49.0028 3220 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
23:32:49.0076 3220 QWAVE - ok
23:32:49.0097 3220 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:32:49.0123 3220 QWAVEdrv - ok
23:32:49.0279 3220 [ CEF278088637401F07A0064B0B900A32 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
23:32:49.0542 3220 R300 - ok
23:32:49.0576 3220 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:32:49.0649 3220 RasAcd - ok
23:32:49.0686 3220 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
23:32:49.0748 3220 RasAuto - ok
23:32:49.0803 3220 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:32:49.0850 3220 Rasl2tp - ok
23:32:49.0873 3220 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
23:32:49.0941 3220 RasMan - ok
23:32:49.0985 3220 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:32:50.0043 3220 RasPppoe - ok
23:32:50.0080 3220 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:32:50.0108 3220 RasSstp - ok
23:32:50.0155 3220 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:32:50.0209 3220 rdbss - ok
23:32:50.0237 3220 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:32:50.0296 3220 RDPCDD - ok
23:32:50.0332 3220 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:32:50.0400 3220 rdpdr - ok
23:32:50.0406 3220 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:32:50.0488 3220 RDPENCDD - ok
23:32:50.0521 3220 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:32:50.0613 3220 RDPWD - ok
23:32:50.0644 3220 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:32:50.0722 3220 RemoteAccess - ok
23:32:50.0766 3220 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:32:50.0829 3220 RemoteRegistry - ok
23:32:50.0863 3220 [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
23:32:50.0918 3220 rimmptsk - ok
23:32:50.0934 3220 [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
23:32:50.0987 3220 rimsptsk - ok
23:32:51.0012 3220 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
23:32:51.0045 3220 rismxdp - ok
23:32:51.0071 3220 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
23:32:51.0112 3220 RpcLocator - ok
23:32:51.0152 3220 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
23:32:51.0213 3220 RpcSs - ok
23:32:51.0250 3220 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:32:51.0311 3220 rspndr - ok
23:32:51.0320 3220 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
23:32:51.0345 3220 SamSs - ok
23:32:51.0381 3220 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:32:51.0397 3220 sbp2port - ok
23:32:51.0437 3220 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:32:51.0486 3220 SCardSvr - ok
23:32:51.0532 3220 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
23:32:51.0637 3220 Schedule - ok
23:32:51.0679 3220 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:32:51.0713 3220 SCPolicySvc - ok
23:32:51.0757 3220 [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:32:51.0808 3220 sdbus - ok
23:32:51.0843 3220 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:32:51.0898 3220 SDRSVC - ok
23:32:51.0952 3220 [ 58DC20EB15F071804C56FCCC796417A2 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:32:51.0972 3220 SeaPort - ok
23:32:51.0986 3220 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:32:52.0054 3220 secdrv - ok
23:32:52.0067 3220 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
23:32:52.0119 3220 seclogon - ok
23:32:52.0138 3220 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
23:32:52.0194 3220 SENS - ok
23:32:52.0234 3220 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:32:52.0301 3220 Serenum - ok
23:32:52.0320 3220 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
23:32:52.0395 3220 Serial - ok
23:32:52.0416 3220 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:32:52.0473 3220 sermouse - ok
23:32:52.0508 3220 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
23:32:52.0554 3220 SessionEnv - ok
23:32:52.0583 3220 [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:32:52.0621 3220 sffdisk - ok
23:32:52.0635 3220 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:32:52.0682 3220 sffp_mmc - ok
23:32:52.0692 3220 [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:32:52.0743 3220 sffp_sd - ok
23:32:52.0764 3220 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:32:52.0873 3220 sfloppy - ok
23:32:52.0936 3220 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:32:53.0048 3220 SharedAccess - ok
23:32:53.0079 3220 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:32:53.0130 3220 ShellHWDetection - ok
23:32:53.0160 3220 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:32:53.0185 3220 SiSRaid2 - ok
23:32:53.0211 3220 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:32:53.0235 3220 SiSRaid4 - ok
23:32:53.0296 3220 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:32:53.0317 3220 SkypeUpdate - ok
23:32:53.0428 3220 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
23:32:53.0631 3220 slsvc - ok
23:32:53.0677 3220 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:32:53.0751 3220 SLUINotify - ok
23:32:53.0794 3220 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:32:53.0863 3220 Smb - ok
23:32:53.0913 3220 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:32:53.0958 3220 SNMPTRAP - ok
23:32:54.0006 3220 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
23:32:54.0030 3220 spldr - ok
23:32:54.0064 3220 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
23:32:54.0123 3220 Spooler - ok
23:32:54.0203 3220 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
23:32:54.0225 3220 sprtsvc_DellSupportCenter - ok
23:32:54.0265 3220 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
23:32:54.0338 3220 srv - ok
23:32:54.0417 3220 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:32:54.0473 3220 srv2 - ok
23:32:54.0493 3220 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:32:54.0538 3220 srvnet - ok
23:32:54.0569 3220 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:32:54.0635 3220 SSDPSRV - ok
23:32:54.0661 3220 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:32:54.0707 3220 SstpSvc - ok
23:32:54.0818 3220 [ C5DF63AE2693C9B6B01B4A2E6C1C64AC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
23:32:54.0867 3220 STacSV - ok
23:32:54.0906 3220 [ BA16447226ABFD342E130D2F24F73D32 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
23:32:54.0941 3220 STHDA - ok
23:32:54.0994 3220 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
23:32:55.0097 3220 stisvc - ok
23:32:55.0161 3220 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:32:55.0179 3220 stllssvr - ok
23:32:55.0214 3220 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:32:55.0235 3220 swenum - ok
23:32:55.0297 3220 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
23:32:55.0397 3220 swprv - ok
23:32:55.0427 3220 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:32:55.0450 3220 Symc8xx - ok
23:32:55.0472 3220 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:32:55.0493 3220 Sym_hi - ok
23:32:55.0506 3220 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:32:55.0528 3220 Sym_u3 - ok
23:32:55.0594 3220 [ 79A93EC9D224B1F43C0E2F023D61DCA3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:32:55.0622 3220 SynTP - ok
23:32:55.0700 3220 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
23:32:55.0827 3220 SysMain - ok
23:32:55.0863 3220 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:32:55.0921 3220 TabletInputService - ok
23:32:56.0089 3220 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:32:56.0184 3220 TapiSrv - ok
23:32:56.0210 3220 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
23:32:56.0291 3220 TBS - ok
23:32:56.0353 3220 [ C2CB949645C299E23FBFD26CAD3FC96E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:32:56.0467 3220 Tcpip - ok
23:32:56.0514 3220 [ C2CB949645C299E23FBFD26CAD3FC96E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:32:56.0612 3220 Tcpip6 - ok
23:32:56.0646 3220 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:32:56.0696 3220 tcpipreg - ok
23:32:56.0735 3220 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:32:56.0810 3220 TDPIPE - ok
23:32:56.0836 3220 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:32:56.0916 3220 TDTCP - ok
23:32:56.0956 3220 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:32:57.0017 3220 tdx - ok
23:32:57.0064 3220 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:32:57.0090 3220 TermDD - ok
23:32:57.0150 3220 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
23:32:57.0244 3220 TermService - ok
23:32:57.0270 3220 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
23:32:57.0303 3220 Themes - ok
23:32:57.0331 3220 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
23:32:57.0391 3220 THREADORDER - ok
23:32:57.0415 3220 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
23:32:57.0493 3220 TrkWks - ok
23:32:57.0566 3220 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:32:57.0619 3220 TrustedInstaller - ok
23:32:57.0646 3220 [ B2388462329ACD17AF50D8701E0C1B18 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:32:57.0685 3220 tssecsrv - ok
23:32:57.0707 3220 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:32:57.0743 3220 tunmp - ok
23:32:57.0789 3220 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:32:57.0824 3220 tunnel - ok
23:32:57.0850 3220 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:32:57.0874 3220 uagp35 - ok
23:32:57.0918 3220 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:32:57.0980 3220 udfs - ok
23:32:58.0014 3220 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:32:58.0092 3220 UI0Detect - ok
23:32:58.0103 3220 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:32:58.0128 3220 uliagpkx - ok
23:32:58.0150 3220 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:32:58.0181 3220 uliahci - ok
23:32:58.0204 3220 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:32:58.0229 3220 UlSata - ok
23:32:58.0249 3220 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:32:58.0273 3220 ulsata2 - ok
23:32:58.0295 3220 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:32:58.0355 3220 umbus - ok
23:32:58.0382 3220 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
23:32:58.0446 3220 upnphost - ok
23:32:58.0492 3220 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:32:58.0514 3220 USBAAPL64 - ok
23:32:58.0572 3220 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:32:58.0621 3220 usbccgp - ok
23:32:58.0638 3220 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:32:58.0716 3220 usbcir - ok
23:32:58.0757 3220 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:32:58.0803 3220 usbehci - ok
23:32:58.0849 3220 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:32:58.0900 3220 usbhub - ok
23:32:58.0925 3220 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:32:59.0026 3220 usbohci - ok
23:32:59.0049 3220 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:32:59.0164 3220 usbprint - ok
23:32:59.0206 3220 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:32:59.0284 3220 USBSTOR - ok
23:32:59.0325 3220 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:32:59.0370 3220 usbuhci - ok
23:32:59.0408 3220 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
23:32:59.0454 3220 UxSms - ok
23:32:59.0504 3220 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
23:32:59.0574 3220 vds - ok
23:32:59.0601 3220 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:32:59.0661 3220 vga - ok
23:32:59.0680 3220 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:32:59.0741 3220 VgaSave - ok
23:32:59.0767 3220 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
23:32:59.0780 3220 viaide - ok
23:32:59.0825 3220 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:32:59.0842 3220 volmgr - ok
23:32:59.0897 3220 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:32:59.0924 3220 volmgrx - ok
23:32:59.0978 3220 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:33:00.0001 3220 volsnap - ok
23:33:00.0018 3220 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:33:00.0036 3220 vsmraid - ok
23:33:00.0112 3220 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
23:33:00.0223 3220 VSS - ok
23:33:00.0285 3220 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
23:33:00.0381 3220 W32Time - ok
23:33:00.0407 3220 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:33:00.0483 3220 WacomPen - ok
23:33:00.0533 3220 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:33:00.0581 3220 Wanarp - ok
23:33:00.0586 3220 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:33:00.0615 3220 Wanarpv6 - ok
23:33:00.0644 3220 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:33:00.0683 3220 wcncsvc - ok
23:33:00.0732 3220 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:33:00.0781 3220 WcsPlugInService - ok
23:33:00.0815 3220 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
23:33:00.0833 3220 Wd - ok
23:33:00.0884 3220 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:33:00.0923 3220 Wdf01000 - ok
23:33:00.0946 3220 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:33:01.0006 3220 WdiServiceHost - ok
23:33:01.0010 3220 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:33:01.0059 3220 WdiSystemHost - ok
23:33:01.0077 3220 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
23:33:01.0103 3220 WebClient - ok
23:33:01.0118 3220 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:33:01.0198 3220 Wecsvc - ok
23:33:01.0233 3220 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:33:01.0281 3220 wercplsupport - ok
23:33:01.0294 3220 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
23:33:01.0354 3220 WerSvc - ok
23:33:01.0386 3220 WinDefend - ok
23:33:01.0394 3220 WinHttpAutoProxySvc - ok
23:33:01.0468 3220 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:33:01.0536 3220 Winmgmt - ok
23:33:01.0618 3220 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
23:33:01.0760 3220 WinRM - ok
23:33:01.0807 3220 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:33:01.0916 3220 Wlansvc - ok
23:33:01.0922 3220 wltrysvc - ok
23:33:01.0970 3220 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:33:02.0031 3220 WmiAcpi - ok
23:33:02.0081 3220 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:33:02.0128 3220 wmiApSrv - ok
23:33:02.0153 3220 WMPNetworkSvc - ok
23:33:02.0178 3220 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:33:02.0231 3220 WPCSvc - ok
23:33:02.0274 3220 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:33:02.0340 3220 WPDBusEnum - ok
23:33:02.0378 3220 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:33:02.0425 3220 WpdUsb - ok
23:33:02.0534 3220 [ 8E344C1B4FE7EDE0E9055405B9987862 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:33:02.0617 3220 WPFFontCache_v0400 - ok
23:33:02.0651 3220 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:33:02.0723 3220 ws2ifsl - ok
23:33:02.0775 3220 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
23:33:02.0804 3220 wscsvc - ok
23:33:02.0811 3220 WSearch - ok
23:33:02.0914 3220 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:33:03.0097 3220 wuauserv - ok
23:33:03.0135 3220 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:33:03.0196 3220 WudfPf - ok
23:33:03.0236 3220 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:33:03.0282 3220 WUDFRd - ok
23:33:03.0324 3220 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:33:03.0370 3220 wudfsvc - ok
23:33:03.0409 3220 ================ Scan global ===============================
23:33:03.0438 3220 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
23:33:03.0473 3220 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
23:33:03.0514 3220 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
23:33:03.0571 3220 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
23:33:03.0578 3220 [Global] - ok
23:33:03.0579 3220 ================ Scan MBR ==================================
23:33:03.0597 3220 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
23:33:04.0019 3220 \Device\Harddisk0\DR0 - ok
23:33:04.0020 3220 ================ Scan VBR ==================================
23:33:04.0050 3220 [ AEFA43C8CFAE3143C881D54167C82811 ] \Device\Harddisk0\DR0\Partition1
23:33:04.0053 3220 \Device\Harddisk0\DR0\Partition1 - ok
23:33:04.0058 3220 [ B645E8026AC0CD1FC9A555595C37D59B ] \Device\Harddisk0\DR0\Partition2
23:33:04.0061 3220 \Device\Harddisk0\DR0\Partition2 - ok
23:33:04.0062 3220 ============================================================
23:33:04.0062 3220 Scan finished
23:33:04.0062 3220 ============================================================
23:33:04.0081 3460 Detected object count: 1
23:33:04.0081 3460 Actual detected object count: 1
23:33:37.0602 3460 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:37.0602 3460 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.08.2013, 22:40
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall lässt sich nicht aktivieren Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.08.2013, 18:19
| #13 |
| | Windows Firewall lässt sich nicht aktivieren Hi, hier schon Mal das Logfile von AdwCleaner: Code:
ATTFilter # AdwCleaner v3.000 - Report created 23/08/2013 at 18:50:24
# Updated 20/08/2013 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : BK - BK-PC
# Running from : C:\Users\BK\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\Program Files (x86)\MyPC Backup
[!] Folder Deleted : C:\Users\BK\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn
File Deleted : C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\searchplugins\mixidj.xml
File Deleted : C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\OCS
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16502
-\\ Mozilla Firefox v22.0 (de)
[ File : C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\prefs.js ]
-\\ Google Chrome v28.0.1500.95
[ File : C:\Users\BK\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
*************************
AdwCleaner[R0].txt - [5898 octets] - [23/08/2013 18:49:22]
AdwCleaner[S0].txt - [5833 octets] - [23/08/2013 18:50:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5893 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by BK on 23.08.2013 at 19:01:42,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsget
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184AA5E6-741D-464A-820E-94B3ABC2F3B4}
Successfully deleted the following from C:\Users\BK\AppData\Roaming\mozilla\firefox\profiles\q8fa2qmt.default\prefs.js
user_pref("iminent.displayFavLinks", "1");
user_pref("iminent.registerToolbarEvent102", "1377035335758");
user_pref("iminent.version", "7.33.3.1");
Emptied folder: C:\Users\BK\AppData\Roaming\mozilla\firefox\profiles\q8fa2qmt.default\minidumps [338 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.08.2013 at 19:12:23,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013
Ran by BK (administrator) on 23-08-2013 19:16:11
Running from C:\Users\BK\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\WINDOWS\System32\WLTRAY.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Dropbox, Inc.) C:\Users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-25] (Synaptics, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [4119552 2008-12-21] (Dell Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [2928040 2013-08-18] (Emsisoft GmbH)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1762032 2009-04-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-19] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default
FF NewTab: hxxp://www.google.com/firefox
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: LyricsGet - C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\Extensions\128
FF Extension: Bitdefender QuickScan - C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2938408 2013-08-18] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-19] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE [32768 2008-12-21] ()
==================== Drivers (Whitelisted) ====================
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-08-18] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-08-18] (Emsisoft GmbH)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-19] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-08-18] (Emsisoft GmbH)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-08-18] (Emsisoft GmbH)
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [159840 2009-03-06] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [313696 2009-05-06] (Creative Technology Ltd.)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-23 19:12 - 2013-08-23 19:12 - 00001304 _____ C:\Users\BK\Desktop\JRT.txt
2013-08-23 19:01 - 2013-08-23 19:01 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 18:59 - 2013-08-23 18:59 - 01021434 _____ (Thisisu) C:\Users\BK\Desktop\JRT.exe
2013-08-23 18:59 - 2013-08-23 18:59 - 00005872 _____ C:\Users\BK\Desktop\AdwCleaner[S0].txt
2013-08-23 18:49 - 2013-08-23 18:50 - 00000000 ____D C:\AdwCleaner
2013-08-23 18:48 - 2013-08-23 18:48 - 00975858 _____ C:\Users\BK\Desktop\adwcleaner.exe
2013-08-22 23:30 - 2013-08-22 23:30 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\BK\Desktop\tdsskiller.exe
2013-08-22 22:51 - 2013-08-22 23:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-22 22:50 - 2013-08-22 23:12 - 00000000 ____D C:\Users\BK\Desktop\mbar
2013-08-22 22:49 - 2013-08-22 22:49 - 12081912 _____ (Malwarebytes Corp.) C:\Users\BK\Desktop\mbar-1.06.1.1005.exe
2013-08-22 22:10 - 2013-08-22 22:10 - 00020509 _____ C:\ComboFix.txt
2013-08-22 21:49 - 2013-08-22 22:10 - 00000000 ____D C:\ComboFix
2013-08-22 21:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-22 21:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-22 21:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-22 21:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-22 21:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-22 21:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-22 21:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-22 21:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-22 21:46 - 2013-08-22 22:10 - 00000000 ____D C:\Qoobox
2013-08-22 21:45 - 2013-08-22 22:08 - 00000000 ____D C:\Windows\erdnt
2013-08-22 21:44 - 2013-08-22 21:44 - 05111180 ____R (Swearware) C:\Users\BK\Downloads\ComboFix.exe
2013-08-22 20:27 - 2013-08-22 21:08 - 00021298 _____ C:\Users\BK\Desktop\Addition.txt
2013-08-22 20:24 - 2013-08-22 20:24 - 00000000 ____D C:\FRST
2013-08-22 20:14 - 2013-08-22 20:14 - 00029216 _____ C:\Users\BK\Desktop\AVSCAN-20130819-211258-6EF0211E.LOG
2013-08-22 19:12 - 2013-08-22 19:25 - 00002881 _____ C:\Users\BK\Desktop\sharedaccess.reg
2013-08-22 19:05 - 2013-08-22 19:05 - 02828552 _____ (AVAST Software) C:\Users\BK\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-08-20 23:47 - 2013-08-20 23:55 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-20 23:45 - 2013-08-20 23:45 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\avgchrome
2013-08-20 23:43 - 2013-08-20 23:43 - 00001142 _____ C:\Users\BK\Desktop\Continue Free Flac to MP3.lnk
2013-08-19 20:23 - 2013-08-19 20:23 - 00000000 ____D C:\Users\BK\AppData\Roaming\Avira
2013-08-19 20:17 - 2013-08-19 20:17 - 00001903 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-19 20:17 - 2013-08-19 20:06 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-19 20:17 - 2013-08-19 20:06 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-19 20:17 - 2013-08-19 20:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-19 20:16 - 2013-08-19 20:17 - 00000000 ____D C:\ProgramData\Avira
2013-08-19 20:16 - 2013-08-19 20:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-18 12:08 - 2013-08-18 12:11 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 12:08 - 2013-08-18 12:08 - 02092792 _____ C:\Users\BK\Downloads\avira_free_antivirus(1).exe
2013-08-18 12:03 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-18 12:03 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-18 12:03 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-18 12:03 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-18 12:03 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-18 12:03 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-18 12:03 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-18 12:03 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-18 12:03 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-18 12:03 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-18 12:03 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-18 12:03 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 12:03 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 12:03 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 12:03 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 12:03 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 12:03 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-18 12:03 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-18 12:03 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-18 12:03 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 12:03 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 12:03 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-18 11:52 - 2013-08-18 11:52 - 00000000 ____D C:\found.000
2013-08-18 00:59 - 2013-08-18 00:59 - 00000165 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.reg
2013-08-18 00:59 - 2013-08-18 00:59 - 00000070 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.bat
2013-08-18 00:32 - 2013-07-17 22:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-18 00:32 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-18 00:32 - 2013-07-10 11:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-18 00:32 - 2013-07-10 11:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-18 00:32 - 2013-07-09 14:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-18 00:32 - 2013-07-09 14:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-18 00:32 - 2013-07-08 06:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-18 00:32 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-18 00:32 - 2013-07-08 06:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-18 00:32 - 2013-07-08 06:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-18 00:32 - 2013-07-08 06:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-18 00:32 - 2013-07-08 06:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-18 00:32 - 2013-07-08 06:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-18 00:32 - 2013-07-08 03:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-18 00:32 - 2013-07-08 03:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-18 00:32 - 2013-07-08 03:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-18 00:32 - 2013-07-05 06:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-18 00:32 - 2013-06-15 15:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-18 00:32 - 2013-06-15 13:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
==================== One Month Modified Files and Folders =======
2013-08-23 19:15 - 2013-08-23 19:15 - 01576474 _____ (Farbar) C:\Users\BK\Desktop\FRST64.exe
2013-08-23 19:12 - 2013-08-23 19:12 - 00001304 _____ C:\Users\BK\Desktop\JRT.txt
2013-08-23 19:01 - 2013-08-23 19:01 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 18:59 - 2013-08-23 18:59 - 01021434 _____ (Thisisu) C:\Users\BK\Desktop\JRT.exe
2013-08-23 18:59 - 2013-08-23 18:59 - 00005872 _____ C:\Users\BK\Desktop\AdwCleaner[S0].txt
2013-08-23 18:59 - 2009-08-05 13:00 - 01772866 _____ C:\Windows\WindowsUpdate.log
2013-08-23 18:58 - 2012-09-02 13:13 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-23 18:56 - 2012-04-01 22:12 - 00000000 ___RD C:\Users\BK\Dropbox
2013-08-23 18:56 - 2012-04-01 22:08 - 00000000 ____D C:\Users\BK\AppData\Roaming\Dropbox
2013-08-23 18:53 - 2012-09-02 13:13 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-23 18:53 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 18:53 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 18:53 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 18:52 - 2012-10-10 22:56 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-08-23 18:52 - 2006-11-02 17:42 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-23 18:51 - 2012-08-09 22:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-23 18:50 - 2013-08-23 18:49 - 00000000 ____D C:\AdwCleaner
2013-08-23 18:48 - 2013-08-23 18:48 - 00975858 _____ C:\Users\BK\Desktop\adwcleaner.exe
2013-08-23 18:48 - 2012-04-22 03:02 - 00003758 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CFAF3200-B0F5-4291-86E5-6952ABD96C3C}
2013-08-22 23:30 - 2013-08-22 23:30 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\BK\Desktop\tdsskiller.exe
2013-08-22 23:12 - 2013-08-22 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-22 23:12 - 2013-08-22 22:50 - 00000000 ____D C:\Users\BK\Desktop\mbar
2013-08-22 22:49 - 2013-08-22 22:49 - 12081912 _____ (Malwarebytes Corp.) C:\Users\BK\Desktop\mbar-1.06.1.1005.exe
2013-08-22 22:10 - 2013-08-22 22:10 - 00020509 _____ C:\ComboFix.txt
2013-08-22 22:10 - 2013-08-22 21:49 - 00000000 ____D C:\ComboFix
2013-08-22 22:10 - 2013-08-22 21:46 - 00000000 ____D C:\Qoobox
2013-08-22 22:10 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-08-22 22:08 - 2013-08-22 21:45 - 00000000 ____D C:\Windows\erdnt
2013-08-22 22:08 - 2012-04-01 10:35 - 00000000 ___RD C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-22 22:03 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-08-22 22:02 - 2012-08-25 02:15 - 00035012 _____ C:\Windows\PFRO.log
2013-08-22 21:44 - 2013-08-22 21:44 - 05111180 ____R (Swearware) C:\Users\BK\Downloads\ComboFix.exe
2013-08-22 21:08 - 2013-08-22 20:27 - 00021298 _____ C:\Users\BK\Desktop\Addition.txt
2013-08-22 20:24 - 2013-08-22 20:24 - 00000000 ____D C:\FRST
2013-08-22 20:14 - 2013-08-22 20:14 - 00029216 _____ C:\Users\BK\Desktop\AVSCAN-20130819-211258-6EF0211E.LOG
2013-08-22 19:25 - 2013-08-22 19:12 - 00002881 _____ C:\Users\BK\Desktop\sharedaccess.reg
2013-08-22 19:05 - 2013-08-22 19:05 - 02828552 _____ (AVAST Software) C:\Users\BK\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-08-21 00:26 - 2012-10-10 22:42 - 00000000 ____D C:\Users\BK\AppData\Roaming\QuickScan
2013-08-20 23:55 - 2013-08-20 23:47 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-20 23:54 - 2012-08-09 22:39 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 23:53 - 2012-04-01 17:30 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 23:53 - 2012-04-01 17:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 23:45 - 2013-08-20 23:45 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\avgchrome
2013-08-20 23:45 - 2012-04-01 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 23:43 - 2013-08-20 23:43 - 00001142 _____ C:\Users\BK\Desktop\Continue Free Flac to MP3.lnk
2013-08-19 22:40 - 2008-01-21 13:10 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 22:40 - 2008-01-21 13:09 - 00628992 _____ C:\Windows\system32\perfh007.dat
2013-08-19 22:40 - 2008-01-21 13:09 - 00126704 _____ C:\Windows\system32\perfc007.dat
2013-08-19 20:23 - 2013-08-19 20:23 - 00000000 ____D C:\Users\BK\AppData\Roaming\Avira
2013-08-19 20:17 - 2013-08-19 20:17 - 00001903 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-19 20:17 - 2013-08-19 20:16 - 00000000 ____D C:\ProgramData\Avira
2013-08-19 20:16 - 2013-08-19 20:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-19 20:06 - 2013-08-19 20:17 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-19 20:06 - 2013-08-19 20:17 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-19 20:06 - 2013-08-19 20:17 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-18 17:01 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2013-08-18 12:11 - 2013-08-18 12:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 12:08 - 2013-08-18 12:08 - 02092792 _____ C:\Users\BK\Downloads\avira_free_antivirus(1).exe
2013-08-18 12:07 - 2006-11-02 14:35 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-18 11:52 - 2013-08-18 11:52 - 00000000 ____D C:\found.000
2013-08-18 00:59 - 2013-08-18 00:59 - 00000165 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.reg
2013-08-18 00:59 - 2013-08-18 00:59 - 00000070 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.bat
2013-08-18 00:50 - 2012-04-19 22:59 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-18 00:48 - 2012-04-19 22:59 - 00000000 ____D C:\ProgramData\Comodo
2013-08-06 23:50 - 2012-09-16 15:21 - 00006656 _____ C:\Users\BORISK~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-03 12:48 - 2012-04-03 00:08 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\Adobe
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-03 05:05 - 2012-09-02 13:14 - 00002027 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-25 05:54 - 2013-08-18 12:03 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 05:37 - 2013-08-18 12:03 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 05:35 - 2013-08-18 12:03 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 05:31 - 2013-08-18 12:03 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 05:30 - 2013-08-18 12:03 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 05:29 - 2013-08-18 12:03 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-25 05:29 - 2013-08-18 12:03 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-25 05:29 - 2013-08-18 12:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-25 05:27 - 2013-08-18 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 05:27 - 2013-08-18 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-25 05:26 - 2013-08-18 12:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 04:40 - 2013-08-18 12:03 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 04:32 - 2013-08-18 12:03 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 04:30 - 2013-08-18 12:03 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 04:26 - 2013-08-18 12:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 04:26 - 2013-08-18 12:03 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 04:25 - 2013-08-18 12:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-25 04:24 - 2013-08-18 12:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-25 04:24 - 2013-08-18 12:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-25 04:22 - 2013-08-18 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 04:22 - 2013-08-18 12:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 04:22 - 2013-08-18 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
Files to move or delete:
====================
C:\ProgramData\dfitrbruvdigcsdwlpv.bat
C:\ProgramData\dfitrbruvdigcsdwlpv.reg
C:\ProgramData\H6Sq7Tt.reg
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-23 19:00
==================== End Of Log ============================
--- --- --- |
|
23.08.2013, 18:21
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall lässt sich nicht aktivieren Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\dfitrbruvdigcsdwlpv.bat
C:\ProgramData\dfitrbruvdigcsdwlpv.reg
C:\ProgramData\H6Sq7Tt.reg
C:\found.000
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.08.2013, 18:27
| #15 |
| | Windows Firewall lässt sich nicht aktivieren Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2013
Ran by BK at 2013-08-23 19:25:10 Run:1
Running from C:\Users\BK\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\ProgramData\dfitrbruvdigcsdwlpv.bat
C:\ProgramData\dfitrbruvdigcsdwlpv.reg
C:\ProgramData\H6Sq7Tt.reg
C:\found.000
*****************
C:\ProgramData\dfitrbruvdigcsdwlpv.bat => Moved successfully.
C:\ProgramData\dfitrbruvdigcsdwlpv.reg => Moved successfully.
C:\ProgramData\H6Sq7Tt.reg => Moved successfully.
C:\found.000 => Moved successfully.
==== End of Fixlog ====
|
|
Linear-Darstellung
