| |
| |||||||
Log-Analyse und Auswertung: Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\'Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.09.2013, 15:29
| #1 |
 |  Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Guten Tag! Mein Avira Programm meldet seit einiger Zeit folgende Funde: Fund B00/Whistler.DB Masterbootsektor HD0 und Bootsektor 'C:\' Vielen herzlichen dank an euch alle!! Hier die Logfiles von: Avscan/Frst,Addition/Gmer. OTL/Extra sind im Anhang zu finden. AVIRA: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 20. September 2013 12:37
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : marc19
Computername : SAMY
Versionsinformationen:
BUILD.DAT : 13.0.0.4052 55009 Bytes 29.08.2013 17:56:00
AVSCAN.EXE : 13.6.20.2100 639032 Bytes 17.09.2013 20:32:33
AVSCANRC.DLL : 13.6.20.2174 63032 Bytes 17.09.2013 20:32:33
LUKE.DLL : 13.6.20.2174 65080 Bytes 17.09.2013 20:32:50
AVSCPLR.DLL : 13.6.20.2174 92216 Bytes 17.09.2013 20:32:33
AVREG.DLL : 13.6.20.2174 250424 Bytes 17.09.2013 20:32:32
avlode.dll : 13.6.20.2174 497720 Bytes 17.09.2013 20:32:31
avlode.rdf : 13.0.1.42 26846 Bytes 28.08.2013 14:45:07
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:00:13
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 18:47:18
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 18:47:19
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 18:47:21
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 15:50:23
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 09:58:52
VBASE006.VDF : 7.11.98.187 2048 Bytes 29.08.2013 09:58:52
VBASE007.VDF : 7.11.98.188 2048 Bytes 29.08.2013 09:58:52
VBASE008.VDF : 7.11.98.189 2048 Bytes 29.08.2013 09:58:52
VBASE009.VDF : 7.11.98.190 2048 Bytes 29.08.2013 09:58:52
VBASE010.VDF : 7.11.98.191 2048 Bytes 29.08.2013 09:58:52
VBASE011.VDF : 7.11.98.192 2048 Bytes 29.08.2013 09:58:52
VBASE012.VDF : 7.11.98.193 2048 Bytes 29.08.2013 09:58:53
VBASE013.VDF : 7.11.99.52 270848 Bytes 30.08.2013 16:39:24
VBASE014.VDF : 7.11.99.167 210944 Bytes 02.09.2013 16:13:47
VBASE015.VDF : 7.11.100.3 265216 Bytes 03.09.2013 17:16:36
VBASE016.VDF : 7.11.100.95 220160 Bytes 04.09.2013 20:32:19
VBASE017.VDF : 7.11.100.197 143872 Bytes 05.09.2013 20:32:19
VBASE018.VDF : 7.11.101.11 227840 Bytes 06.09.2013 20:32:20
VBASE019.VDF : 7.11.101.79 148480 Bytes 07.09.2013 20:32:20
VBASE020.VDF : 7.11.101.169 305664 Bytes 10.09.2013 20:32:20
VBASE021.VDF : 7.11.102.9 253440 Bytes 12.09.2013 20:32:21
VBASE022.VDF : 7.11.102.151 282624 Bytes 15.09.2013 20:32:21
VBASE023.VDF : 7.11.102.253 316416 Bytes 18.09.2013 08:32:03
VBASE024.VDF : 7.11.102.254 2048 Bytes 18.09.2013 08:32:03
VBASE025.VDF : 7.11.102.255 2048 Bytes 18.09.2013 08:32:03
VBASE026.VDF : 7.11.103.0 2048 Bytes 18.09.2013 08:32:03
VBASE027.VDF : 7.11.103.1 2048 Bytes 18.09.2013 08:32:03
VBASE028.VDF : 7.11.103.2 2048 Bytes 18.09.2013 08:32:03
VBASE029.VDF : 7.11.103.3 2048 Bytes 18.09.2013 08:32:03
VBASE030.VDF : 7.11.103.4 2048 Bytes 18.09.2013 08:32:03
VBASE031.VDF : 7.11.103.46 183296 Bytes 19.09.2013 08:32:03
Engineversion : 8.2.12.120
AEVDF.DLL : 8.1.3.4 102774 Bytes 30.06.2013 18:47:26
AESCRIPT.DLL : 8.1.4.148 516478 Bytes 17.09.2013 20:32:25
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 14:54:32
AESBX.DLL : 8.2.16.26 1245560 Bytes 25.08.2013 15:39:09
AERDL.DLL : 8.2.0.128 688504 Bytes 30.06.2013 18:47:26
AEPACK.DLL : 8.3.2.28 749945 Bytes 17.09.2013 20:32:25
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 11.08.2013 16:46:31
AEHEUR.DLL : 8.1.4.630 6164858 Bytes 17.09.2013 20:32:25
AEHELP.DLL : 8.1.27.6 266617 Bytes 27.08.2013 16:42:00
AEGEN.DLL : 8.1.7.14 446839 Bytes 17.09.2013 20:32:22
AEEXP.DLL : 8.4.1.62 328055 Bytes 17.09.2013 20:32:26
AEEMU.DLL : 8.1.3.2 393587 Bytes 29.11.2012 10:25:29
AECORE.DLL : 8.1.32.0 201081 Bytes 25.08.2013 15:39:07
AEBB.DLL : 8.1.1.4 53619 Bytes 29.11.2012 10:25:29
AVWINLL.DLL : 13.6.20.2174 23608 Bytes 17.09.2013 20:32:17
AVPREF.DLL : 13.6.20.2174 48184 Bytes 17.09.2013 20:32:32
AVREP.DLL : 13.6.20.2174 175672 Bytes 17.09.2013 20:32:32
AVARKT.DLL : 13.6.20.2174 258104 Bytes 17.09.2013 20:32:27
AVEVTLOG.DLL : 13.6.20.2174 165432 Bytes 17.09.2013 20:32:29
SQLITE3.DLL : 3.7.0.1 397704 Bytes 25.01.2013 08:25:19
AVSMTP.DLL : 13.6.20.2174 60472 Bytes 17.09.2013 20:32:33
NETNT.DLL : 13.6.20.2174 13368 Bytes 17.09.2013 20:32:50
RCIMAGE.DLL : 13.6.20.2174 4786744 Bytes 17.09.2013 20:32:17
RCTEXT.DLL : 13.6.20.2174 68152 Bytes 17.09.2013 20:32:17
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Z:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Freitag, 20. September 2013 12:37
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'Z:\'
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD0
[FUND] Enthält Code des Bootsektorvirus BOO/Whistler.DB
[HINWEIS] Der Bootsektor wurde nicht repariert
Bootsektor 'C:\'
[FUND] Enthält Code des Bootsektorvirus BOO/Whistler.DB
[HINWEIS] Der Bootsektor wurde nicht repariert
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf wurde abgebrochen!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_8_800_168.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_8_800_168.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'NisSrv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'YontooDesktop.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgui.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'cledx.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'msseces.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipoint.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'devolonetsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgwdsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsMpEng.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '0' Modul(e) wurden durchsucht
Ende des Suchlaufs: Freitag, 20. September 2013 12:39
Benötigte Zeit: 01:59 Minute(n)
Der Suchlauf wurde abgebrochen!
0 Verzeichnisse wurden überprüft
0 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
0 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
2 Hinweise
29861 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-09-2013 01
Ran by marc19 (administrator) on SAMY on 20-09-2013 12:44:13
Running from C:\Users\marc19\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Team H2O) C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Yontoo LLC) C:\Users\marc19\AppData\Roaming\Yontoo\YontooDesktop.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797488 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [WheelMouse] - C:\ADVANC~1\wh_exec.exe [98304 2007-11-10] ()
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [5115192 2012-07-24] (Logitech Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [H2O] - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [385024 2005-10-23] (Team H2O)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Yontoo Desktop] - C:\Users\marc19\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-04-17] (Yontoo LLC)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
Startup: C:\Users\marc19\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\marc19\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:InPrivate
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - %programfiles%\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={0B0BDEF9-60E7-11E2-A23B-001E8C49054E}
SearchScopes: HKLM - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={0B0BDEF9-60E7-11E2-A23B-001E8C49054E}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={0B0BDEF9-60E7-11E2-A23B-001E8C49054E}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
FireFox:
========
FF ProfilePath: C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default
FF user.js: detected! => C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\user.js
FF NewTab: hxxp://newtab.certified-toolbar.com/nff?si=41460&tid=2938&new=true
FF DefaultSearchEngine: Funmoods
FF SearchEngineOrder.1: Web Search
FF SelectedSearchEngine: Funmoods
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\searchplugins\Funmoods.xml
FF SearchPlugin: C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Funmoods.com - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\ffxtlbr@funmoods.com
FF Extension: Yontoo - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\plugin@yontoo.com
FF Extension: gophoto - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\gophoto@gophoto.it.xpi
FF Extension: hdvc - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\hdvc@hdvc.com.xpi
FF Extension: No Name - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: No Name - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [4f9d98986f6b2@4f9d98986f6b4.info] - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\extensions\4f9d98986f6b2@4f9d98986f6b4.info
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Protector by IB\Firefox
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3648584 2010-09-06] (INCA Internet Co., Ltd.)
S2 Yontoo Desktop Updater; C:\Users\marc19\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-04-17] (Yontoo LLC)
==================== Drivers (Whitelisted) ====================
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-17] (Avira Operations GmbH & Co. KG)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R3 CLEDX; C:\Windows\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-24] (DT Soft Ltd)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [42008 2012-02-07] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsle60a7962; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AE248AD-459B-45B1-97F1-2999AD27B40D}\MpKsle60a7962.sys [40392 2013-09-19] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-06-30] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [6784 2007-01-26] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 fgtdypod; \??\C:\Users\marc19\AppData\Local\Temp\fgtdypod.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-20 12:43 - 2013-09-20 12:43 - 01083549 _____ (Farbar) C:\Users\marc19\Downloads\FRST.exe
2013-09-20 12:41 - 2013-09-20 12:41 - 00000156 _____ C:\Users\marc19\defogger_reenable
2013-09-20 12:38 - 2013-09-20 12:38 - 00000590 _____ C:\Users\marc19\Documents\1Ereignisse.txt
2013-09-20 12:38 - 2013-09-20 12:38 - 00000582 _____ C:\Users\marc19\Desktop\Ereignisse.txt
2013-09-19 10:40 - 2013-09-19 10:40 - 00005025 _____ C:\Windows\setupact.log
2013-09-19 10:40 - 2013-09-19 10:40 - 00000000 _____ C:\Windows\setuperr.log
2013-09-19 10:32 - 2013-09-19 10:33 - 00030773 _____ C:\Users\marc19\Downloads\Addition.txt
2013-09-19 10:31 - 2013-09-19 10:31 - 00000000 ____D C:\FRST
2013-09-19 10:29 - 2013-09-19 10:29 - 00002398 _____ C:\Users\marc19\Documents\cc_20130919_102922.reg
2013-09-19 10:25 - 2013-09-19 10:26 - 00021776 _____ C:\Users\marc19\Documents\cc_20130919_102546.reg
2013-09-19 10:10 - 2013-09-19 10:10 - 00018271 _____ C:\Users\marc19\Desktop\gmer.log
2013-09-19 10:08 - 2013-09-20 12:24 - 00015893 _____ C:\Users\marc19\Desktop\Neues Textdokument (4).txt
2013-09-18 03:06 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-18 03:06 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-18 03:06 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-18 03:06 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-18 03:06 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-18 03:06 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-18 03:06 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-18 03:06 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-18 03:06 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-18 03:06 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-18 03:06 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-18 03:06 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-18 03:06 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-18 03:06 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-18 03:06 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-18 03:06 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-17 23:31 - 2013-09-17 23:31 - 00377856 _____ C:\Users\marc19\Downloads\5mx25drd.exe
2013-09-17 23:26 - 2013-09-17 23:27 - 00602112 _____ (OldTimer Tools) C:\Users\marc19\Downloads\OTL.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\ProgramData\Oracle
2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-17 23:10 - 2013-09-19 10:13 - 00002014 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-09-17 23:10 - 2013-09-19 10:13 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-09-17 23:10 - 2013-09-17 23:10 - 00001999 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-17 23:10 - 2013-09-17 23:10 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-17 23:09 - 2013-09-17 23:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-17 23:07 - 2013-09-17 23:07 - 00913832 _____ (Oracle Corporation) C:\Users\marc19\Downloads\jxpiinstall(1).exe
2013-09-17 22:40 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-17 22:40 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-17 22:40 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-17 22:38 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-17 22:37 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-17 22:37 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-17 22:37 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-17 22:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-02 23:42 - 2013-09-17 23:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-02 22:17 - 2013-09-18 09:23 - 00000000 ___RD C:\Users\marc19\Dropbox
2013-09-02 22:17 - 2013-09-02 22:17 - 00001048 _____ C:\Users\marc19\Desktop\Dropbox.lnk
2013-09-02 22:15 - 2013-09-02 22:15 - 00000000 ____D C:\Users\marc19\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-02 22:14 - 2013-09-19 10:41 - 00000000 ____D C:\Users\marc19\AppData\Roaming\Dropbox
2013-09-02 22:14 - 2013-09-02 22:14 - 32966136 _____ (Dropbox, Inc.) C:\Users\marc19\Downloads\Dropbox 2.0.26.exe
2013-08-26 17:45 - 2013-08-26 17:45 - 00029564 _____ C:\Users\marc19\Desktop\AVSCAN-20130826-170900-874FBE1E.LOG
2013-08-26 17:00 - 2013-08-26 17:00 - 00080384 _____ C:\Users\marc19\Downloads\MBRCheck.exe
==================== One Month Modified Files and Folders =======
2013-09-20 12:43 - 2013-09-20 12:43 - 01083549 _____ (Farbar) C:\Users\marc19\Downloads\FRST.exe
2013-09-20 12:41 - 2013-09-20 12:41 - 00000156 _____ C:\Users\marc19\defogger_reenable
2013-09-20 12:41 - 2013-04-29 19:51 - 00000000 ____D C:\Users\marc19\Desktop\Neuer Ordner
2013-09-20 12:41 - 2009-10-22 13:11 - 00000000 ____D C:\Users\marc19
2013-09-20 12:38 - 2013-09-20 12:38 - 00000590 _____ C:\Users\marc19\Documents\1Ereignisse.txt
2013-09-20 12:38 - 2013-09-20 12:38 - 00000582 _____ C:\Users\marc19\Desktop\Ereignisse.txt
2013-09-20 12:24 - 2013-09-19 10:08 - 00015893 _____ C:\Users\marc19\Desktop\Neues Textdokument (4).txt
2013-09-20 11:58 - 2012-11-03 16:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-20 10:50 - 2009-10-22 13:27 - 01310068 _____ C:\Windows\WindowsUpdate.log
2013-09-19 10:49 - 2009-10-22 13:10 - 00009728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 10:49 - 2009-10-22 13:10 - 00009728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 10:41 - 2013-09-02 22:14 - 00000000 ____D C:\Users\marc19\AppData\Roaming\Dropbox
2013-09-19 10:40 - 2013-09-19 10:40 - 00005025 _____ C:\Windows\setupact.log
2013-09-19 10:40 - 2013-09-19 10:40 - 00000000 _____ C:\Windows\setuperr.log
2013-09-19 10:40 - 2011-12-18 14:06 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-19 10:40 - 2009-09-22 21:15 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-19 10:40 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 10:34 - 2013-05-24 23:42 - 00000000 ____D C:\Users\marc19\AppData\Roaming\DAEMON Tools Lite
2013-09-19 10:33 - 2013-09-19 10:32 - 00030773 _____ C:\Users\marc19\Downloads\Addition.txt
2013-09-19 10:31 - 2013-09-19 10:31 - 00000000 ____D C:\FRST
2013-09-19 10:29 - 2013-09-19 10:29 - 00002398 _____ C:\Users\marc19\Documents\cc_20130919_102922.reg
2013-09-19 10:28 - 2011-09-17 01:46 - 00000000 ____D C:\ProgramData\LogiShrd
2013-09-19 10:28 - 2011-09-17 01:46 - 00000000 ____D C:\Program Files\Logitech
2013-09-19 10:28 - 2011-09-17 01:45 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-09-19 10:26 - 2013-09-19 10:25 - 00021776 _____ C:\Users\marc19\Documents\cc_20130919_102546.reg
2013-09-19 10:26 - 2013-04-24 19:03 - 00000000 ____D C:\Users\marc19\AppData\Roaming\BitTorrent
2013-09-19 10:24 - 2009-11-07 22:37 - 00000000 ____D C:\Windows\Minidump
2013-09-19 10:24 - 2009-10-22 14:05 - 00000000 ____D C:\Windows\Panther
2013-09-19 10:19 - 2011-01-27 18:56 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-19 10:14 - 2013-01-27 19:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-19 10:13 - 2013-09-17 23:10 - 00002014 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-09-19 10:13 - 2013-09-17 23:10 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-09-19 10:10 - 2013-09-19 10:10 - 00018271 _____ C:\Users\marc19\Desktop\gmer.log
2013-09-18 14:39 - 2013-06-30 19:33 - 00000000 ____D C:\Users\marc19\AppData\Roaming\vlc
2013-09-18 13:44 - 2009-10-12 19:28 - 00000000 ____D C:\ProgramData\Adobe
2013-09-18 13:42 - 2009-09-22 20:08 - 00000000 ____D C:\Users\marc19\AppData\Roaming\Adobe
2013-09-18 09:23 - 2013-09-02 22:17 - 00000000 ___RD C:\Users\marc19\Dropbox
2013-09-18 09:22 - 2013-04-24 19:04 - 00000000 ____D C:\Users\marc19\AppData\Roaming\Yontoo
2013-09-18 08:24 - 2013-04-29 19:57 - 00000000 ____D C:\ProgramData\MFAData
2013-09-18 06:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-18 03:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-18 03:27 - 2009-07-14 06:33 - 00415880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-18 03:25 - 2012-06-07 17:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-18 03:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-18 03:09 - 2009-09-22 20:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-18 03:04 - 2013-08-15 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-09-18 03:01 - 2009-11-12 22:25 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-17 23:31 - 2013-09-17 23:31 - 00377856 _____ C:\Users\marc19\Downloads\5mx25drd.exe
2013-09-17 23:27 - 2013-09-17 23:26 - 00602112 _____ (OldTimer Tools) C:\Users\marc19\Downloads\OTL.exe
2013-09-17 23:18 - 2013-06-30 20:00 - 00000224 _____ C:\Users\marc19\Desktop\Neues Textdokument (2).txt
2013-09-17 23:13 - 2013-09-17 23:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\ProgramData\Oracle
2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-17 23:13 - 2013-05-23 18:18 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-17 23:13 - 2011-10-19 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-17 23:13 - 2009-09-22 20:25 - 00000000 ____D C:\Program Files\Java
2013-09-17 23:12 - 2009-10-12 19:22 - 00000000 ____D C:\Users\marc19\AppData\Local\Adobe
2013-09-17 23:10 - 2013-09-17 23:10 - 00001999 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-17 23:10 - 2013-09-17 23:10 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-17 23:10 - 2013-09-17 23:09 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-17 23:09 - 2011-03-20 11:47 - 00000000 ____D C:\Program Files\Adobe
2013-09-17 23:07 - 2013-09-17 23:07 - 00913832 _____ (Oracle Corporation) C:\Users\marc19\Downloads\jxpiinstall(1).exe
2013-09-17 23:03 - 2013-09-02 23:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 22:58 - 2012-11-03 16:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-17 22:58 - 2011-09-24 02:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-17 22:32 - 2013-06-30 20:47 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-17 22:32 - 2013-06-30 20:46 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-17 22:32 - 2013-06-30 20:46 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-02 22:17 - 2013-09-02 22:17 - 00001048 _____ C:\Users\marc19\Desktop\Dropbox.lnk
2013-09-02 22:15 - 2013-09-02 22:15 - 00000000 ____D C:\Users\marc19\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-02 22:14 - 2013-09-02 22:14 - 32966136 _____ (Dropbox, Inc.) C:\Users\marc19\Downloads\Dropbox 2.0.26.exe
2013-08-26 17:45 - 2013-08-26 17:45 - 00029564 _____ C:\Users\marc19\Desktop\AVSCAN-20130826-170900-874FBE1E.LOG
2013-08-26 17:00 - 2013-08-26 17:00 - 00080384 _____ C:\Users\marc19\Downloads\MBRCheck.exe
2013-08-23 18:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2013-08-23 18:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-08-21 19:59 - 2009-10-22 13:35 - 01536340 _____ C:\Windows\system32\PerfStringBackup.INI
Files to move or delete:
====================
C:\ProgramData\5VV3vqp.dat
C:\ProgramData\wq0d8K.dat
Some content of TEMP:
====================
C:\Users\marc19\AppData\Local\Temp\bitool.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-18 05:57
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-09-2013 01 Ran by marc19 at 2013-09-20 12:47:53 Running from C:\Users\marc19\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer (Version: 6.1.2) Adobe AIR (Version: 3.0.0.4080) Adobe Download Manager (Version: 1.6.2.48) Adobe Flash Player 11 ActiveX (Version: 11.8.800.94) Adobe Flash Player 11 Plugin (Version: 11.8.800.168) Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04) Advanced Wheel Mouse 6.0.0.002 Apple Application Support (Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) AVG 2013 (Version: 13.0.3184) AVG 2013 (Version: 13.0.3408) AVG 2013 (Version: 2013.0.3408) Avira Free Antivirus (Version: 13.0.0.4052) Babylon toolbar on IE Bcool (Version: ) Bonjour (Version: 3.0.0.10) CCleaner (Version: 4.03) D3DX10 (Version: 15.4.2368.0902) DAEMON Tools Lite (Version: 4.47.1.0333) devolo dLAN Cockpit (Version: 3.0.0.0) dLAN Cockpit (Version: 3 (23.12.2010)) dLAN Cockpit (Version: 3.23.12) D-Link Wireless N DWA-140 Dropbox (HKCU Version: 2.0.26) HDVidCodec (Version: 2.1 Build 26473) HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7 (Version: 14.0) iTunes (Version: 11.0.4.4) Java 7 Update 40 (Version: 7.0.400) Java Auto Updater (Version: 2.1.9.8) Logitech Gaming Software (Version: 8.35.18) Logitech Gaming Software 8.35 (Version: 8.35.18) Logitech Vid (Version: 1.10.1009) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) McAfee Security Scan Plus (Version: 3.0.318.3) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft IntelliPoint 8.0 (Version: 8.01.249.0) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Security Client (Version: 4.3.0215.0) Microsoft Security Essentials (Version: 4.3.215.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1) Mozilla Maintenance Service (Version: 23.0.1) MSVCRT (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) NavyFIELD EU (DE) (Version: 1.00.0000) Network (Version: 140.0.212.000) NVIDIA 3D Vision Treiber 311.06 (Version: 311.06) NVIDIA CUDA Toolkit v4.0 (32 bit) (Version: 4.00.1500.0000) NVIDIA Display Control Panel (Version: 6.14.12.5896) NVIDIA Grafiktreiber 311.06 (Version: 311.06) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (Version: 9.09.0814) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106) NVIDIA Systemsteuerung 311.06 (Version: 311.06) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) PS_AIO_07_B110_SW_Min (Version: 140.0.142.000) PVSonyDll (Version: 1.00.0001) QuickTime (Version: 7.65.17.80) Scan (Version: 140.0.77.000) Steinberg Cubase SX v3.1.1.944 SUPERAntiSpyware (Version: 5.5.1016) SyncroSoft Emu (Remove only) Syncrosofts Lizenz Kontrolle System Requirements Lab Toolbox (Version: 140.0.424.000) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Vegas Pro 9.0 (Version: 9.0.1147) VLC media player 2.0.7 (Version: 2.0.7) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Media Player Firefox Plugin (Version: 1.0.0.8) WinRAR WinZip 17.5 (Version: 17.5.10480) Yontoo 2.052 (Version: 2.052) ==================== Restore Points ========================= 27-06-2013 15:50:30 Windows Update 30-06-2013 17:00:29 Windows-Sicherung 30-06-2013 18:11:40 Removed Ask Toolbar. 30-06-2013 18:15:30 Windows Update 08-07-2013 08:23:29 Windows Update 08-07-2013 08:23:47 Windows-Sicherung 15-07-2013 16:07:21 Windows-Sicherung 15-07-2013 16:09:35 Windows Update 15-07-2013 17:51:10 Windows Update 19-07-2013 14:59:25 Windows Update 22-07-2013 16:58:55 Windows-Sicherung 22-07-2013 16:59:11 Windows Update 28-07-2013 17:49:39 Windows Update 28-07-2013 17:49:53 Windows-Sicherung 03-08-2013 16:04:54 Windows Update 05-08-2013 09:10:34 Windows-Sicherung 11-08-2013 16:51:34 Windows Update 11-08-2013 17:00:16 Windows-Sicherung 15-08-2013 16:44:05 Windows Update 15-08-2013 17:53:52 Windows Update 18-08-2013 17:00:45 Windows-Sicherung 19-08-2013 15:09:56 Windows Update 23-08-2013 17:01:37 Windows Update 25-08-2013 17:00:29 Windows-Sicherung 27-08-2013 16:47:28 Windows Update 01-09-2013 16:45:27 Windows Update 01-09-2013 17:00:16 Windows-Sicherung 08-09-2013 17:00:35 Windows-Sicherung 17-09-2013 20:28:06 Windows Update 17-09-2013 20:38:37 Windows-Sicherung 17-09-2013 21:12:18 Installed Java 7 Update 40 18-09-2013 01:00:42 Windows Update 19-09-2013 08:11:40 Windows Update 19-09-2013 08:27:10 Removed Logitech Webcam Software. ==================== Hosts content: ========================== 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {26833C55-E381-47A3-B593-727F59CCAEC4} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe Task: {2E799A37-589C-471F-BD39-C9A3C82F18EB} - System32\Tasks\{AF038E99-D5C9-4765-B284-304BE1303302} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.115.259/de/abandoninstall?page=tsMain Task: {40CEC0E8-718D-42E8-AA5F-08D972B50D78} - System32\Tasks\{51F89CF0-0CA6-4D84-ADDF-4E812DFC097A} => C:\Program Files\Skype\Phone\Skype.exe Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs Task: {61C541AA-8649-4649-98EB-9D2BAAD1ED01} - System32\Tasks\{7FAB7193-5922-436A-9D54-F56241CCD636} => C:\Program Files\Steam\Steam.exe Task: {63EAFBE0-7369-4BB2-A28F-B298B9873BA1} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {7C9763C2-475C-455E-AFBB-9BC0690E2CAE} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\system32\schtasks.exe [2010-11-20] (Microsoft Corporation) Task: {7F526DD7-B4FF-4547-B620-EED3A715E571} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8464F5DE-4C6E-4060-BE53-BECB4D53FDC1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {87438240-A754-43B1-83D6-2CDB2FA3DFE0} - System32\Tasks\Funmoods => C:\Users\marc19\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE Task: {8823E81F-199D-423F-93A8-80D57A94FD42} - System32\Tasks\User_Feed_Synchronization-{CF8CB5A9-5680-4DF5-92C0-492D2227D756} => C:\Windows\system32\msfeedssync.exe [2013-05-21] (Microsoft Corporation) Task: {99405C11-62CE-425E-BF5C-5FD63E2EDEFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17] (Adobe Systems Incorporated) Task: {A1E4D9EB-250A-4802-B92C-413CD2FF6205} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation) Task: {A7518415-479C-4E2B-9011-7905C89916BF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation) Task: {D824CB70-85AB-480A-8297-3FC15862BD9A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation) Task: {D8B57A21-4398-4FCD-A12A-7F8067CABDA3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs Task: {ECCE017D-3972-4BF5-B180-502D3B8280CC} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation) Task: {EF222817-AB4C-46BF-8EEE-83DEE7B9ADAD} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MARC19-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation) Task: {F05F37D2-C1D2-427A-854A-8D719D3E6DB0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-10 22:14 - 2013-02-26 00:22 - 12641992 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll 2013-06-05 19:17 - 2013-06-05 19:17 - 00130736 _____ (Dropbox, Inc.) C:\Users\marc19\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll 2011-07-19 02:08 - 2011-07-19 02:08 - 00141696 _____ (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL 2013-05-01 17:50 - 2013-05-01 17:50 - 00012144 ____R (WinZip Computing, S.L.) C:\Program Files\WinZip\wzshlstb.dll 2011-01-31 21:01 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll 2009-07-14 01:32 - 2009-07-14 03:15 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll 2013-04-22 19:45 - 2005-10-23 00:00 - 01347072 _____ (Team H2O) C:\Program Files\Syncrosoft\POS\H2O\emu.dll 2009-11-03 16:51 - 2009-11-03 16:51 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll 2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-08-30 23:05 - 2011-08-30 23:05 - 00073064 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll 2013-04-26 08:58 - 2013-09-19 10:42 - 00013600 _____ () C:\Users\marc19\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll 2013-09-02 23:42 - 2013-09-02 23:43 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2012-10-10 22:14 - 2013-02-26 00:22 - 02505144 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2013-09-17 22:58 - 2013-09-17 22:58 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\TEMP:24051EFF ==================== Faulty Device Manager Devices ============= Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: F:\ Description: USB HS-SM Card Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Sony Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: E:\ Description: USB HS-CF Card Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Sony Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: G:\ Description: USB HS-MS Card Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Sony Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: H:\ Description: USB HS-SD Card Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Sony Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (09/19/2013 10:46:03 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f950f4 Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1106, Zeitstempel: 0x50f950f4 Ausnahmecode: 0x40000015 Fehleroffset: 0x0010333f ID des fehlerhaften Prozesses: 0xce8 Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0 Pfad der fehlerhaften Anwendung: nvtray.exe1 Pfad des fehlerhaften Moduls: nvtray.exe2 Berichtskennung: nvtray.exe3 Error: (09/19/2013 10:42:56 AM) (Source: Windows Search Service) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/19/2013 10:42:56 AM) (Source: Windows Search Service) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/19/2013 10:42:56 AM) (Source: Windows Search Service) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/19/2013 10:42:56 AM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (09/19/2013 10:42:54 AM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/19/2013 10:42:53 AM) (Source: Windows Search Service) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) Error: (09/19/2013 10:42:53 AM) (Source: Windows Search Service) (User: ) Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/19/2013 10:42:53 AM) (Source: Windows Search Service) (User: ) Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/19/2013 10:42:53 AM) (Source: Windows Search Service) (User: ) Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden. Details: 0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800)) System errors: ============= Error: (09/20/2013 10:50:44 AM) (Source: Microsoft Antimalware) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.159.237.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.3.0215.00 Quellpfad: 4.3.0215.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (09/20/2013 10:50:34 AM) (Source: Microsoft Antimalware) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.159.237.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.3.0215.00 Quellpfad: 4.3.0215.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (09/19/2013 10:46:01 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/19/2013 10:46:01 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (09/19/2013 10:44:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (09/19/2013 10:44:32 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (09/19/2013 10:42:56 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/19/2013 10:42:56 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error: (09/19/2013 10:42:44 AM) (Source: DCOM) (User: ) Description: {0002DF01-0000-0000-C000-000000000046} Error: (09/19/2013 10:41:06 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Yontoo Desktop Updater" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-04-28 22:40:56.442 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:40:56.379 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:40:56.301 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:40:56.208 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:40:56.145 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:40:56.083 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:34:06.749 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:34:06.671 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:34:06.608 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-04-28 22:34:06.515 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 3327.12 MB Available physical RAM: 1478.61 MB Total Pagefile: 6652.52 MB Available Pagefile: 4281.74 MB Total Virtual: 2047.88 MB Available Virtual: 1905.37 MB ==================== Drives ================================ Drive c: (OS_Install) (Fixed) (Total:465.76 GB) (Free:283.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive z: (Volume) (Fixed) (Total:1397.26 GB) (Free:1332.13 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 36A52B1B) Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-20 13:35:58
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 rev. 0,00MB
Running: 5mx25drd.exe; Driver: C:\Users\marc19\AppData\Local\Temp\fgtdypod.sys
---- System - GMER 2.1 ----
SSDT 8FB00FBE ZwCreateSection
SSDT 8FB00FC8 ZwRequestWaitReplyPort
SSDT 8FB00FC3 ZwSetContextThread
SSDT 8FB00FCD ZwSetSecurityObject
SSDT 8FB00FD2 ZwSystemDebugControl
SSDT 8FB00F5F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 81E7EA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EB8212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81EBF58C 4 Bytes [BE, 0F, B0, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81EBF8E8 4 Bytes [C8, 0F, B0, 8F] {ENTER 0xb00f, 0x8f}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81EBF92C 4 Bytes [C3, 0F, B0, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 81EBF9A8 4 Bytes [CD, 0F, B0, 8F] {INT 0xf; MOV AL, 0x8f}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 81EBF9FC 4 Bytes [D2, 0F, B0, 8F] {ROR [EDI], CL; MOV AL, 0x8f}
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[668] ntdll.dll!LdrGetProcedureAddress + 26 773922A9 7 Bytes JMP 5CF5F140 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[668] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75F5941E 7 Bytes JMP 5D57FDD2 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[668] kernel32.dll!QueryPerformanceCounter + 13 75F5C425 7 Bytes JMP 5D57FDF5 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[668] kernel32.dll!LoadAppInitDlls + 355 75F5F4E6 7 Bytes JMP 5CF62942 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[668] GDI32.dll!GetViewportOrgEx + 26C 75E9884B 7 Bytes JMP 5D57FD53 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!RegisterMessagePumpHook + 2F1 75A98B9E 7 Bytes JMP 5D67ECBA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!IsDialogMessageW + 340 75AA4444 7 Bytes JMP 5D67EC49 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!GetWindowInfo 75AA4B5E 5 Bytes JMP 5D49C6FD C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1528] USER32.dll!ToUnicodeEx + 71 75AB2223 7 Bytes JMP 5D49CCF3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtCreateFile + 6 7737560E 4 Bytes [28, 58, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtCreateFile + B 77375613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtCreateKey + 6 7737564E 4 Bytes [68, 59, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtCreateKey + B 77375653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtCreateMutant + 6 7737568E 4 Bytes [68, 5A, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtCreateMutant + B 77375693 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtCreateSection + 6 7737572E 4 Bytes [A8, 5A, 24, 00] {TEST AL, 0x5a; AND AL, 0x0}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtCreateSection + B 77375733 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtMapViewOfSection + B 77375C73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenFile + 6 77375D1E 4 Bytes [68, 58, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenFile + B 77375D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenKey + 6 77375D4E 4 Bytes [A8, 59, 24, 00] {TEST AL, 0x59; AND AL, 0x0}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenKey + B 77375D53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenKeyEx + B 77375D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenMutant + 6 77375D9E 4 Bytes [28, 5A, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenMutant + B 77375DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenProcess + 6 77375DCE 4 Bytes [68, 5B, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenProcess + B 77375DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenProcessToken + 6 77375DDE 4 Bytes [A8, 5B, 24, 00] {TEST AL, 0x5b; AND AL, 0x0}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenProcessToken + B 77375DE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenProcessTokenEx + 6 77375DEE 4 Bytes [68, 5C, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenProcessTokenEx + B 77375DF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenSection + B 77375E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenThread + 6 77375E4E 4 Bytes [28, 5B, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenThread + B 77375E53 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenThreadToken + 6 77375E5E 4 Bytes [28, 5C, 24, 00] {SUB [ESP+0x0], BL}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenThreadToken + B 77375E63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenThreadTokenEx + 6 77375E6E 4 Bytes [A8, 5C, 24, 00] {TEST AL, 0x5c; AND AL, 0x0}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtOpenThreadTokenEx + B 77375E73 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtQueryAttributesFile + 6 77375F7E 4 Bytes [A8, 58, 24, 00] {TEST AL, 0x58; AND AL, 0x0}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtQueryAttributesFile + B 77375F83 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtQueryFullAttributesFile + B 77376033 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtSetInformationFile + 6 7737667E 4 Bytes [28, 59, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtSetInformationFile + B 77376683 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtSetInformationThread + B 773766E3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtUnmapViewOfSection + 6 773769FE 4 Bytes [28, 5D, 24, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ntdll.dll!NtUnmapViewOfSection + B 77376A03 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] kernel32.dll!CreateProcessW 75F1204D 5 Bytes JMP 00250030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] kernel32.dll!CreateProcessA 75F12082 5 Bytes JMP 00250070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!ActivateKeyboardLayout 75A98203 5 Bytes JMP 002D04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!ScreenToClient 75A9A506 7 Bytes JMP 002D0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!RegisterClipboardFormatA 75A9C091 5 Bytes JMP 002D02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!RegisterClipboardFormatW 75A9DF8D 5 Bytes JMP 002D02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!SetCursor 75AA3075 5 Bytes JMP 002D0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!MonitorFromWindow 75AA3622 7 Bytes JMP 002D0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!PostMessageW 75AA447B 5 Bytes JMP 002D05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!IsWindowVisible 75AA4D69 7 Bytes JMP 002D06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!GetClientRect 75AA54DD 7 Bytes JMP 002D05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!MapWindowPoints 75AA5CAA 5 Bytes JMP 002D0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!GetParent 75AA6029 7 Bytes JMP 002D06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!EmptyClipboard 75AB290C 5 Bytes JMP 002D0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!SetClipboardData 75AB2962 5 Bytes JMP 002D0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!GetClipboardData 75AB2BA7 5 Bytes JMP 002D0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!GetClipboardFormatNameW 75AB5FD2 5 Bytes JMP 002D0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!SetClipboardViewer 75AB6FF6 5 Bytes JMP 002D04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!GetClipboardFormatNameA 75AB700A 5 Bytes JMP 002D0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!ChangeClipboardChain 75AC147C 5 Bytes JMP 002D0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!GetTopWindow 75AC24D9 7 Bytes JMP 002D0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!CloseClipboard 75AC446C 5 Bytes JMP 002D00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!OpenClipboard 75AC447E 5 Bytes JMP 002D0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!IsClipboardFormatAvailable 75AC44FF 5 Bytes JMP 002D00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!GetClipboardSequenceNumber 75AC4513 5 Bytes JMP 002D0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!GetClipboardOwner 75AC4525 5 Bytes JMP 002D0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!CountClipboardFormats 75AC470A 5 Bytes JMP 002D01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!EnumClipboardFormats 75AC47EC 5 Bytes JMP 002D01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!GetOpenClipboardWindow 75AC480B 5 Bytes JMP 002D03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!SetCursorPos 75ADC1B0 5 Bytes JMP 002D0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!GetClipboardViewer 75AF4AF7 5 Bytes JMP 002D0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] user32.DLL!GetPriorityClipboardFormat 75AF4BF9 5 Bytes JMP 002D03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!DeleteObject 75E95F14 5 Bytes JMP 002E01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SelectObject 75E96640 5 Bytes JMP 002E05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SetTextColor 75E96906 5 Bytes JMP 002E0A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SetBkMode 75E969B1 5 Bytes JMP 002E08F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!DeleteDC 75E96EAA 5 Bytes JMP 002E0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetDeviceCaps 75E96F7F 5 Bytes JMP 002E03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!ExtSelectClipRgn 75E97114 5 Bytes JMP 002E02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SelectClipRgn 75E97242 5 Bytes JMP 002E05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SetStretchBltMode 75E97705 5 Bytes JMP 002E06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetCurrentObject 75E97917 5 Bytes JMP 002E0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetTextMetricsW 75E97B8F 5 Bytes JMP 002E0E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetTextAlign 75E97DAF 5 Bytes JMP 002E0D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!IntersectClipRect 75E97DFE 5 Bytes JMP 002E03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!ExtTextOutW 75E98192 5 Bytes JMP 002E0970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SetTextAlign 75E9828E 5 Bytes JMP 002E09F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetClipBox 75E98525 5 Bytes JMP 002E0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!MoveToEx 75E98C21 5 Bytes JMP 002E0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!StretchDIBits 75E9A53E 5 Bytes JMP 002E0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!RestoreDC 75E9A67B 5 Bytes JMP 002E0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SaveDC 75E9A74B 5 Bytes JMP 002E0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetTextExtentPoint32W 75E9B4B5 5 Bytes JMP 002E0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetTextFaceW 75E9B73A 2 Bytes JMP 002E0D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetTextFaceW + 3 75E9B73D 2 Bytes [44, 8A]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetFontData 75E9BCC4 5 Bytes JMP 002E0C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SetWorldTransform 75E9C90A 5 Bytes JMP 002E06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!CreateDCA 75E9CCA9 5 Bytes JMP 002E00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!CreateDCW 75E9CF79 5 Bytes JMP 002E00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!CreateICW 75E9CFD0 5 Bytes JMP 002E0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetTextMetricsA 75E9D0F2 5 Bytes JMP 002E0DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!Rectangle 75E9F1FF 5 Bytes JMP 002E09B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!LineTo 75E9F59B 5 Bytes JMP 002E0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SetICMMode 75E9FAA4 5 Bytes JMP 002E0DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!ExtTextOutA 75EA03F9 5 Bytes JMP 002E0930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetTextExtentPoint32A 75EA07B0 5 Bytes JMP 002E0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!ExtEscape 75EA2949 5 Bytes JMP 002E02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!Escape 75EA3939 5 Bytes JMP 002E0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetTextFaceA 75EA3E6A 5 Bytes JMP 002E0CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SetPolyFillMode 75EAD851 5 Bytes JMP 002E0B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SetMiterLimit 75EADA0D 5 Bytes JMP 002E0B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!EndPage 75EB00D7 5 Bytes JMP 002E0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!ResetDCW 75EB050D 5 Bytes JMP 002E0AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!GetGlyphOutlineW 75EBC1BA 5 Bytes JMP 002E0CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!CreateScalableFontResourceW 75EBE817 5 Bytes JMP 002E0BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!AddFontResourceW 75EBEC13 5 Bytes JMP 002E0BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!RemoveFontResourceW 75EBF109 5 Bytes JMP 002E0C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!AbortDoc 75EC4C63 5 Bytes JMP 002E0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!EndDoc 75EC50AA 5 Bytes JMP 002E01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!StartPage 75EC5195 5 Bytes JMP 002E0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!StartDocW 75EC5BB0 5 Bytes JMP 002E07F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!BeginPath 75EC635D 5 Bytes JMP 002E0830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!SelectClipPath 75EC63B4 5 Bytes JMP 002E0AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!CloseFigure 75EC640F 5 Bytes JMP 002E0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!EndPath 75EC6466 5 Bytes JMP 002E0A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!StrokePath 75EC6699 5 Bytes JMP 002E07B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!FillPath 75EC6726 5 Bytes JMP 002E0870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!PolylineTo 75EC6B94 5 Bytes JMP 002E04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!PolyBezierTo 75EC6C25 5 Bytes JMP 002E04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] GDI32.dll!PolyDraw 75EC6CD7 5 Bytes JMP 002E08B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ole32.dll!OleSetClipboard 75BC0045 5 Bytes JMP 00300030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ole32.dll!OleIsCurrentClipboard 75BC36B2 5 Bytes JMP 00300070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[5628] ole32.dll!OleGetClipboard 75BEFDCD 5 Bytes JMP 003000B0
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-2 85B040AE
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 85B03F76
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 85B040AE
Device \Driver\atapi \Device\Ide\IdePort0 85B03F76
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 85B040AE
Device \Driver\atapi \Device\Ide\IdePort1 85B03F76
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 85B040AE
Device \Driver\atapi \Device\Ide\IdePort2 85B03F76
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 85B040AE
Device \Driver\atapi \Device\Ide\IdePort3 85B03F76
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 85B040AE
Device \Driver\atapi \Device\Ide\IdePort4 85B03F76
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 85B040AE
Device \Driver\atapi \Device\Ide\IdePort5 85B03F76
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-3 85B040AE
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 85B03F76
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T1L0-7 85B040AE
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-7 85B03F76
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
Device \Driver\Disk \Device\Harddisk0\DR0 85B03A2E
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
Device \Driver\Disk \Device\Harddisk1\DR1 85B03A2E
Device \Driver\Disk \Device\Harddisk2\DR2 85B03A2E
Device \Driver\Disk \Device\Harddisk3\DR3 85B03A2E
Device \Driver\Disk \Device\Harddisk4\DR4 85B03A2E
Device \Driver\Disk \Device\Harddisk5\DR5 85B03A2E
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Trace I/O - GMER 2.1 ----
Trace ntkrnlpa.exe >>UNKNOWN [0x85b03a2e]<< 85b03a2e
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8534c030] 8534c030
Trace \Driver\Disk[0x85347030] -> IRP_MJ_READ -> 0x85b03a2e 85b03a2e
---- Processes - GMER 2.1 ----
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 4812
Process iexplore.exe (*** hidden *** ) 4944
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 5688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{45BFAA0F-EB22-4DBB-BEDA-4E580F324AE6}\Connection@Name isatap.{0A0C3793-F8BF-4768-966A-3A96407406AB}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{45BFAA0F-EB22-4DBB-BEDA-4E580F324AE6}?\Device\{64A0AC33-B721-402F-A34C-0C7A3065D062}?\Device\{EE7A8AC3-209C-4742-946E-3566C16E6D09}?\Device\{E257DDC8-9BB1-40EB-B041-EF86EEB149A3}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{45BFAA0F-EB22-4DBB-BEDA-4E580F324AE6}"?"{64A0AC33-B721-402F-A34C-0C7A3065D062}"?"{EE7A8AC3-209C-4742-946E-3566C16E6D09}"?"{E257DDC8-9BB1-40EB-B041-EF86EEB149A3}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{45BFAA0F-EB22-4DBB-BEDA-4E580F324AE6}?\Device\TCPIP6TUNNEL_{64A0AC33-B721-402F-A34C-0C7A3065D062}?\Device\TCPIP6TUNNEL_{EE7A8AC3-209C-4742-946E-3566C16E6D09}?\Device\TCPIP6TUNNEL_{E257DDC8-9BB1-40EB-B041-EF86EEB149A3}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{45BFAA0F-EB22-4DBB-BEDA-4E580F324AE6}@InterfaceName isatap.{0A0C3793-F8BF-4768-966A-3A96407406AB}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{45BFAA0F-EB22-4DBB-BEDA-4E580F324AE6}@ReusableType 0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 Device \Driver\atapi -> DriverStartIo 85b040ae
Disk \Device\Harddisk0\DR0 unknown MBR code
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- EOF - GMER 2.1 ----
|
|
20.09.2013, 16:10
| #2 |
| /// TB-Ausbilder   | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Hallo,
__________________lass uns mal sehen, was der TDSSKiller dazu meint (noch nichts löschen lassen, nur scannen): Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
21.09.2013, 14:37
| #3 |
| | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Hy!
__________________Danke für die Hilfe!! Suche war erfolgreich, hier das TDSS Log: Code:
ATTFilter 15:29:37.0754 2524 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:29:37.0992 2524 ============================================================
15:29:37.0992 2524 Current date / time: 2013/09/21 15:29:37.0992
15:29:37.0992 2524 SystemInfo:
15:29:37.0992 2524
15:29:37.0992 2524 OS Version: 6.1.7601 ServicePack: 1.0
15:29:37.0992 2524 Product type: Workstation
15:29:37.0992 2524 ComputerName: SAMY
15:29:37.0992 2524 UserName: marc19
15:29:37.0992 2524 Windows directory: C:\Windows
15:29:37.0992 2524 System windows directory: C:\Windows
15:29:37.0992 2524 Processor architecture: Intel x86
15:29:37.0992 2524 Number of processors: 2
15:29:37.0992 2524 Page size: 0x1000
15:29:37.0992 2524 Boot type: Normal boot
15:29:37.0992 2524 ============================================================
15:29:39.0507 2524 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:29:39.0507 2524 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:29:39.0579 2524 ============================================================
15:29:39.0579 2524 \Device\Harddisk0\DR0:
15:29:39.0580 2524 MBR partitions:
15:29:39.0580 2524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
15:29:39.0580 2524 \Device\Harddisk1\DR1:
15:29:39.0580 2524 MBR partitions:
15:29:39.0580 2524 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
15:29:39.0580 2524 ============================================================
15:29:39.0620 2524 C: <-> \Device\Harddisk0\DR0\Partition1
15:29:39.0639 2524 Z: <-> \Device\Harddisk1\DR1\Partition1
15:29:39.0639 2524 ============================================================
15:29:39.0640 2524 Initialize success
15:29:39.0640 2524 ============================================================
15:31:53.0041 5560 ============================================================
15:31:53.0041 5560 Scan started
15:31:53.0041 5560 Mode: Manual; SigCheck; TDLFS;
15:31:53.0041 5560 ============================================================
15:31:56.0644 5560 ================ Scan system memory ========================
15:31:56.0644 5560 System memory - ok
15:31:56.0644 5560 ================ Scan services =============================
15:31:56.0769 5560 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:31:57.0019 5560 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
15:31:57.0019 5560 !SASCORE - detected UnsignedFile.Multi.Generic (1)
15:31:57.0206 5560 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:31:57.0237 5560 1394ohci - ok
15:31:57.0284 5560 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:31:57.0299 5560 ACPI - ok
15:31:57.0315 5560 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:31:57.0346 5560 AcpiPmi - ok
15:31:57.0455 5560 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:31:57.0471 5560 AdobeARMservice - ok
15:31:57.0549 5560 [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:31:57.0565 5560 AdobeFlashPlayerUpdateSvc - ok
15:31:57.0611 5560 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:31:57.0627 5560 adp94xx - ok
15:31:57.0721 5560 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:31:57.0752 5560 adpahci - ok
15:31:57.0767 5560 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:31:57.0783 5560 adpu320 - ok
15:31:57.0814 5560 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:31:57.0845 5560 AeLookupSvc - ok
15:31:57.0892 5560 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
15:31:57.0955 5560 AFD - ok
15:31:57.0986 5560 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
15:31:57.0986 5560 agp440 - ok
15:31:58.0017 5560 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
15:31:58.0017 5560 aic78xx - ok
15:31:58.0033 5560 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:31:58.0079 5560 ALG - ok
15:31:58.0112 5560 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
15:31:58.0127 5560 aliide - ok
15:31:58.0127 5560 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:31:58.0143 5560 amdagp - ok
15:31:58.0158 5560 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
15:31:58.0158 5560 amdide - ok
15:31:58.0190 5560 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:31:58.0205 5560 AmdK8 - ok
15:31:58.0236 5560 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:31:58.0252 5560 AmdPPM - ok
15:31:58.0299 5560 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:31:58.0314 5560 amdsata - ok
15:31:58.0330 5560 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:31:58.0346 5560 amdsbs - ok
15:31:58.0361 5560 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:31:58.0361 5560 amdxata - ok
15:31:58.0470 5560 [ 3EC77A3849350B40D2D9002BA560E554 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:31:58.0470 5560 AntiVirSchedulerService - ok
15:31:58.0517 5560 [ 1D6D44493488923CF6E82339E189EAD6 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:31:58.0517 5560 AntiVirService - ok
15:31:58.0564 5560 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
15:31:58.0595 5560 AppID - ok
15:31:58.0642 5560 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:31:58.0689 5560 AppIDSvc - ok
15:31:58.0720 5560 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
15:31:58.0751 5560 Appinfo - ok
15:31:58.0814 5560 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:31:58.0829 5560 Apple Mobile Device - ok
15:31:58.0876 5560 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
15:31:58.0876 5560 arc - ok
15:31:58.0892 5560 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:31:58.0907 5560 arcsas - ok
15:31:59.0016 5560 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:31:59.0032 5560 aspnet_state - ok
15:31:59.0063 5560 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:31:59.0094 5560 AsyncMac - ok
15:31:59.0157 5560 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
15:31:59.0172 5560 atapi - ok
15:31:59.0219 5560 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:31:59.0250 5560 AudioEndpointBuilder - ok
15:31:59.0266 5560 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:31:59.0282 5560 Audiosrv - ok
15:31:59.0328 5560 [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
15:31:59.0328 5560 AVGIDSHX - ok
15:31:59.0360 5560 [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
15:31:59.0375 5560 Avglogx - ok
15:31:59.0422 5560 [ 40A34E457431625086F7E161E59A0528 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:31:59.0438 5560 avgntflt - ok
15:31:59.0469 5560 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
15:31:59.0469 5560 Avgtdix - ok
15:31:59.0531 5560 [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
15:31:59.0547 5560 avgwd - ok
15:31:59.0578 5560 [ F260F2EE3D21D00BEC0B08068E27BADB ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:31:59.0578 5560 avipbb - ok
15:31:59.0594 5560 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:31:59.0609 5560 avkmgr - ok
15:31:59.0640 5560 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:31:59.0672 5560 AxInstSV - ok
15:31:59.0718 5560 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
15:31:59.0781 5560 b06bdrv - ok
15:31:59.0812 5560 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:31:59.0828 5560 b57nd60x - ok
15:31:59.0874 5560 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:31:59.0921 5560 BDESVC - ok
15:31:59.0937 5560 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:31:59.0984 5560 Beep - ok
15:32:00.0030 5560 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
15:32:00.0077 5560 BFE - ok
15:32:00.0108 5560 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
15:32:00.0155 5560 BITS - ok
15:32:00.0202 5560 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:32:00.0233 5560 blbdrive - ok
15:32:00.0327 5560 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:32:00.0327 5560 Bonjour Service - ok
15:32:00.0358 5560 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:32:00.0389 5560 bowser - ok
15:32:00.0405 5560 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:32:00.0436 5560 BrFiltLo - ok
15:32:00.0467 5560 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:32:00.0483 5560 BrFiltUp - ok
15:32:00.0530 5560 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
15:32:00.0592 5560 Browser - ok
15:32:00.0608 5560 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:32:00.0654 5560 Brserid - ok
15:32:00.0670 5560 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:32:00.0701 5560 BrSerWdm - ok
15:32:00.0701 5560 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:32:00.0732 5560 BrUsbMdm - ok
15:32:00.0779 5560 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:32:00.0795 5560 BrUsbSer - ok
15:32:00.0810 5560 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:32:00.0842 5560 BTHMODEM - ok
15:32:00.0904 5560 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:32:00.0951 5560 bthserv - ok
15:32:00.0982 5560 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:32:01.0013 5560 cdfs - ok
15:32:01.0060 5560 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:32:01.0091 5560 cdrom - ok
15:32:01.0169 5560 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
15:32:01.0200 5560 CertPropSvc - ok
15:32:01.0216 5560 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:32:01.0216 5560 circlass - ok
15:32:01.0263 5560 [ B53F9635457B56DCFFEF750E18AEC6CB ] CLEDX C:\Windows\system32\DRIVERS\cledx.sys
15:32:01.0294 5560 CLEDX ( UnsignedFile.Multi.Generic ) - warning
15:32:01.0294 5560 CLEDX - detected UnsignedFile.Multi.Generic (1)
15:32:01.0310 5560 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:32:01.0325 5560 CLFS - ok
15:32:01.0372 5560 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:32:01.0388 5560 clr_optimization_v2.0.50727_32 - ok
15:32:01.0466 5560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:32:01.0497 5560 clr_optimization_v4.0.30319_32 - ok
15:32:01.0512 5560 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:32:01.0512 5560 CmBatt - ok
15:32:01.0544 5560 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:32:01.0544 5560 cmdide - ok
15:32:01.0590 5560 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
15:32:01.0606 5560 CNG - ok
15:32:01.0622 5560 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:32:01.0637 5560 Compbatt - ok
15:32:01.0668 5560 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:32:01.0684 5560 CompositeBus - ok
15:32:01.0700 5560 COMSysApp - ok
15:32:01.0700 5560 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:32:01.0715 5560 crcdisk - ok
15:32:01.0746 5560 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:32:01.0793 5560 CryptSvc - ok
15:32:01.0840 5560 [ 734BBE7C66E6FD6047A1BD29B9343B30 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
15:32:01.0856 5560 dc3d - ok
15:32:01.0887 5560 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:32:01.0965 5560 DcomLaunch - ok
15:32:01.0996 5560 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:32:02.0027 5560 defragsvc - ok
15:32:02.0277 5560 [ D17845A5385BFCB838CDC532AF5E3E47 ] DevoloNetworkService C:\Program Files\devolo\dlan\devolonetsvc.exe
15:32:02.0620 5560 DevoloNetworkService - ok
15:32:02.0667 5560 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:32:02.0698 5560 DfsC - ok
15:32:02.0776 5560 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:32:02.0823 5560 Dhcp - ok
15:32:02.0854 5560 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:32:02.0901 5560 discache - ok
15:32:02.0948 5560 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:32:02.0948 5560 Disk - ok
15:32:02.0994 5560 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:32:03.0010 5560 Dnscache - ok
15:32:03.0041 5560 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
15:32:03.0072 5560 dot3svc - ok
15:32:03.0119 5560 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
15:32:03.0166 5560 DPS - ok
15:32:03.0197 5560 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:32:03.0228 5560 drmkaud - ok
15:32:03.0275 5560 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:32:03.0275 5560 dtsoftbus01 - ok
15:32:03.0322 5560 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:32:03.0338 5560 DXGKrnl - ok
15:32:03.0384 5560 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:32:03.0431 5560 EapHost - ok
15:32:03.0525 5560 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
15:32:03.0572 5560 ebdrv - ok
15:32:03.0603 5560 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
15:32:03.0650 5560 EFS - ok
15:32:03.0728 5560 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:32:03.0759 5560 ehRecvr - ok
15:32:03.0790 5560 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
15:32:03.0806 5560 ehSched - ok
15:32:03.0852 5560 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:32:03.0868 5560 elxstor - ok
15:32:03.0899 5560 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:32:03.0915 5560 ErrDev - ok
15:32:03.0977 5560 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:32:04.0008 5560 EventSystem - ok
15:32:04.0071 5560 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:32:04.0102 5560 exfat - ok
15:32:04.0149 5560 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:32:04.0180 5560 fastfat - ok
15:32:04.0211 5560 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
15:32:04.0258 5560 Fax - ok
15:32:04.0274 5560 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:32:04.0289 5560 fdc - ok
15:32:04.0320 5560 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:32:04.0352 5560 fdPHost - ok
15:32:04.0367 5560 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:32:04.0398 5560 FDResPub - ok
15:32:04.0430 5560 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:32:04.0430 5560 FileInfo - ok
15:32:04.0445 5560 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:32:04.0476 5560 Filetrace - ok
15:32:04.0508 5560 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:32:04.0539 5560 flpydisk - ok
15:32:04.0570 5560 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:32:04.0570 5560 FltMgr - ok
15:32:04.0632 5560 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
15:32:04.0742 5560 FontCache - ok
15:32:04.0804 5560 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:32:04.0804 5560 FontCache3.0.0.0 - ok
15:32:04.0820 5560 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:32:04.0835 5560 FsDepends - ok
15:32:04.0866 5560 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:32:04.0882 5560 Fs_Rec - ok
15:32:04.0913 5560 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:32:04.0929 5560 fvevol - ok
15:32:04.0960 5560 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:32:04.0960 5560 gagp30kx - ok
15:32:04.0976 5560 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:32:04.0991 5560 GEARAspiWDM - ok
15:32:05.0038 5560 [ FD7E9ABA274DF75E08320420B8E9A1D5 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
15:32:05.0038 5560 getPlusHelper - ok
15:32:05.0085 5560 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
15:32:05.0116 5560 gpsvc - ok
15:32:05.0147 5560 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:32:05.0178 5560 hcw85cir - ok
15:32:05.0272 5560 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:32:05.0288 5560 HdAudAddService - ok
15:32:05.0303 5560 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:32:05.0334 5560 HDAudBus - ok
15:32:05.0366 5560 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:32:05.0397 5560 HidBatt - ok
15:32:05.0412 5560 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:32:05.0444 5560 HidBth - ok
15:32:05.0459 5560 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:32:05.0490 5560 HidIr - ok
15:32:05.0522 5560 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
15:32:05.0568 5560 hidserv - ok
15:32:05.0631 5560 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:32:05.0646 5560 HidUsb - ok
15:32:05.0678 5560 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:32:05.0709 5560 hkmsvc - ok
15:32:05.0756 5560 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:32:05.0787 5560 HomeGroupListener - ok
15:32:05.0818 5560 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:32:05.0865 5560 HomeGroupProvider - ok
15:32:05.0880 5560 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:32:05.0896 5560 HpSAMD - ok
15:32:06.0114 5560 [ 9D23402D305869844BC6004A05CC74BA ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:32:06.0130 5560 HPSLPSVC - ok
15:32:06.0177 5560 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:32:06.0208 5560 HTTP - ok
15:32:06.0224 5560 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:32:06.0239 5560 hwpolicy - ok
15:32:06.0270 5560 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:32:06.0302 5560 i8042prt - ok
15:32:06.0333 5560 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:32:06.0348 5560 iaStorV - ok
15:32:06.0411 5560 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:32:06.0426 5560 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:32:06.0426 5560 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:32:06.0489 5560 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:32:06.0504 5560 idsvc - ok
15:32:06.0551 5560 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:32:06.0567 5560 iirsp - ok
15:32:06.0614 5560 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
15:32:06.0645 5560 IKEEXT - ok
15:32:06.0723 5560 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
15:32:06.0723 5560 intelide - ok
15:32:06.0738 5560 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:32:06.0770 5560 intelppm - ok
15:32:06.0816 5560 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:32:06.0848 5560 IPBusEnum - ok
15:32:06.0879 5560 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:32:06.0910 5560 IpFilterDriver - ok
15:32:06.0941 5560 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:32:07.0004 5560 iphlpsvc - ok
15:32:07.0019 5560 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:32:07.0050 5560 IPMIDRV - ok
15:32:07.0066 5560 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:32:07.0097 5560 IPNAT - ok
15:32:07.0144 5560 [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:32:07.0160 5560 iPod Service - ok
15:32:07.0191 5560 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:32:07.0206 5560 IRENUM - ok
15:32:07.0238 5560 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:32:07.0253 5560 isapnp - ok
15:32:07.0269 5560 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:32:07.0284 5560 iScsiPrt - ok
15:32:07.0316 5560 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:32:07.0316 5560 kbdclass - ok
15:32:07.0331 5560 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:32:07.0362 5560 kbdhid - ok
15:32:07.0378 5560 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
15:32:07.0394 5560 KeyIso - ok
15:32:07.0440 5560 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:32:07.0456 5560 KSecDD - ok
15:32:07.0487 5560 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:32:07.0503 5560 KSecPkg - ok
15:32:07.0534 5560 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:32:07.0565 5560 KtmRm - ok
15:32:07.0659 5560 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
15:32:07.0706 5560 LanmanServer - ok
15:32:07.0737 5560 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:32:07.0768 5560 LanmanWorkstation - ok
15:32:07.0815 5560 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
15:32:07.0830 5560 LGBusEnum - ok
15:32:07.0846 5560 [ 8DC67B636F393DF1B93E5445485427C5 ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
15:32:07.0846 5560 LGSHidFilt - ok
15:32:07.0877 5560 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
15:32:07.0893 5560 LGVirHid - ok
15:32:07.0940 5560 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:32:07.0986 5560 lltdio - ok
15:32:08.0018 5560 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:32:08.0049 5560 lltdsvc - ok
15:32:08.0064 5560 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:32:08.0111 5560 lmhosts - ok
15:32:08.0127 5560 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:32:08.0142 5560 LSI_FC - ok
15:32:08.0142 5560 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:32:08.0158 5560 LSI_SAS - ok
15:32:08.0174 5560 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:32:08.0174 5560 LSI_SAS2 - ok
15:32:08.0189 5560 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:32:08.0205 5560 LSI_SCSI - ok
15:32:08.0236 5560 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:32:08.0252 5560 luafv - ok
15:32:08.0298 5560 [ 37072EC9299E825F4335CC554B6FAC6A ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
15:32:08.0314 5560 LVRS - ok
15:32:08.0673 5560 [ A240E42A7402E927A71B6E8AA4629B13 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
15:32:08.0798 5560 LVUVC - ok
15:32:08.0844 5560 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:32:08.0844 5560 MBAMProtector - ok
15:32:08.0907 5560 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:32:08.0922 5560 MBAMScheduler - ok
15:32:08.0985 5560 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:32:09.0000 5560 MBAMService - ok
15:32:09.0063 5560 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
15:32:09.0078 5560 McComponentHostService - ok
15:32:09.0110 5560 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:32:09.0125 5560 Mcx2Svc - ok
15:32:09.0156 5560 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:32:09.0156 5560 megasas - ok
15:32:09.0203 5560 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:32:09.0203 5560 MegaSR - ok
15:32:09.0266 5560 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:32:09.0281 5560 Microsoft Office Groove Audit Service - ok
15:32:09.0312 5560 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:32:09.0344 5560 MMCSS - ok
15:32:09.0375 5560 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:32:09.0406 5560 Modem - ok
15:32:09.0453 5560 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:32:09.0468 5560 monitor - ok
15:32:09.0500 5560 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:32:09.0515 5560 mouclass - ok
15:32:09.0531 5560 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:32:09.0546 5560 mouhid - ok
15:32:09.0593 5560 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:32:09.0609 5560 mountmgr - ok
15:32:09.0671 5560 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:32:09.0671 5560 MozillaMaintenance - ok
15:32:09.0749 5560 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:32:09.0765 5560 MpFilter - ok
15:32:09.0827 5560 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
15:32:09.0843 5560 mpio - ok
15:32:10.0030 5560 [ 06D4F934E09C359B0EFBFB3146F1D910 ] MpKsl20ee8f84 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7257C41-04BA-4678-8AA5-06679F0F2811}\MpKsl20ee8f84.sys
15:32:10.0030 5560 MpKsl20ee8f84 - ok
15:32:10.0061 5560 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:32:10.0108 5560 mpsdrv - ok
15:32:10.0202 5560 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:32:10.0264 5560 MpsSvc - ok
15:32:10.0280 5560 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:32:10.0311 5560 MRxDAV - ok
15:32:10.0358 5560 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:32:10.0404 5560 mrxsmb - ok
15:32:10.0436 5560 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:32:10.0467 5560 mrxsmb10 - ok
15:32:10.0482 5560 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:32:10.0514 5560 mrxsmb20 - ok
15:32:10.0560 5560 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
15:32:10.0576 5560 msahci - ok
15:32:10.0592 5560 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:32:10.0607 5560 msdsm - ok
15:32:10.0623 5560 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:32:10.0638 5560 MSDTC - ok
15:32:10.0716 5560 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:32:10.0732 5560 Msfs - ok
15:32:10.0748 5560 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:32:10.0779 5560 mshidkmdf - ok
15:32:10.0826 5560 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:32:10.0826 5560 msisadrv - ok
15:32:10.0872 5560 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:32:10.0919 5560 MSiSCSI - ok
15:32:10.0919 5560 msiserver - ok
15:32:10.0950 5560 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:32:10.0966 5560 MSKSSRV - ok
15:32:11.0044 5560 [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:32:11.0060 5560 MsMpSvc - ok
15:32:11.0091 5560 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:32:11.0122 5560 MSPCLOCK - ok
15:32:11.0138 5560 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:32:11.0184 5560 MSPQM - ok
15:32:11.0216 5560 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:32:11.0231 5560 MsRPC - ok
15:32:11.0247 5560 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:32:11.0262 5560 mssmbios - ok
15:32:11.0278 5560 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:32:11.0294 5560 MSTEE - ok
15:32:11.0309 5560 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:32:11.0325 5560 MTConfig - ok
15:32:11.0340 5560 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
15:32:11.0372 5560 MTsensor - ok
15:32:11.0372 5560 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:32:11.0387 5560 Mup - ok
15:32:11.0418 5560 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
15:32:11.0434 5560 napagent - ok
15:32:11.0481 5560 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:32:11.0496 5560 NativeWifiP - ok
15:32:11.0559 5560 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:32:11.0574 5560 NDIS - ok
15:32:11.0590 5560 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:32:11.0606 5560 NdisCap - ok
15:32:11.0637 5560 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:32:11.0684 5560 NdisTapi - ok
15:32:11.0699 5560 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:32:11.0746 5560 Ndisuio - ok
15:32:11.0777 5560 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:32:11.0808 5560 NdisWan - ok
15:32:11.0840 5560 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:32:11.0855 5560 NDProxy - ok
15:32:11.0902 5560 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:32:11.0918 5560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:32:11.0918 5560 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:32:11.0933 5560 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:32:11.0980 5560 NetBIOS - ok
15:32:12.0027 5560 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:32:12.0058 5560 NetBT - ok
15:32:12.0074 5560 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
15:32:12.0089 5560 Netlogon - ok
15:32:12.0136 5560 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:32:12.0183 5560 Netman - ok
15:32:12.0214 5560 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:32:12.0245 5560 netprofm - ok
15:32:12.0292 5560 [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
15:32:12.0339 5560 netr28u - ok
15:32:12.0401 5560 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:32:12.0432 5560 NetTcpPortSharing - ok
15:32:12.0448 5560 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:32:12.0464 5560 nfrd960 - ok
15:32:12.0526 5560 [ C58DB40E4C95BE8EE727BE872BE6383F ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:32:12.0542 5560 NisDrv - ok
15:32:12.0588 5560 [ CF6D9AB044DF22FB6ECCC3907DE9FD7A ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:32:12.0604 5560 NisSrv - ok
15:32:12.0635 5560 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
15:32:12.0666 5560 NlaSvc - ok
15:32:12.0698 5560 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:32:12.0713 5560 Npfs - ok
15:32:12.0760 5560 [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo C:\Windows\system32\drivers\npf_devolo.sys
15:32:12.0869 5560 NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
15:32:12.0869 5560 NPF_devolo - detected UnsignedFile.Multi.Generic (1)
15:32:12.0916 5560 npggsvc - ok
15:32:12.0947 5560 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:32:12.0963 5560 nsi - ok
15:32:12.0978 5560 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:32:13.0010 5560 nsiproxy - ok
15:32:13.0056 5560 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:32:13.0088 5560 Ntfs - ok
15:32:13.0119 5560 [ EF2B9A14EC5DD74ADE3417FAF1B45E16 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
15:32:13.0119 5560 NuidFltr - ok
15:32:13.0134 5560 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:32:13.0150 5560 Null - ok
15:32:13.0649 5560 [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:32:13.0743 5560 nvlddmkm - ok
15:32:13.0790 5560 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:32:13.0790 5560 nvraid - ok
15:32:13.0821 5560 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:32:13.0836 5560 nvstor - ok
15:32:13.0883 5560 [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:32:13.0899 5560 nvsvc - ok
15:32:13.0992 5560 [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:32:14.0024 5560 nvUpdatusService - ok
15:32:14.0070 5560 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:32:14.0070 5560 nv_agp - ok
15:32:14.0133 5560 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:32:14.0148 5560 odserv - ok
15:32:14.0180 5560 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:32:14.0211 5560 ohci1394 - ok
15:32:14.0242 5560 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:32:14.0258 5560 ose - ok
15:32:14.0304 5560 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:32:14.0351 5560 p2pimsvc - ok
15:32:14.0382 5560 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:32:14.0398 5560 p2psvc - ok
15:32:14.0429 5560 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:32:14.0460 5560 Parport - ok
15:32:14.0492 5560 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:32:14.0492 5560 partmgr - ok
15:32:14.0507 5560 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
15:32:14.0538 5560 Parvdm - ok
15:32:14.0554 5560 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:32:14.0570 5560 PcaSvc - ok
15:32:14.0585 5560 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
15:32:14.0601 5560 pci - ok
15:32:14.0632 5560 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
15:32:14.0632 5560 pciide - ok
15:32:14.0663 5560 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:32:14.0679 5560 pcmcia - ok
15:32:14.0694 5560 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:32:14.0710 5560 pcw - ok
15:32:14.0741 5560 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:32:14.0788 5560 PEAUTH - ok
15:32:14.0866 5560 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
15:32:14.0913 5560 pla - ok
15:32:14.0944 5560 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:32:14.0991 5560 PlugPlay - ok
15:32:15.0022 5560 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:32:15.0022 5560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:32:15.0022 5560 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:32:15.0069 5560 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:32:15.0084 5560 PNRPAutoReg - ok
15:32:15.0116 5560 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:32:15.0131 5560 PNRPsvc - ok
15:32:15.0162 5560 [ 420336F91EB745811CF130C80EDE0653 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
15:32:15.0178 5560 Point32 - ok
15:32:15.0209 5560 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:32:15.0240 5560 PolicyAgent - ok
15:32:15.0272 5560 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
15:32:15.0303 5560 Power - ok
15:32:15.0334 5560 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:32:15.0350 5560 PptpMiniport - ok
15:32:15.0381 5560 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:32:15.0412 5560 Processor - ok
15:32:15.0459 5560 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
15:32:15.0506 5560 ProfSvc - ok
15:32:15.0521 5560 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:32:15.0521 5560 ProtectedStorage - ok
15:32:15.0568 5560 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:32:15.0615 5560 Psched - ok
15:32:15.0662 5560 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:32:15.0708 5560 ql2300 - ok
15:32:15.0771 5560 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:32:15.0786 5560 ql40xx - ok
15:32:15.0818 5560 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:32:15.0849 5560 QWAVE - ok
15:32:15.0864 5560 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:32:15.0880 5560 QWAVEdrv - ok
15:32:15.0896 5560 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:32:15.0927 5560 RasAcd - ok
15:32:15.0958 5560 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:32:15.0989 5560 RasAgileVpn - ok
15:32:16.0005 5560 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:32:16.0052 5560 RasAuto - ok
15:32:16.0083 5560 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:32:16.0114 5560 Rasl2tp - ok
15:32:16.0161 5560 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
15:32:16.0192 5560 RasMan - ok
15:32:16.0208 5560 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:32:16.0254 5560 RasPppoe - ok
15:32:16.0270 5560 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:32:16.0301 5560 RasSstp - ok
15:32:16.0332 5560 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:32:16.0364 5560 rdbss - ok
15:32:16.0395 5560 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:32:16.0410 5560 rdpbus - ok
15:32:16.0426 5560 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:32:16.0457 5560 RDPCDD - ok
15:32:16.0488 5560 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:32:16.0535 5560 RDPENCDD - ok
15:32:16.0551 5560 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:32:16.0566 5560 RDPREFMP - ok
15:32:16.0691 5560 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:32:16.0738 5560 RdpVideoMiniport - ok
15:32:16.0769 5560 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:32:16.0816 5560 RDPWD - ok
15:32:16.0832 5560 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:32:16.0847 5560 rdyboost - ok
15:32:16.0878 5560 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:32:16.0894 5560 RemoteAccess - ok
15:32:16.0925 5560 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:32:16.0956 5560 RemoteRegistry - ok
15:32:16.0988 5560 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:32:17.0019 5560 RpcEptMapper - ok
15:32:17.0050 5560 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:32:17.0050 5560 RpcLocator - ok
15:32:17.0066 5560 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
15:32:17.0097 5560 RpcSs - ok
15:32:17.0144 5560 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:32:17.0190 5560 rspndr - ok
15:32:17.0206 5560 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
15:32:17.0206 5560 SamSs - ok
15:32:17.0300 5560 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:32:17.0315 5560 SASDIFSV - ok
15:32:17.0346 5560 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:32:17.0362 5560 SASKUTIL - ok
15:32:17.0409 5560 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:32:17.0409 5560 sbp2port - ok
15:32:17.0440 5560 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:32:17.0471 5560 SCardSvr - ok
15:32:17.0502 5560 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:32:17.0518 5560 scfilter - ok
15:32:17.0565 5560 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
15:32:17.0658 5560 Schedule - ok
15:32:17.0690 5560 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:32:17.0705 5560 SCPolicySvc - ok
15:32:17.0736 5560 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:32:17.0768 5560 SDRSVC - ok
15:32:17.0814 5560 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:32:17.0830 5560 secdrv - ok
15:32:17.0861 5560 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:32:17.0892 5560 seclogon - ok
15:32:17.0939 5560 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
15:32:17.0955 5560 SENS - ok
15:32:17.0986 5560 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:32:18.0017 5560 SensrSvc - ok
15:32:18.0048 5560 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:32:18.0080 5560 Serenum - ok
15:32:18.0111 5560 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:32:18.0142 5560 Serial - ok
15:32:18.0173 5560 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:32:18.0189 5560 sermouse - ok
15:32:18.0220 5560 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
15:32:18.0236 5560 SessionEnv - ok
15:32:18.0267 5560 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:32:18.0314 5560 sffdisk - ok
15:32:18.0314 5560 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:32:18.0345 5560 sffp_mmc - ok
15:32:18.0360 5560 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:32:18.0376 5560 sffp_sd - ok
15:32:18.0392 5560 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:32:18.0423 5560 sfloppy - ok
15:32:18.0470 5560 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:32:18.0501 5560 SharedAccess - ok
15:32:18.0532 5560 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:32:18.0579 5560 ShellHWDetection - ok
15:32:18.0641 5560 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:32:18.0657 5560 sisagp - ok
15:32:18.0688 5560 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:32:18.0688 5560 SiSRaid2 - ok
15:32:18.0704 5560 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:32:18.0719 5560 SiSRaid4 - ok
15:32:18.0735 5560 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:32:18.0750 5560 Smb - ok
15:32:18.0797 5560 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:32:18.0813 5560 SNMPTRAP - ok
15:32:18.0813 5560 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:32:18.0828 5560 spldr - ok
15:32:18.0860 5560 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
15:32:18.0906 5560 Spooler - ok
15:32:19.0000 5560 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
15:32:19.0062 5560 sppsvc - ok
15:32:19.0094 5560 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:32:19.0125 5560 sppuinotify - ok
15:32:19.0156 5560 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:32:19.0187 5560 srv - ok
15:32:19.0203 5560 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:32:19.0234 5560 srv2 - ok
15:32:19.0250 5560 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:32:19.0265 5560 srvnet - ok
15:32:19.0296 5560 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:32:19.0328 5560 SSDPSRV - ok
15:32:19.0359 5560 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:32:19.0359 5560 ssmdrv - ok
15:32:19.0374 5560 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:32:19.0421 5560 SstpSvc - ok
15:32:19.0499 5560 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:32:19.0499 5560 Stereo Service - ok
15:32:19.0530 5560 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:32:19.0562 5560 stexstor - ok
15:32:19.0608 5560 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
15:32:19.0624 5560 StillCam - ok
15:32:19.0686 5560 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
15:32:19.0718 5560 StiSvc - ok
15:32:19.0749 5560 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
15:32:19.0764 5560 swenum - ok
15:32:19.0827 5560 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:32:19.0858 5560 swprv - ok
15:32:19.0905 5560 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
15:32:19.0936 5560 SysMain - ok
15:32:19.0967 5560 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:32:19.0983 5560 TabletInputService - ok
15:32:20.0014 5560 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
15:32:20.0045 5560 TapiSrv - ok
15:32:20.0061 5560 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:32:20.0092 5560 TBS - ok
15:32:20.0139 5560 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:32:20.0170 5560 Tcpip - ok
15:32:20.0186 5560 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:32:20.0217 5560 TCPIP6 - ok
15:32:20.0248 5560 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:32:20.0264 5560 tcpipreg - ok
15:32:20.0295 5560 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:32:20.0326 5560 TDPIPE - ok
15:32:20.0373 5560 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:32:20.0388 5560 TDTCP - ok
15:32:20.0404 5560 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:32:20.0451 5560 tdx - ok
15:32:20.0466 5560 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:32:20.0466 5560 TermDD - ok
15:32:20.0513 5560 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
15:32:20.0544 5560 TermService - ok
15:32:20.0544 5560 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:32:20.0591 5560 Themes - ok
15:32:20.0591 5560 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:32:20.0607 5560 THREADORDER - ok
15:32:20.0638 5560 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:32:20.0685 5560 TrkWks - ok
15:32:20.0747 5560 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:32:20.0778 5560 TrustedInstaller - ok
15:32:20.0841 5560 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:32:20.0888 5560 tssecsrv - ok
15:32:20.0919 5560 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:32:20.0950 5560 TsUsbFlt - ok
15:32:20.0981 5560 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:32:21.0012 5560 tunnel - ok
15:32:21.0044 5560 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:32:21.0059 5560 uagp35 - ok
15:32:21.0075 5560 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:32:21.0122 5560 udfs - ok
15:32:21.0137 5560 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:32:21.0184 5560 UI0Detect - ok
15:32:21.0215 5560 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:32:21.0231 5560 uliagpkx - ok
15:32:21.0246 5560 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:32:21.0262 5560 umbus - ok
15:32:21.0293 5560 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:32:21.0293 5560 UmPass - ok
15:32:21.0340 5560 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:32:21.0356 5560 upnphost - ok
15:32:21.0387 5560 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
15:32:21.0402 5560 USBAAPL - ok
15:32:21.0434 5560 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:32:21.0465 5560 usbaudio - ok
15:32:21.0496 5560 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:32:21.0543 5560 usbccgp - ok
15:32:21.0574 5560 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:32:21.0605 5560 usbcir - ok
15:32:21.0636 5560 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:32:21.0652 5560 usbehci - ok
15:32:21.0683 5560 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:32:21.0714 5560 usbhub - ok
15:32:21.0746 5560 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:32:21.0777 5560 usbohci - ok
15:32:21.0824 5560 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:32:21.0855 5560 usbprint - ok
15:32:21.0886 5560 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:32:21.0902 5560 USBSTOR - ok
15:32:21.0933 5560 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:32:21.0948 5560 usbuhci - ok
15:32:21.0964 5560 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:32:21.0995 5560 UxSms - ok
15:32:21.0995 5560 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
15:32:22.0011 5560 VaultSvc - ok
15:32:22.0026 5560 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:32:22.0042 5560 vdrvroot - ok
15:32:22.0058 5560 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
15:32:22.0089 5560 vds - ok
15:32:22.0120 5560 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:32:22.0136 5560 vga - ok
15:32:22.0151 5560 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:32:22.0167 5560 VgaSave - ok
15:32:22.0198 5560 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:32:22.0214 5560 vhdmp - ok
15:32:22.0245 5560 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:32:22.0260 5560 viaagp - ok
15:32:22.0276 5560 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
15:32:22.0307 5560 ViaC7 - ok
15:32:22.0338 5560 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
15:32:22.0338 5560 viaide - ok
15:32:22.0370 5560 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:32:22.0370 5560 volmgr - ok
15:32:22.0401 5560 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:32:22.0401 5560 volmgrx - ok
15:32:22.0432 5560 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:32:22.0463 5560 volsnap - ok
15:32:22.0494 5560 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:32:22.0494 5560 vsmraid - ok
15:32:22.0541 5560 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
15:32:22.0572 5560 VSS - ok
15:32:22.0588 5560 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:32:22.0619 5560 vwifibus - ok
15:32:22.0650 5560 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:32:22.0666 5560 vwififlt - ok
15:32:22.0697 5560 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:32:22.0713 5560 vwifimp - ok
15:32:22.0744 5560 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:32:22.0775 5560 W32Time - ok
15:32:22.0838 5560 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:32:22.0853 5560 WacomPen - ok
15:32:22.0884 5560 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:32:22.0931 5560 WANARP - ok
15:32:22.0931 5560 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:32:22.0947 5560 Wanarpv6 - ok
15:32:23.0040 5560 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:32:23.0072 5560 WatAdminSvc - ok
15:32:23.0103 5560 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
15:32:23.0165 5560 wbengine - ok
15:32:23.0181 5560 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:32:23.0196 5560 WbioSrvc - ok
15:32:23.0228 5560 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:32:23.0259 5560 wcncsvc - ok
15:32:23.0274 5560 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:32:23.0321 5560 WcsPlugInService - ok
15:32:23.0337 5560 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:32:23.0337 5560 Wd - ok
15:32:23.0384 5560 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:32:23.0399 5560 Wdf01000 - ok
15:32:23.0415 5560 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:32:23.0430 5560 WdiServiceHost - ok
15:32:23.0430 5560 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:32:23.0446 5560 WdiSystemHost - ok
15:32:23.0493 5560 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
15:32:23.0524 5560 WebClient - ok
15:32:23.0540 5560 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:32:23.0571 5560 Wecsvc - ok
15:32:23.0586 5560 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:32:23.0664 5560 wercplsupport - ok
15:32:23.0711 5560 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:32:23.0742 5560 WerSvc - ok
15:32:23.0774 5560 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:32:23.0789 5560 WfpLwf - ok
15:32:23.0820 5560 [ 97D0D27A87622154BC90B92D84FD91B5 ] whfltr2k C:\Windows\system32\DRIVERS\whfltr2k.sys
15:32:23.0852 5560 whfltr2k - ok
15:32:23.0852 5560 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:32:23.0867 5560 WIMMount - ok
15:32:23.0945 5560 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:32:24.0008 5560 WinDefend - ok
15:32:24.0023 5560 WinHttpAutoProxySvc - ok
15:32:24.0086 5560 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:32:24.0117 5560 Winmgmt - ok
15:32:24.0164 5560 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
15:32:24.0210 5560 WinRM - ok
15:32:24.0273 5560 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:32:24.0304 5560 WinUsb - ok
15:32:24.0335 5560 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:32:24.0366 5560 Wlansvc - ok
15:32:24.0444 5560 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:32:24.0476 5560 wlidsvc - ok
15:32:24.0507 5560 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:32:24.0522 5560 WmiAcpi - ok
15:32:24.0569 5560 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:32:24.0600 5560 wmiApSrv - ok
15:32:24.0694 5560 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:32:24.0803 5560 WMPNetworkSvc - ok
15:32:24.0819 5560 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:32:24.0866 5560 WPCSvc - ok
15:32:24.0897 5560 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:32:24.0928 5560 WPDBusEnum - ok
15:32:24.0959 5560 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:32:24.0990 5560 ws2ifsl - ok
15:32:25.0006 5560 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
15:32:25.0037 5560 wscsvc - ok
15:32:25.0068 5560 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
15:32:25.0100 5560 WSDPrintDevice - ok
15:32:25.0115 5560 WSearch - ok
15:32:25.0178 5560 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:32:25.0209 5560 wuauserv - ok
15:32:25.0240 5560 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:32:25.0256 5560 WudfPf - ok
15:32:25.0287 5560 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:32:25.0287 5560 WUDFRd - ok
15:32:25.0318 5560 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:32:25.0334 5560 wudfsvc - ok
15:32:25.0381 5560 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:32:25.0427 5560 WwanSvc - ok
15:32:25.0490 5560 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
15:32:25.0521 5560 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
15:32:25.0521 5560 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
15:32:25.0568 5560 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
15:32:25.0599 5560 yukonw7 - ok
15:32:25.0615 5560 ================ Scan global ===============================
15:32:25.0646 5560 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:32:25.0708 5560 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
15:32:25.0708 5560 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
15:32:25.0739 5560 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:32:25.0786 5560 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:32:25.0786 5560 [Global] - ok
15:32:25.0786 5560 ================ Scan MBR ==================================
15:32:25.0786 5560 [ 3DFBD33517922022AAB2367021B4BBEC ] \Device\Harddisk0\DR0
15:32:25.0786 5560 Suspicious mbr (Forged): \Device\Harddisk0\DR0
15:32:25.0817 5560 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
15:32:25.0817 5560 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
15:32:26.0067 5560 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:32:26.0145 5560 \Device\Harddisk1\DR1 - ok
15:32:26.0145 5560 ================ Scan VBR ==================================
15:32:26.0145 5560 [ 176CCCED258793EB0515A1556FCF4D4E ] \Device\Harddisk0\DR0\Partition1
15:32:26.0145 5560 \Device\Harddisk0\DR0\Partition1 - ok
15:32:26.0161 5560 [ 99DB586DE5E460111791F5A3EA547FCD ] \Device\Harddisk1\DR1\Partition1
15:32:26.0161 5560 \Device\Harddisk1\DR1\Partition1 - ok
15:32:26.0161 5560 ============================================================
15:32:26.0161 5560 Scan finished
15:32:26.0161 5560 ============================================================
15:32:26.0161 5372 Detected object count: 8
15:32:26.0161 5372 Actual detected object count: 8
15:33:52.0245 5372 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:52.0245 5372 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:52.0245 5372 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:52.0245 5372 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:52.0245 5372 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:52.0245 5372 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:52.0245 5372 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:52.0245 5372 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:52.0245 5372 NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:52.0245 5372 NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:52.0245 5372 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:52.0245 5372 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:52.0245 5372 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
15:33:52.0245 5372 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:33:52.0245 5372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user
15:33:52.0245 5372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
|
|
21.09.2013, 15:21
| #4 |
| /// TB-Ausbilder | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Ok, dann: Starte bitte TDSSkiller.exe. Vista und Win7 User mit Rechtsklick "als Administrator ausführen".
__________________ cheers, Leo |
|
22.09.2013, 16:36
| #5 |
| | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Ok, gemacht! Avira hat nach dem Reboot nicht mehr gemeckert!  Hier das Logfile: Code:
ATTFilter 17:28:16.0038 2348 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:28:16.0724 2348 ============================================================
17:28:16.0724 2348 Current date / time: 2013/09/22 17:28:16.0724
17:28:16.0724 2348 SystemInfo:
17:28:16.0724 2348
17:28:16.0724 2348 OS Version: 6.1.7601 ServicePack: 1.0
17:28:16.0724 2348 Product type: Workstation
17:28:16.0724 2348 ComputerName: SAMY
17:28:16.0724 2348 UserName: marc19
17:28:16.0724 2348 Windows directory: C:\Windows
17:28:16.0724 2348 System windows directory: C:\Windows
17:28:16.0724 2348 Processor architecture: Intel x86
17:28:16.0724 2348 Number of processors: 2
17:28:16.0724 2348 Page size: 0x1000
17:28:16.0724 2348 Boot type: Normal boot
17:28:16.0724 2348 ============================================================
17:28:40.0990 2348 BG loaded
17:28:43.0409 2348 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:28:43.0409 2348 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:28:43.0471 2348 ============================================================
17:28:43.0471 2348 \Device\Harddisk0\DR0:
17:28:43.0487 2348 MBR partitions:
17:28:43.0487 2348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
17:28:43.0487 2348 \Device\Harddisk1\DR1:
17:28:43.0705 2348 MBR partitions:
17:28:43.0705 2348 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
17:28:43.0705 2348 ============================================================
17:28:43.0752 2348 C: <-> \Device\Harddisk0\DR0\Partition1
17:28:43.0783 2348 Z: <-> \Device\Harddisk1\DR1\Partition1
17:28:43.0783 2348 ============================================================
17:28:43.0783 2348 Initialize success
17:28:43.0783 2348 ============================================================
17:29:09.0741 3112 Deinitialize success
|
|
22.09.2013, 16:38
| #6 |
| /// TB-Ausbilder | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Da sieht man zu wenig. Kannst du bitte nochmals ein TDSSKiller-Scanlog machen und posten?
__________________ --> Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' |
|
22.09.2013, 16:51
| #7 |
| | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Sicherlich! Code:
ATTFilter 17:49:10.0439 1696 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:49:10.0616 1696 ============================================================
17:49:10.0616 1696 Current date / time: 2013/09/22 17:49:10.0616
17:49:10.0616 1696 SystemInfo:
17:49:10.0616 1696
17:49:10.0616 1696 OS Version: 6.1.7601 ServicePack: 1.0
17:49:10.0616 1696 Product type: Workstation
17:49:10.0616 1696 ComputerName: SAMY
17:49:10.0616 1696 UserName: marc19
17:49:10.0616 1696 Windows directory: C:\Windows
17:49:10.0616 1696 System windows directory: C:\Windows
17:49:10.0616 1696 Processor architecture: Intel x86
17:49:10.0616 1696 Number of processors: 2
17:49:10.0616 1696 Page size: 0x1000
17:49:10.0616 1696 Boot type: Normal boot
17:49:10.0616 1696 ============================================================
17:49:12.0124 1696 BG loaded
17:49:12.0448 1696 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:49:12.0448 1696 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:49:12.0518 1696 ============================================================
17:49:12.0518 1696 \Device\Harddisk0\DR0:
17:49:12.0518 1696 MBR partitions:
17:49:12.0518 1696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
17:49:12.0518 1696 \Device\Harddisk1\DR1:
17:49:12.0518 1696 MBR partitions:
17:49:12.0518 1696 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
17:49:12.0518 1696 ============================================================
17:49:12.0600 1696 C: <-> \Device\Harddisk0\DR0\Partition1
17:49:12.0600 1696 Z: <-> \Device\Harddisk1\DR1\Partition1
17:49:12.0600 1696 ============================================================
17:49:12.0600 1696 Initialize success
17:49:12.0600 1696 ============================================================
17:49:26.0118 1328 ============================================================
17:49:26.0118 1328 Scan started
17:49:26.0118 1328 Mode: Manual; SigCheck; TDLFS;
17:49:26.0118 1328 ============================================================
17:49:29.0778 1328 ================ Scan system memory ========================
17:49:29.0778 1328 System memory - ok
17:49:29.0778 1328 ================ Scan services =============================
17:49:29.0938 1328 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:49:30.0508 1328 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
17:49:30.0508 1328 !SASCORE - detected UnsignedFile.Multi.Generic (1)
17:49:30.0958 1328 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:49:30.0978 1328 1394ohci - ok
17:49:31.0028 1328 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:49:31.0058 1328 ACPI - ok
17:49:31.0098 1328 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:49:31.0138 1328 AcpiPmi - ok
17:49:31.0268 1328 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:49:31.0278 1328 AdobeARMservice - ok
17:49:31.0418 1328 [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:49:31.0438 1328 AdobeFlashPlayerUpdateSvc - ok
17:49:31.0538 1328 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:49:31.0568 1328 adp94xx - ok
17:49:31.0588 1328 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:49:31.0598 1328 adpahci - ok
17:49:31.0638 1328 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:49:31.0648 1328 adpu320 - ok
17:49:31.0678 1328 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:49:31.0728 1328 AeLookupSvc - ok
17:49:31.0798 1328 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:49:31.0858 1328 AFD - ok
17:49:31.0888 1328 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:49:31.0908 1328 agp440 - ok
17:49:31.0928 1328 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:49:31.0938 1328 aic78xx - ok
17:49:31.0998 1328 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:49:32.0068 1328 ALG - ok
17:49:32.0118 1328 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:49:32.0138 1328 aliide - ok
17:49:32.0158 1328 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:49:32.0178 1328 amdagp - ok
17:49:32.0198 1328 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:49:32.0208 1328 amdide - ok
17:49:32.0248 1328 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:49:32.0288 1328 AmdK8 - ok
17:49:32.0308 1328 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:49:32.0348 1328 AmdPPM - ok
17:49:32.0408 1328 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:49:32.0418 1328 amdsata - ok
17:49:32.0468 1328 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:49:32.0488 1328 amdsbs - ok
17:49:32.0508 1328 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:49:32.0508 1328 amdxata - ok
17:49:32.0688 1328 [ 3EC77A3849350B40D2D9002BA560E554 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:49:32.0698 1328 AntiVirSchedulerService - ok
17:49:32.0758 1328 [ 1D6D44493488923CF6E82339E189EAD6 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:49:32.0768 1328 AntiVirService - ok
17:49:32.0818 1328 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:49:32.0858 1328 AppID - ok
17:49:32.0919 1328 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:49:32.0989 1328 AppIDSvc - ok
17:49:33.0059 1328 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
17:49:33.0149 1328 Appinfo - ok
17:49:33.0239 1328 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:49:33.0249 1328 Apple Mobile Device - ok
17:49:33.0299 1328 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:49:33.0309 1328 arc - ok
17:49:33.0319 1328 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:49:33.0339 1328 arcsas - ok
17:49:33.0469 1328 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:49:33.0479 1328 aspnet_state - ok
17:49:33.0519 1328 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:49:33.0559 1328 AsyncMac - ok
17:49:33.0579 1328 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:49:33.0589 1328 atapi - ok
17:49:33.0729 1328 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:49:33.0779 1328 AudioEndpointBuilder - ok
17:49:33.0939 1328 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:49:33.0969 1328 Audiosrv - ok
17:49:34.0009 1328 [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
17:49:34.0029 1328 AVGIDSHX - ok
17:49:34.0049 1328 [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
17:49:34.0059 1328 Avglogx - ok
17:49:34.0109 1328 [ 40A34E457431625086F7E161E59A0528 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:49:34.0119 1328 avgntflt - ok
17:49:34.0149 1328 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
17:49:34.0159 1328 Avgtdix - ok
17:49:34.0249 1328 [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
17:49:34.0269 1328 avgwd - ok
17:49:34.0309 1328 [ F260F2EE3D21D00BEC0B08068E27BADB ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:49:34.0319 1328 avipbb - ok
17:49:34.0349 1328 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:49:34.0419 1328 avkmgr - ok
17:49:34.0519 1328 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:49:34.0559 1328 AxInstSV - ok
17:49:34.0649 1328 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:49:34.0709 1328 b06bdrv - ok
17:49:34.0729 1328 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:49:34.0759 1328 b57nd60x - ok
17:49:35.0159 1328 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:49:35.0209 1328 BDESVC - ok
17:49:35.0249 1328 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:49:35.0269 1328 Beep - ok
17:49:35.0309 1328 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:49:35.0359 1328 BFE - ok
17:49:35.0419 1328 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
17:49:35.0479 1328 BITS - ok
17:49:35.0489 1328 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:49:35.0519 1328 blbdrive - ok
17:49:35.0679 1328 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:49:35.0699 1328 Bonjour Service - ok
17:49:35.0769 1328 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:49:35.0819 1328 bowser - ok
17:49:35.0849 1328 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:49:35.0899 1328 BrFiltLo - ok
17:49:35.0949 1328 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:49:35.0989 1328 BrFiltUp - ok
17:49:36.0059 1328 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:49:36.0089 1328 Browser - ok
17:49:36.0179 1328 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:49:36.0249 1328 Brserid - ok
17:49:36.0269 1328 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:49:36.0299 1328 BrSerWdm - ok
17:49:36.0369 1328 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:49:36.0399 1328 BrUsbMdm - ok
17:49:36.0429 1328 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:49:36.0469 1328 BrUsbSer - ok
17:49:36.0489 1328 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:49:36.0519 1328 BTHMODEM - ok
17:49:36.0579 1328 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:49:36.0619 1328 bthserv - ok
17:49:36.0699 1328 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:49:36.0739 1328 cdfs - ok
17:49:36.0799 1328 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:49:36.0849 1328 cdrom - ok
17:49:36.0899 1328 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:49:36.0939 1328 CertPropSvc - ok
17:49:36.0959 1328 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:49:36.0979 1328 circlass - ok
17:49:37.0129 1328 [ B53F9635457B56DCFFEF750E18AEC6CB ] CLEDX C:\Windows\system32\DRIVERS\cledx.sys
17:49:37.0149 1328 CLEDX ( UnsignedFile.Multi.Generic ) - warning
17:49:37.0149 1328 CLEDX - detected UnsignedFile.Multi.Generic (1)
17:49:37.0189 1328 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:49:37.0199 1328 CLFS - ok
17:49:37.0249 1328 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:49:37.0259 1328 clr_optimization_v2.0.50727_32 - ok
17:49:37.0359 1328 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:49:37.0369 1328 clr_optimization_v4.0.30319_32 - ok
17:49:37.0379 1328 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:49:37.0389 1328 CmBatt - ok
17:49:37.0409 1328 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:49:37.0419 1328 cmdide - ok
17:49:37.0459 1328 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
17:49:37.0479 1328 CNG - ok
17:49:37.0489 1328 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:49:37.0509 1328 Compbatt - ok
17:49:37.0539 1328 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:49:37.0559 1328 CompositeBus - ok
17:49:37.0579 1328 COMSysApp - ok
17:49:37.0599 1328 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:49:37.0609 1328 crcdisk - ok
17:49:37.0649 1328 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:49:37.0699 1328 CryptSvc - ok
17:49:37.0779 1328 [ 734BBE7C66E6FD6047A1BD29B9343B30 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
17:49:37.0789 1328 dc3d - ok
17:49:37.0849 1328 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:49:37.0889 1328 DcomLaunch - ok
17:49:37.0920 1328 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:49:37.0960 1328 defragsvc - ok
17:49:38.0230 1328 [ D17845A5385BFCB838CDC532AF5E3E47 ] DevoloNetworkService C:\Program Files\devolo\dlan\devolonetsvc.exe
17:49:38.0928 1328 DevoloNetworkService - ok
17:49:38.0981 1328 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:49:39.0036 1328 DfsC - ok
17:49:39.0088 1328 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:49:39.0292 1328 Dhcp - ok
17:49:39.0342 1328 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:49:39.0382 1328 discache - ok
17:49:39.0432 1328 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:49:39.0442 1328 Disk - ok
17:49:39.0482 1328 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:49:39.0492 1328 Dnscache - ok
17:49:39.0532 1328 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:49:39.0572 1328 dot3svc - ok
17:49:39.0602 1328 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:49:39.0632 1328 DPS - ok
17:49:39.0672 1328 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:49:39.0702 1328 drmkaud - ok
17:49:39.0762 1328 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:49:39.0772 1328 dtsoftbus01 - ok
17:49:39.0872 1328 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:49:39.0892 1328 DXGKrnl - ok
17:49:39.0942 1328 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:49:39.0972 1328 EapHost - ok
17:49:40.0082 1328 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:49:40.0132 1328 ebdrv - ok
17:49:40.0164 1328 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:49:40.0204 1328 EFS - ok
17:49:40.0264 1328 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:49:40.0294 1328 ehRecvr - ok
17:49:40.0324 1328 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:49:40.0374 1328 ehSched - ok
17:49:40.0534 1328 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:49:40.0564 1328 elxstor - ok
17:49:40.0604 1328 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:49:40.0624 1328 ErrDev - ok
17:49:40.0694 1328 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:49:40.0764 1328 EventSystem - ok
17:49:40.0784 1328 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:49:40.0846 1328 exfat - ok
17:49:40.0866 1328 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:49:40.0916 1328 fastfat - ok
17:49:40.0976 1328 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:49:41.0016 1328 Fax - ok
17:49:41.0026 1328 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:49:41.0056 1328 fdc - ok
17:49:41.0096 1328 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:49:41.0146 1328 fdPHost - ok
17:49:41.0166 1328 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:49:41.0206 1328 FDResPub - ok
17:49:41.0226 1328 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:49:41.0236 1328 FileInfo - ok
17:49:41.0246 1328 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:49:41.0291 1328 Filetrace - ok
17:49:41.0302 1328 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:49:41.0328 1328 flpydisk - ok
17:49:41.0358 1328 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:49:41.0378 1328 FltMgr - ok
17:49:41.0432 1328 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
17:49:41.0460 1328 FontCache - ok
17:49:41.0550 1328 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:49:41.0570 1328 FontCache3.0.0.0 - ok
17:49:41.0580 1328 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:49:41.0590 1328 FsDepends - ok
17:49:41.0646 1328 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:49:41.0662 1328 Fs_Rec - ok
17:49:41.0732 1328 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:49:41.0742 1328 fvevol - ok
17:49:41.0772 1328 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:49:41.0782 1328 gagp30kx - ok
17:49:41.0832 1328 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:49:41.0842 1328 GEARAspiWDM - ok
17:49:41.0882 1328 [ FD7E9ABA274DF75E08320420B8E9A1D5 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
17:49:41.0892 1328 getPlusHelper - ok
17:49:41.0982 1328 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:49:42.0049 1328 gpsvc - ok
17:49:42.0070 1328 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:49:42.0124 1328 hcw85cir - ok
17:49:42.0184 1328 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:49:42.0407 1328 HdAudAddService - ok
17:49:42.0428 1328 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:49:42.0474 1328 HDAudBus - ok
17:49:42.0504 1328 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:49:42.0699 1328 HidBatt - ok
17:49:42.0721 1328 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:49:42.0976 1328 HidBth - ok
17:49:42.0996 1328 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:49:43.0036 1328 HidIr - ok
17:49:43.0066 1328 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
17:49:43.0116 1328 hidserv - ok
17:49:43.0156 1328 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:49:43.0176 1328 HidUsb - ok
17:49:43.0206 1328 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:49:43.0246 1328 hkmsvc - ok
17:49:43.0276 1328 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:49:43.0316 1328 HomeGroupListener - ok
17:49:43.0336 1328 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:49:43.0366 1328 HomeGroupProvider - ok
17:49:43.0396 1328 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:49:43.0406 1328 HpSAMD - ok
17:49:43.0516 1328 [ 9D23402D305869844BC6004A05CC74BA ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:49:43.0806 1328 HPSLPSVC - ok
17:49:43.0848 1328 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:49:43.0878 1328 HTTP - ok
17:49:43.0910 1328 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:49:43.0930 1328 hwpolicy - ok
17:49:43.0982 1328 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:49:44.0012 1328 i8042prt - ok
17:49:44.0042 1328 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:49:44.0095 1328 iaStorV - ok
17:49:44.0146 1328 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:49:44.0239 1328 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:49:44.0239 1328 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:49:44.0294 1328 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:49:44.0329 1328 idsvc - ok
17:49:44.0366 1328 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:49:44.0376 1328 iirsp - ok
17:49:44.0426 1328 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:49:44.0466 1328 IKEEXT - ok
17:49:44.0496 1328 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:49:44.0506 1328 intelide - ok
17:49:44.0526 1328 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:49:44.0556 1328 intelppm - ok
17:49:44.0596 1328 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:49:44.0646 1328 IPBusEnum - ok
17:49:44.0666 1328 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:49:44.0696 1328 IpFilterDriver - ok
17:49:44.0736 1328 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:49:44.0766 1328 iphlpsvc - ok
17:49:44.0786 1328 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:49:44.0816 1328 IPMIDRV - ok
17:49:44.0836 1328 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:49:44.0866 1328 IPNAT - ok
17:49:44.0926 1328 [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:49:44.0936 1328 iPod Service - ok
17:49:44.0966 1328 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:49:44.0976 1328 IRENUM - ok
17:49:45.0006 1328 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:49:45.0026 1328 isapnp - ok
17:49:45.0046 1328 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:49:45.0066 1328 iScsiPrt - ok
17:49:45.0076 1328 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:49:45.0086 1328 kbdclass - ok
17:49:45.0116 1328 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:49:45.0136 1328 kbdhid - ok
17:49:45.0156 1328 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:49:45.0166 1328 KeyIso - ok
17:49:45.0206 1328 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:49:45.0216 1328 KSecDD - ok
17:49:45.0236 1328 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:49:45.0256 1328 KSecPkg - ok
17:49:45.0286 1328 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:49:45.0326 1328 KtmRm - ok
17:49:45.0346 1328 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
17:49:45.0386 1328 LanmanServer - ok
17:49:45.0416 1328 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:49:45.0446 1328 LanmanWorkstation - ok
17:49:45.0496 1328 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
17:49:45.0506 1328 LGBusEnum - ok
17:49:45.0516 1328 [ 8DC67B636F393DF1B93E5445485427C5 ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
17:49:45.0526 1328 LGSHidFilt - ok
17:49:45.0556 1328 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
17:49:45.0566 1328 LGVirHid - ok
17:49:45.0616 1328 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:49:45.0656 1328 lltdio - ok
17:49:45.0686 1328 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:49:45.0736 1328 lltdsvc - ok
17:49:45.0756 1328 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:49:45.0786 1328 lmhosts - ok
17:49:45.0886 1328 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:49:45.0916 1328 LSI_FC - ok
17:49:45.0936 1328 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:49:45.0956 1328 LSI_SAS - ok
17:49:46.0006 1328 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:49:46.0016 1328 LSI_SAS2 - ok
17:49:46.0036 1328 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:49:46.0066 1328 LSI_SCSI - ok
17:49:46.0086 1328 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:49:46.0106 1328 luafv - ok
17:49:46.0176 1328 [ 37072EC9299E825F4335CC554B6FAC6A ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
17:49:46.0186 1328 LVRS - ok
17:49:46.0446 1328 [ A240E42A7402E927A71B6E8AA4629B13 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
17:49:46.0566 1328 LVUVC - ok
17:49:46.0628 1328 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:49:46.0638 1328 MBAMProtector - ok
17:49:46.0748 1328 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:49:46.0758 1328 MBAMScheduler - ok
17:49:46.0828 1328 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:49:46.0848 1328 MBAMService - ok
17:49:46.0948 1328 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
17:49:46.0968 1328 McComponentHostService - ok
17:49:47.0009 1328 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:49:47.0019 1328 Mcx2Svc - ok
17:49:47.0059 1328 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:49:47.0059 1328 megasas - ok
17:49:47.0089 1328 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:49:47.0099 1328 MegaSR - ok
17:49:47.0179 1328 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:49:47.0189 1328 Microsoft Office Groove Audit Service - ok
17:49:47.0219 1328 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:49:47.0279 1328 MMCSS - ok
17:49:47.0300 1328 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:49:47.0321 1328 Modem - ok
17:49:47.0361 1328 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:49:47.0381 1328 monitor - ok
17:49:47.0411 1328 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:49:47.0421 1328 mouclass - ok
17:49:47.0431 1328 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:49:47.0441 1328 mouhid - ok
17:49:47.0481 1328 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:49:47.0491 1328 mountmgr - ok
17:49:47.0551 1328 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:49:47.0561 1328 MozillaMaintenance - ok
17:49:47.0641 1328 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:49:47.0651 1328 MpFilter - ok
17:49:47.0671 1328 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:49:47.0691 1328 mpio - ok
17:49:47.0701 1328 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:49:47.0741 1328 mpsdrv - ok
17:49:47.0791 1328 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:49:47.0841 1328 MpsSvc - ok
17:49:47.0861 1328 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:49:47.0891 1328 MRxDAV - ok
17:49:47.0931 1328 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:49:47.0981 1328 mrxsmb - ok
17:49:48.0011 1328 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:49:48.0041 1328 mrxsmb10 - ok
17:49:48.0061 1328 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:49:48.0081 1328 mrxsmb20 - ok
17:49:48.0131 1328 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:49:48.0141 1328 msahci - ok
17:49:48.0161 1328 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:49:48.0171 1328 msdsm - ok
17:49:48.0181 1328 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:49:48.0211 1328 MSDTC - ok
17:49:48.0251 1328 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:49:48.0281 1328 Msfs - ok
17:49:48.0291 1328 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:49:48.0331 1328 mshidkmdf - ok
17:49:48.0361 1328 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:49:48.0381 1328 msisadrv - ok
17:49:48.0421 1328 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:49:48.0461 1328 MSiSCSI - ok
17:49:48.0461 1328 msiserver - ok
17:49:48.0501 1328 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:49:48.0511 1328 MSKSSRV - ok
17:49:48.0591 1328 [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:49:48.0601 1328 MsMpSvc - ok
17:49:48.0621 1328 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:49:48.0661 1328 MSPCLOCK - ok
17:49:48.0681 1328 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:49:48.0721 1328 MSPQM - ok
17:49:48.0741 1328 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:49:48.0751 1328 MsRPC - ok
17:49:48.0761 1328 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:49:48.0771 1328 mssmbios - ok
17:49:48.0781 1328 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:49:48.0801 1328 MSTEE - ok
17:49:48.0821 1328 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:49:48.0831 1328 MTConfig - ok
17:49:48.0861 1328 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:49:48.0871 1328 MTsensor - ok
17:49:48.0881 1328 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:49:48.0891 1328 Mup - ok
17:49:48.0921 1328 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:49:48.0951 1328 napagent - ok
17:49:48.0981 1328 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:49:49.0001 1328 NativeWifiP - ok
17:49:49.0091 1328 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:49:49.0111 1328 NDIS - ok
17:49:49.0131 1328 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:49:49.0151 1328 NdisCap - ok
17:49:49.0191 1328 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:49:49.0231 1328 NdisTapi - ok
17:49:49.0261 1328 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:49:49.0301 1328 Ndisuio - ok
17:49:49.0331 1328 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:49:49.0351 1328 NdisWan - ok
17:49:49.0411 1328 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:49:49.0441 1328 NDProxy - ok
17:49:49.0491 1328 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:49:49.0511 1328 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:49:49.0511 1328 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:49:49.0531 1328 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:49:49.0571 1328 NetBIOS - ok
17:49:49.0611 1328 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:49:49.0641 1328 NetBT - ok
17:49:49.0671 1328 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:49:49.0681 1328 Netlogon - ok
17:49:49.0721 1328 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:49:49.0761 1328 Netman - ok
17:49:49.0811 1328 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:49:49.0861 1328 netprofm - ok
17:49:49.0911 1328 [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
17:49:49.0951 1328 netr28u - ok
17:49:49.0981 1328 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:49:49.0981 1328 NetTcpPortSharing - ok
17:49:50.0001 1328 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:49:50.0011 1328 nfrd960 - ok
17:49:50.0071 1328 [ C58DB40E4C95BE8EE727BE872BE6383F ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:49:50.0081 1328 NisDrv - ok
17:49:50.0141 1328 [ CF6D9AB044DF22FB6ECCC3907DE9FD7A ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:49:50.0151 1328 NisSrv - ok
17:49:50.0191 1328 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:49:50.0201 1328 NlaSvc - ok
17:49:50.0221 1328 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:49:50.0241 1328 Npfs - ok
17:49:50.0281 1328 [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo C:\Windows\system32\drivers\npf_devolo.sys
17:49:50.0401 1328 NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
17:49:50.0401 1328 NPF_devolo - detected UnsignedFile.Multi.Generic (1)
17:49:50.0433 1328 npggsvc - ok
17:49:50.0463 1328 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:49:50.0483 1328 nsi - ok
17:49:50.0513 1328 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:49:50.0543 1328 nsiproxy - ok
17:49:50.0613 1328 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:49:50.0643 1328 Ntfs - ok
17:49:50.0663 1328 [ EF2B9A14EC5DD74ADE3417FAF1B45E16 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
17:49:50.0663 1328 NuidFltr - ok
17:49:50.0683 1328 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:49:50.0703 1328 Null - ok
17:49:50.0953 1328 [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:49:51.0103 1328 nvlddmkm - ok
17:49:51.0163 1328 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:49:51.0183 1328 nvraid - ok
17:49:51.0223 1328 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:49:51.0233 1328 nvstor - ok
17:49:51.0283 1328 [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:49:51.0313 1328 nvsvc - ok
17:49:51.0483 1328 [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:49:51.0513 1328 nvUpdatusService - ok
17:49:51.0543 1328 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:49:51.0553 1328 nv_agp - ok
17:49:51.0613 1328 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:49:51.0633 1328 odserv - ok
17:49:51.0673 1328 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:49:51.0693 1328 ohci1394 - ok
17:49:51.0743 1328 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:49:51.0753 1328 ose - ok
17:49:51.0783 1328 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:49:51.0813 1328 p2pimsvc - ok
17:49:51.0843 1328 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:49:51.0863 1328 p2psvc - ok
17:49:51.0893 1328 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:49:51.0923 1328 Parport - ok
17:49:51.0953 1328 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:49:51.0963 1328 partmgr - ok
17:49:51.0983 1328 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:49:52.0003 1328 Parvdm - ok
17:49:52.0023 1328 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:49:52.0033 1328 PcaSvc - ok
17:49:52.0063 1328 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:49:52.0073 1328 pci - ok
17:49:52.0093 1328 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:49:52.0103 1328 pciide - ok
17:49:52.0133 1328 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:49:52.0143 1328 pcmcia - ok
17:49:52.0163 1328 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:49:52.0183 1328 pcw - ok
17:49:52.0263 1328 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:49:52.0293 1328 PEAUTH - ok
17:49:52.0373 1328 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:49:52.0443 1328 pla - ok
17:49:52.0513 1328 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:49:52.0533 1328 PlugPlay - ok
17:49:52.0603 1328 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:49:52.0603 1328 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:49:52.0603 1328 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:49:52.0643 1328 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:49:52.0663 1328 PNRPAutoReg - ok
17:49:52.0693 1328 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:49:52.0703 1328 PNRPsvc - ok
17:49:52.0743 1328 [ 420336F91EB745811CF130C80EDE0653 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
17:49:52.0753 1328 Point32 - ok
17:49:52.0763 1328 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:49:52.0803 1328 PolicyAgent - ok
17:49:52.0833 1328 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:49:52.0853 1328 Power - ok
17:49:52.0923 1328 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:49:52.0943 1328 PptpMiniport - ok
17:49:52.0963 1328 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:49:52.0983 1328 Processor - ok
17:49:53.0033 1328 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:49:53.0073 1328 ProfSvc - ok
17:49:53.0083 1328 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:49:53.0093 1328 ProtectedStorage - ok
17:49:53.0173 1328 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:49:53.0213 1328 Psched - ok
17:49:53.0263 1328 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:49:53.0293 1328 ql2300 - ok
17:49:53.0323 1328 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:49:53.0333 1328 ql40xx - ok
17:49:53.0363 1328 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:49:53.0403 1328 QWAVE - ok
17:49:53.0423 1328 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:49:53.0433 1328 QWAVEdrv - ok
17:49:53.0453 1328 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:49:53.0483 1328 RasAcd - ok
17:49:53.0513 1328 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:49:53.0553 1328 RasAgileVpn - ok
17:49:53.0573 1328 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:49:53.0613 1328 RasAuto - ok
17:49:53.0650 1328 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:49:53.0685 1328 Rasl2tp - ok
17:49:53.0725 1328 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:49:53.0755 1328 RasMan - ok
17:49:53.0775 1328 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:49:53.0815 1328 RasPppoe - ok
17:49:53.0845 1328 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:49:53.0875 1328 RasSstp - ok
17:49:53.0915 1328 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:49:53.0945 1328 rdbss - ok
17:49:53.0965 1328 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:49:53.0985 1328 rdpbus - ok
17:49:54.0005 1328 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:49:54.0035 1328 RDPCDD - ok
17:49:54.0075 1328 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:49:54.0105 1328 RDPENCDD - ok
17:49:54.0135 1328 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:49:54.0175 1328 RDPREFMP - ok
17:49:54.0265 1328 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:49:54.0345 1328 RdpVideoMiniport - ok
17:49:54.0385 1328 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:49:54.0435 1328 RDPWD - ok
17:49:54.0515 1328 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:49:54.0555 1328 rdyboost - ok
17:49:54.0585 1328 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:49:54.0605 1328 RemoteAccess - ok
17:49:54.0637 1328 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:49:54.0677 1328 RemoteRegistry - ok
17:49:54.0707 1328 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:49:54.0737 1328 RpcEptMapper - ok
17:49:54.0757 1328 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:49:54.0787 1328 RpcLocator - ok
17:49:54.0817 1328 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:49:54.0847 1328 RpcSs - ok
17:49:54.0898 1328 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:49:54.0939 1328 rspndr - ok
17:49:54.0949 1328 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:49:54.0959 1328 SamSs - ok
17:49:55.0059 1328 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:49:55.0069 1328 SASDIFSV - ok
17:49:55.0089 1328 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:49:55.0099 1328 SASKUTIL - ok
17:49:55.0129 1328 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:49:55.0139 1328 sbp2port - ok
17:49:55.0169 1328 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:49:55.0189 1328 SCardSvr - ok
17:49:55.0229 1328 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:49:55.0279 1328 scfilter - ok
17:49:55.0369 1328 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:49:55.0429 1328 Schedule - ok
17:49:55.0479 1328 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:49:55.0489 1328 SCPolicySvc - ok
17:49:55.0549 1328 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:49:55.0579 1328 SDRSVC - ok
17:49:55.0629 1328 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:49:55.0659 1328 secdrv - ok
17:49:55.0699 1328 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:49:55.0729 1328 seclogon - ok
17:49:55.0789 1328 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
17:49:55.0829 1328 SENS - ok
17:49:55.0849 1328 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:49:55.0879 1328 SensrSvc - ok
17:49:55.0899 1328 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:49:55.0939 1328 Serenum - ok
17:49:55.0959 1328 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:49:55.0999 1328 Serial - ok
17:49:56.0029 1328 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:49:56.0039 1328 sermouse - ok
17:49:56.0079 1328 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:49:56.0099 1328 SessionEnv - ok
17:49:56.0129 1328 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:49:56.0169 1328 sffdisk - ok
17:49:56.0179 1328 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:49:56.0209 1328 sffp_mmc - ok
17:49:56.0229 1328 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:49:56.0249 1328 sffp_sd - ok
17:49:56.0269 1328 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:49:56.0299 1328 sfloppy - ok
17:49:56.0339 1328 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:49:56.0379 1328 SharedAccess - ok
17:49:56.0419 1328 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:49:56.0459 1328 ShellHWDetection - ok
17:49:56.0479 1328 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:49:56.0489 1328 sisagp - ok
17:49:56.0519 1328 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:49:56.0529 1328 SiSRaid2 - ok
17:49:56.0539 1328 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:49:56.0549 1328 SiSRaid4 - ok
17:49:56.0559 1328 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:49:56.0579 1328 Smb - ok
17:49:56.0629 1328 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:49:56.0639 1328 SNMPTRAP - ok
17:49:56.0649 1328 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:49:56.0659 1328 spldr - ok
17:49:56.0709 1328 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:49:56.0759 1328 Spooler - ok
17:49:56.0899 1328 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:49:56.0959 1328 sppsvc - ok
17:49:57.0019 1328 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:49:57.0059 1328 sppuinotify - ok
17:49:57.0089 1328 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:49:57.0119 1328 srv - ok
17:49:57.0129 1328 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:49:57.0159 1328 srv2 - ok
17:49:57.0189 1328 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:49:57.0199 1328 srvnet - ok
17:49:57.0229 1328 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:49:57.0269 1328 SSDPSRV - ok
17:49:57.0299 1328 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:49:57.0309 1328 ssmdrv - ok
17:49:57.0319 1328 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:49:57.0359 1328 SstpSvc - ok
17:49:57.0449 1328 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:49:57.0479 1328 Stereo Service - ok
17:49:57.0509 1328 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:49:57.0519 1328 stexstor - ok
17:49:57.0569 1328 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:49:57.0599 1328 StillCam - ok
17:49:57.0689 1328 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:49:57.0719 1328 StiSvc - ok
17:49:57.0749 1328 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:49:57.0759 1328 swenum - ok
17:49:57.0779 1328 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:49:57.0799 1328 swprv - ok
17:49:57.0839 1328 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:49:57.0879 1328 SysMain - ok
17:49:57.0899 1328 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:49:57.0919 1328 TabletInputService - ok
17:49:57.0959 1328 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:49:57.0979 1328 TapiSrv - ok
17:49:58.0009 1328 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:49:58.0039 1328 TBS - ok
17:49:58.0119 1328 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:49:58.0159 1328 Tcpip - ok
17:49:58.0199 1328 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:49:58.0229 1328 TCPIP6 - ok
17:49:58.0249 1328 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:49:58.0269 1328 tcpipreg - ok
17:49:58.0299 1328 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:49:58.0339 1328 TDPIPE - ok
17:49:58.0389 1328 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:49:58.0409 1328 TDTCP - ok
17:49:58.0429 1328 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:49:58.0469 1328 tdx - ok
17:49:58.0509 1328 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:49:58.0529 1328 TermDD - ok
17:49:58.0569 1328 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:49:58.0599 1328 TermService - ok
17:49:58.0629 1328 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:49:58.0649 1328 Themes - ok
17:49:58.0659 1328 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:49:58.0679 1328 THREADORDER - ok
17:49:58.0709 1328 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:49:58.0749 1328 TrkWks - ok
17:49:58.0799 1328 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:49:58.0839 1328 TrustedInstaller - ok
17:49:58.0869 1328 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:49:58.0899 1328 tssecsrv - ok
17:49:58.0929 1328 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:49:58.0939 1328 TsUsbFlt - ok
17:49:58.0979 1328 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:49:59.0009 1328 tunnel - ok
17:49:59.0039 1328 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:49:59.0049 1328 uagp35 - ok
17:49:59.0079 1328 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:49:59.0119 1328 udfs - ok
17:49:59.0149 1328 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:49:59.0189 1328 UI0Detect - ok
17:49:59.0229 1328 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:49:59.0239 1328 uliagpkx - ok
17:49:59.0259 1328 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:49:59.0269 1328 umbus - ok
17:49:59.0289 1328 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:49:59.0299 1328 UmPass - ok
17:49:59.0339 1328 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:49:59.0369 1328 upnphost - ok
17:49:59.0399 1328 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
17:49:59.0419 1328 USBAAPL - ok
17:49:59.0449 1328 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:49:59.0469 1328 usbaudio - ok
17:49:59.0509 1328 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:49:59.0559 1328 usbccgp - ok
17:49:59.0569 1328 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:49:59.0599 1328 usbcir - ok
17:49:59.0629 1328 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:49:59.0639 1328 usbehci - ok
17:49:59.0679 1328 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:49:59.0709 1328 usbhub - ok
17:49:59.0729 1328 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:49:59.0749 1328 usbohci - ok
17:49:59.0769 1328 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:49:59.0799 1328 usbprint - ok
17:49:59.0829 1328 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:49:59.0849 1328 USBSTOR - ok
17:49:59.0889 1328 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:49:59.0899 1328 usbuhci - ok
17:49:59.0939 1328 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:49:59.0959 1328 UxSms - ok
17:49:59.0969 1328 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:49:59.0979 1328 VaultSvc - ok
17:49:59.0999 1328 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:50:00.0009 1328 vdrvroot - ok
17:50:00.0039 1328 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:50:00.0069 1328 vds - ok
17:50:00.0099 1328 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:50:00.0119 1328 vga - ok
17:50:00.0139 1328 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:50:00.0169 1328 VgaSave - ok
17:50:00.0209 1328 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:50:00.0229 1328 vhdmp - ok
17:50:00.0279 1328 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:50:00.0289 1328 viaagp - ok
17:50:00.0309 1328 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:50:00.0329 1328 ViaC7 - ok
17:50:00.0359 1328 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:50:00.0369 1328 viaide - ok
17:50:00.0389 1328 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:50:00.0399 1328 volmgr - ok
17:50:00.0409 1328 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:50:00.0419 1328 volmgrx - ok
17:50:00.0459 1328 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:50:00.0469 1328 volsnap - ok
17:50:00.0509 1328 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:50:00.0529 1328 vsmraid - ok
17:50:00.0559 1328 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:50:00.0589 1328 VSS - ok
17:50:00.0599 1328 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:50:00.0609 1328 vwifibus - ok
17:50:00.0639 1328 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:50:00.0669 1328 vwififlt - ok
17:50:00.0689 1328 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:50:00.0699 1328 vwifimp - ok
17:50:00.0749 1328 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:50:00.0779 1328 W32Time - ok
17:50:00.0819 1328 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:50:00.0839 1328 WacomPen - ok
17:50:00.0889 1328 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:50:00.0919 1328 WANARP - ok
17:50:00.0929 1328 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:50:00.0949 1328 Wanarpv6 - ok
17:50:01.0009 1328 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:50:01.0039 1328 WatAdminSvc - ok
17:50:01.0079 1328 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:50:01.0139 1328 wbengine - ok
17:50:01.0149 1328 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:50:01.0159 1328 WbioSrvc - ok
17:50:01.0199 1328 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:50:01.0229 1328 wcncsvc - ok
17:50:01.0249 1328 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:50:01.0349 1328 WcsPlugInService - ok
17:50:01.0359 1328 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:50:01.0369 1328 Wd - ok
17:50:01.0469 1328 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:50:01.0489 1328 Wdf01000 - ok
17:50:01.0519 1328 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:50:01.0529 1328 WdiServiceHost - ok
17:50:01.0529 1328 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:50:01.0539 1328 WdiSystemHost - ok
17:50:01.0579 1328 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:50:01.0609 1328 WebClient - ok
17:50:01.0629 1328 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:50:01.0649 1328 Wecsvc - ok
17:50:01.0669 1328 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:50:01.0719 1328 wercplsupport - ok
17:50:01.0769 1328 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:50:01.0809 1328 WerSvc - ok
17:50:01.0849 1328 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:50:01.0869 1328 WfpLwf - ok
17:50:01.0909 1328 [ 97D0D27A87622154BC90B92D84FD91B5 ] whfltr2k C:\Windows\system32\DRIVERS\whfltr2k.sys
17:50:01.0929 1328 whfltr2k - ok
17:50:01.0939 1328 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:50:01.0949 1328 WIMMount - ok
17:50:02.0020 1328 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:50:02.0080 1328 WinDefend - ok
17:50:02.0100 1328 WinHttpAutoProxySvc - ok
17:50:02.0180 1328 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:50:02.0210 1328 Winmgmt - ok
17:50:02.0340 1328 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:50:02.0390 1328 WinRM - ok
17:50:02.0460 1328 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:50:02.0490 1328 WinUsb - ok
17:50:02.0530 1328 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:50:02.0560 1328 Wlansvc - ok
17:50:02.0630 1328 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:50:02.0660 1328 wlidsvc - ok
17:50:02.0700 1328 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:50:02.0710 1328 WmiAcpi - ok
17:50:02.0750 1328 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:50:02.0770 1328 wmiApSrv - ok
17:50:02.0860 1328 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:50:02.0950 1328 WMPNetworkSvc - ok
17:50:02.0990 1328 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:50:03.0040 1328 WPCSvc - ok
17:50:03.0080 1328 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:50:03.0130 1328 WPDBusEnum - ok
17:50:03.0160 1328 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:50:03.0200 1328 ws2ifsl - ok
17:50:03.0220 1328 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
17:50:03.0250 1328 wscsvc - ok
17:50:03.0290 1328 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
17:50:03.0310 1328 WSDPrintDevice - ok
17:50:03.0330 1328 WSearch - ok
17:50:03.0410 1328 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:50:03.0440 1328 wuauserv - ok
17:50:03.0470 1328 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:50:03.0470 1328 WudfPf - ok
17:50:03.0520 1328 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:50:03.0530 1328 WUDFRd - ok
17:50:03.0580 1328 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:50:03.0610 1328 wudfsvc - ok
17:50:03.0640 1328 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:50:03.0690 1328 WwanSvc - ok
17:50:03.0750 1328 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
17:50:03.0770 1328 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
17:50:03.0770 1328 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
17:50:03.0810 1328 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
17:50:03.0840 1328 yukonw7 - ok
17:50:03.0840 1328 ================ Scan global ===============================
17:50:03.0880 1328 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:50:03.0910 1328 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
17:50:03.0920 1328 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
17:50:03.0950 1328 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:50:03.0970 1328 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:50:03.0970 1328 [Global] - ok
17:50:03.0970 1328 ================ Scan MBR ==================================
17:50:03.0990 1328 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:50:05.0390 1328 \Device\Harddisk0\DR0 - ok
17:50:05.0390 1328 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:50:05.0750 1328 \Device\Harddisk1\DR1 - ok
17:50:05.0750 1328 ================ Scan VBR ==================================
17:50:05.0790 1328 [ 176CCCED258793EB0515A1556FCF4D4E ] \Device\Harddisk0\DR0\Partition1
17:50:05.0790 1328 \Device\Harddisk0\DR0\Partition1 - ok
17:50:05.0790 1328 [ 99DB586DE5E460111791F5A3EA547FCD ] \Device\Harddisk1\DR1\Partition1
17:50:05.0790 1328 \Device\Harddisk1\DR1\Partition1 - ok
17:50:05.0790 1328 ============================================================
17:50:05.0790 1328 Scan finished
17:50:05.0790 1328 ============================================================
17:50:05.0800 4452 Detected object count: 7
17:50:05.0800 4452 Actual detected object count: 7
17:50:22.0571 4452 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:22.0571 4452 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:50:22.0571 4452 CLEDX ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:22.0571 4452 CLEDX ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:50:22.0571 4452 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:22.0571 4452 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:50:22.0571 4452 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:22.0571 4452 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:50:22.0571 4452 NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:22.0571 4452 NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:50:22.0571 4452 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:22.0571 4452 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:50:22.0571 4452 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:22.0571 4452 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.09.2013, 16:56
| #8 |
| /// TB-Ausbilder | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Ok, gut. Da laufen ein bisschen viele Antivirenprogramme auf dem Rechner (Avira, AVG, MSE). Deinstalliere alle bis auf eines. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
22.09.2013, 18:24
| #9 |
| | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Die Viren Programme habe ich Deinstalliert! Combofix erstellt jedoch keine Log Datei. Windows suche und Neustart hat auch nichts gebracht. Hier mal die ADW Log Code:
ATTFilter # AdwCleaner v3.004 - Bericht erstellt am 22/09/2013 um 18:28:41
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : marc19 - SAMY
# Gestartet von : Z:\C\Users\stadelmann\Desktop\Trojaner\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : Yontoo Desktop Updater
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Bcool
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bcool
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Gophoto.it
Ordner Gelöscht : C:\Program Files\HDvidCodec.com
Ordner Gelöscht : C:\Program Files\Movie2KDownloader.com
Ordner Gelöscht : C:\Program Files\Red Sky
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\Users\marc19\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\marc19\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\marc19\AppData\Local\DownTango
Ordner Gelöscht : C:\Users\marc19\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\marc19\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\marc19\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\marc19\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\marc19\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\marc19\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\marc19\AppData\Roaming\Yontoo
Ordner Gelöscht : C:\Users\marc19\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Ordner Gelöscht : C:\Users\marc19\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\jetpack
Ordner Gelöscht : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\ffxtlbr@funmoods.com
Ordner Gelöscht : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\plugin@yontoo.com
Datei Gelöscht : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\gophoto@gophoto.it.xpi
Datei Gelöscht : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\hdvc@hdvc.com.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp
Datei Gelöscht : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\searchplugins\funmoods.xml
Datei Gelöscht : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4f9d98986f6b2@4f9d98986f6b4.info]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mhdfklgebmkhdelndmnpmmmealijpcoa
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Movie2KDownloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Movie2KDownloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_nero-burning-rom_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_nero-burning-rom_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\ProtectedSearch
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskBarDis
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20E7BC40-33F6-4A81-9D52-B58349326206}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\prefs.js ]
Zeile gelöscht : user_pref("DownTango4SToolbar_2938.global.ClearSearchHistoryOnClose", "false");
Zeile gelöscht : user_pref("DownTango4SToolbar_2938.global.CurrentLanguageSelection", "English");
Zeile gelöscht : user_pref("DownTango4SToolbar_2938.global.CurrentNavigationSelection", "Current window");
Zeile gelöscht : user_pref("DownTango4SToolbar_2938.global.CurrentSearchEngineSelection", "US: United States of America");
Zeile gelöscht : user_pref("DownTango4SToolbar_2938.global.DisplayRecentSearches", "true");
Zeile gelöscht : user_pref("DownTango4SToolbar_2938.global.ShowButtonText2", "true");
Zeile gelöscht : user_pref("DownTango4SToolbar_2938.global.setupExtension", "true");
Zeile gelöscht : user_pref("DownTango4SToolbar_2938.global.userEnable", true);
Zeile gelöscht : user_pref("DownTango4SToolbar_2938.global.userID", "b7532474452367422ace489a02e5bef1");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Funmoods");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Funmoods");
Zeile gelöscht : user_pref("extensions.4f9d98986f6b9.scode", "\n(function(){var bdomains={\"premiumreports.info\":1,\"search.babylon.com\":1,\"search.sweetim.com\":1,\"mystart.incredimail.com\":1,\"mystart.incredibar.[...]
Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 24);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.cntry", "CH");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.firstRun", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "FC567FF8918F0FEF3C85F5B20D2F9D7F");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastActv", "24");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 24);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.223:34:34");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 58031449);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Zeile gelöscht : user_pref("extensions.funmoods.aflt", "nv2");
Zeile gelöscht : user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
Zeile gelöscht : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Zeile gelöscht : user_pref("extensions.funmoods.cntry", "CH");
Zeile gelöscht : user_pref("extensions.funmoods.cv", "cv5");
Zeile gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Zeile gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.funmoods.dfltlng", "en");
Zeile gelöscht : user_pref("extensions.funmoods.dfltsrch", true);
Zeile gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Zeile gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Zeile gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Zeile gelöscht : user_pref("extensions.funmoods.hdrMd5", "874592EBB87245ADA0725EF27BA8C2B3");
Zeile gelöscht : user_pref("extensions.funmoods.hmpg", true);
Zeile gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv2&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyEzytDyDyE0Ezy0F0EzytN0D0Tzu0CyEzytDtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=732875162&[...]
Zeile gelöscht : user_pref("extensions.funmoods.hrdid", "001E8C49054E9FE9");
Zeile gelöscht : user_pref("extensions.funmoods.id", "001E8C49054E9FE9");
Zeile gelöscht : user_pref("extensions.funmoods.instlDay", "15829");
Zeile gelöscht : user_pref("extensions.funmoods.instlRef", "");
Zeile gelöscht : user_pref("extensions.funmoods.instlday", "15829");
Zeile gelöscht : user_pref("extensions.funmoods.instlref", "");
Zeile gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", "false");
Zeile gelöscht : user_pref("extensions.funmoods.keywordurl", "");
Zeile gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Zeile gelöscht : user_pref("extensions.funmoods.monitorreport", true);
Zeile gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv2&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyEzytDyDyE0Ezy0F0EzytN0D0Tzu0CyEzytDtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=73287516[...]
Zeile gelöscht : user_pref("extensions.funmoods.newtab", "false");
Zeile gelöscht : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=nv2&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyEzytDyDyE0Ezy0F0EzytN0D0Tzu0CyEzytDtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=73287516[...]
Zeile gelöscht : user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"197\",\"lastVrsn\":\"197\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.prtnrid", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.savedVrsnTs", "1");
Zeile gelöscht : user_pref("extensions.funmoods.sg", "none");
Zeile gelöscht : user_pref("extensions.funmoods.smplgrp", "free");
Zeile gelöscht : user_pref("extensions.funmoods.srch", "");
Zeile gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.srchprvdr", "Funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv2&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyEzytDyDyE0Ezy0F0EzytN0D0Tzu0CyEzytDtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=732875[...]
Zeile gelöscht : user_pref("extensions.funmoods.tlbrid", "base");
Zeile gelöscht : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=nv2&cd=2XzuyEtN2Y1L1QzutDtDtC0Ezz0CyEzytDyDyE0Ezy0F0EzytN0D0Tzu0CyEzytDtN1L2XzutBtFtBtFtCtFyDyByBtN1L1Czu1G2XtB&cr=732875[...]
Zeile gelöscht : user_pref("extensions.funmoods.vrsn", "1.8.11.0");
Zeile gelöscht : user_pref("extensions.funmoods.vrsni", "1.8.11.0");
Zeile gelöscht : user_pref("extensions.funmoods.vrsnts", "");
Zeile gelöscht : user_pref("extensions.funmoods_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.funmoods_i.newTab", false);
Zeile gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.8.11.022:42:54");
Zeile gelöscht : user_pref("extensions.incredibar.admin", false);
Zeile gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.incredibar.cntry", "CH");
Zeile gelöscht : user_pref("extensions.incredibar.dfltLng", "");
Zeile gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Zeile gelöscht : user_pref("extensions.incredibar.did", "10650");
Zeile gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Zeile gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Zeile gelöscht : user_pref("extensions.incredibar.hdrMd5", "95E468728EA7285B886AC428DE6385F4");
Zeile gelöscht : user_pref("extensions.incredibar.hmpg", false);
Zeile gelöscht : user_pref("extensions.incredibar.id", "a0ce9fe9000000000000001e8c49054e");
Zeile gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Zeile gelöscht : user_pref("extensions.incredibar.instlDay", "15460");
Zeile gelöscht : user_pref("extensions.incredibar.instlRef", "");
Zeile gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1414:07:18");
Zeile gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Zeile gelöscht : user_pref("extensions.incredibar.newTab", false);
Zeile gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Zeile gelöscht : user_pref("extensions.incredibar.ppd", "27%5F4");
Zeile gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Zeile gelöscht : user_pref("extensions.incredibar.productid", "26");
Zeile gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Zeile gelöscht : user_pref("extensions.incredibar.sg", "none");
Zeile gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQvXC98R0&loc=IB_TB&i=26&search=");
Zeile gelöscht : user_pref("extensions.incredibar.upn2", "6PQvXC98R0");
Zeile gelöscht : user_pref("extensions.incredibar.upn2n", "92542804044753774");
Zeile gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1414:07:18");
Zeile gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.did", "10650");
Zeile gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Zeile gelöscht : user_pref("extensions.incredibar_i.id", "a0ce9fe9000000000000001e8c49054e");
Zeile gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Zeile gelöscht : user_pref("extensions.incredibar_i.instlDay", "15460");
Zeile gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Zeile gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Zeile gelöscht : user_pref("extensions.incredibar_i.ppd", "27%5F4");
Zeile gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Zeile gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Zeile gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Zeile gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQvXC98R0&loc=IB_TB&i=26&search=");
Zeile gelöscht : user_pref("extensions.incredibar_i.upn2", "6PQvXC98R0");
Zeile gelöscht : user_pref("extensions.incredibar_i.upn2n", "92542804044753774");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1414:07:18");
Zeile gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Zeile gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,brain/default2,easyinline/dock,superfish,superfishgoogleeil,yontooinstalled,yontoonewoffers,dropdowndeals");
Zeile gelöscht : user_pref("extentions.y2layers.installId", "05598b59-fc94-4227-9b42-1258c0444101");
Zeile gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://mystart.incredibar.com/mb139/?loc=ib_ds&search=ko[...]
Zeile gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavi[...]
Zeile gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"h[...]
*************************
AdwCleaner[R0].txt - [29088 octets] - [22/09/2013 18:27:08]
AdwCleaner[S0].txt - [28350 octets] - [22/09/2013 18:28:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28411 octets] ##########
|
|
22.09.2013, 19:45
| #10 |
| /// TB-Ausbilder | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Dann mach mit Schritt 3 (FRST) weiter.
__________________ cheers, Leo |
|
23.09.2013, 16:14
| #11 |
| | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Ok, hier das FRST Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013
Ran by marc19 (administrator) on SAMY on 23-09-2013 17:12:13
Running from C:\Users\marc19\Desktop\Neuer Ordner
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797488 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [WheelMouse] - C:\ADVANC~1\wh_exec.exe [98304 2007-11-10] ()
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [5115192 2012-07-24] (Logitech Inc.)
HKLM\...\Run: [H2O] - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [385024 2005-10-23] (Team H2O)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
Startup: C:\Users\marc19\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\marc19\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:InPrivate
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 62.2.17.61 62.2.24.158 62.2.17.60 62.2.24.162
FireFox:
========
FF ProfilePath: C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default
FF NewTab: hxxp://newtab.certified-toolbar.com/nff?si=41460&tid=2938&new=true
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: No Name - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
FF Extension: No Name - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-17] (Avira Operations GmbH & Co. KG)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [3648584 2010-09-06] (INCA Internet Co., Ltd.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R3 CLEDX; C:\Windows\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-24] (DT Soft Ltd)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [42008 2012-02-07] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-06-30] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [6784 2007-01-26] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-23 17:04 - 2013-09-23 17:04 - 98674763 _____ C:\Windows\system32\⬔Ḽd
2013-09-22 20:00 - 2013-09-22 20:00 - 00651264 _____ C:\Users\marc19\Downloads\MicrosoftFixit50096.msi
2013-09-22 18:51 - 2013-09-22 18:51 - 05129542 ____R (Swearware) C:\Users\marc19\Desktop\ComboFix.exe
2013-09-22 18:33 - 2013-09-22 19:11 - 00000000 ___SD C:\32788R22FWJFW
2013-09-22 18:33 - 2013-09-22 18:33 - 00000000 ____D C:\Windows\erdnt
2013-09-22 18:27 - 2013-09-22 18:28 - 00000000 ____D C:\AdwCleaner
2013-09-22 18:20 - 2013-09-22 18:20 - 00003228 _____ C:\Windows\PFRO.log
2013-09-22 17:18 - 2013-09-22 17:18 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-21 15:53 - 2013-09-21 15:54 - 18159769 _____ C:\Users\marc19\Downloads\0479_VTB.flv
2013-09-20 12:48 - 2013-09-20 12:48 - 00035340 _____ C:\Users\marc19\Downloads\FRST.txt
2013-09-20 12:41 - 2013-09-20 12:41 - 00000156 _____ C:\Users\marc19\defogger_reenable
2013-09-20 12:38 - 2013-09-20 12:38 - 00000590 _____ C:\Users\marc19\Documents\1Ereignisse.txt
2013-09-20 12:38 - 2013-09-20 12:38 - 00000582 _____ C:\Users\marc19\Desktop\Ereignisse.txt
2013-09-19 10:40 - 2013-09-23 17:03 - 00065325 _____ C:\Windows\setupact.log
2013-09-19 10:40 - 2013-09-19 10:40 - 00000000 _____ C:\Windows\setuperr.log
2013-09-19 10:32 - 2013-09-20 12:48 - 00029013 _____ C:\Users\marc19\Downloads\Addition.txt
2013-09-19 10:31 - 2013-09-19 10:31 - 00000000 ____D C:\FRST
2013-09-19 10:29 - 2013-09-19 10:29 - 00002398 _____ C:\Users\marc19\Documents\cc_20130919_102922.reg
2013-09-19 10:25 - 2013-09-19 10:26 - 00021776 _____ C:\Users\marc19\Documents\cc_20130919_102546.reg
2013-09-17 23:31 - 2013-09-17 23:31 - 00377856 _____ C:\Users\marc19\Downloads\5mx25drd.exe
2013-09-17 23:26 - 2013-09-17 23:27 - 00602112 _____ (OldTimer Tools) C:\Users\marc19\Downloads\OTL.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\ProgramData\Oracle
2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-17 23:10 - 2013-09-17 23:10 - 00001999 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-17 23:09 - 2013-09-17 23:10 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-17 23:07 - 2013-09-17 23:07 - 00913832 _____ (Oracle Corporation) C:\Users\marc19\Downloads\jxpiinstall(1).exe
2013-09-17 22:40 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-17 22:40 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-17 22:40 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-17 22:38 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-17 22:37 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-17 22:37 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-17 22:37 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-17 22:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-17 22:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 22102304 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 12947360 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 09253664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-17 22:23 - 2013-09-17 22:23 - 07720576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 06329552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 02789152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 02007328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 01049376 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3232723.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 00893728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3232723.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 00586016 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 00515360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2013-09-02 23:42 - 2013-09-17 23:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-02 22:17 - 2013-09-23 17:05 - 00000000 ___RD C:\Users\marc19\Dropbox
2013-09-02 22:17 - 2013-09-02 22:17 - 00001048 _____ C:\Users\marc19\Desktop\Dropbox.lnk
2013-09-02 22:15 - 2013-09-02 22:15 - 00000000 ____D C:\Users\marc19\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-02 22:14 - 2013-09-23 17:05 - 00000000 ____D C:\Users\marc19\AppData\Roaming\Dropbox
2013-09-02 22:14 - 2013-09-02 22:14 - 32966136 _____ (Dropbox, Inc.) C:\Users\marc19\Downloads\Dropbox 2.0.26.exe
2013-08-26 17:45 - 2013-08-26 17:45 - 00029564 _____ C:\Users\marc19\Desktop\AVSCAN-20130826-170900-874FBE1E.LOG
2013-08-26 17:00 - 2013-08-26 17:00 - 00080384 _____ C:\Users\marc19\Downloads\MBRCheck.exe
==================== One Month Modified Files and Folders =======
2013-09-23 17:10 - 2013-04-29 19:51 - 00000000 ____D C:\Users\marc19\Desktop\Neuer Ordner
2013-09-23 17:10 - 2009-10-22 13:10 - 00009728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 17:10 - 2009-10-22 13:10 - 00009728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 17:07 - 2009-10-22 13:27 - 01503956 _____ C:\Windows\WindowsUpdate.log
2013-09-23 17:05 - 2013-09-02 22:17 - 00000000 ___RD C:\Users\marc19\Dropbox
2013-09-23 17:05 - 2013-09-02 22:14 - 00000000 ____D C:\Users\marc19\AppData\Roaming\Dropbox
2013-09-23 17:04 - 2013-09-23 17:04 - 98674763 _____ C:\Windows\system32\⬔Ḽd
2013-09-23 17:03 - 2013-09-19 10:40 - 00065325 _____ C:\Windows\setupact.log
2013-09-23 17:03 - 2011-12-18 14:06 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-23 17:03 - 2009-09-22 21:15 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-23 17:03 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-22 20:58 - 2012-11-03 16:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-22 20:09 - 2009-09-22 21:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-22 20:00 - 2013-09-22 20:00 - 00651264 _____ C:\Users\marc19\Downloads\MicrosoftFixit50096.msi
2013-09-22 19:11 - 2013-09-22 18:33 - 00000000 ___SD C:\32788R22FWJFW
2013-09-22 18:51 - 2013-09-22 18:51 - 05129542 ____R (Swearware) C:\Users\marc19\Desktop\ComboFix.exe
2013-09-22 18:33 - 2013-09-22 18:33 - 00000000 ____D C:\Windows\erdnt
2013-09-22 18:28 - 2013-09-22 18:27 - 00000000 ____D C:\AdwCleaner
2013-09-22 18:21 - 2009-10-22 14:05 - 00000000 ____D C:\Windows\Panther
2013-09-22 18:20 - 2013-09-22 18:20 - 00003228 _____ C:\Windows\PFRO.log
2013-09-22 18:19 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Microsoft Games
2013-09-22 18:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-22 18:10 - 2011-01-27 18:56 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-22 18:07 - 2013-04-29 19:57 - 00000000 ____D C:\ProgramData\MFAData
2013-09-22 18:06 - 2013-04-29 19:59 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-22 18:03 - 2013-04-29 19:59 - 00000000 ___HD C:\$AVG
2013-09-22 17:18 - 2013-09-22 17:18 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-21 16:38 - 2009-10-22 13:35 - 01536340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-21 16:36 - 2013-06-30 19:33 - 00000000 ____D C:\Users\marc19\AppData\Roaming\vlc
2013-09-21 15:54 - 2013-09-21 15:53 - 18159769 _____ C:\Users\marc19\Downloads\0479_VTB.flv
2013-09-20 12:58 - 2012-11-03 16:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 12:58 - 2011-09-24 02:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 12:48 - 2013-09-20 12:48 - 00035340 _____ C:\Users\marc19\Downloads\FRST.txt
2013-09-20 12:48 - 2013-09-19 10:32 - 00029013 _____ C:\Users\marc19\Downloads\Addition.txt
2013-09-20 12:41 - 2013-09-20 12:41 - 00000156 _____ C:\Users\marc19\defogger_reenable
2013-09-20 12:41 - 2009-10-22 13:11 - 00000000 ____D C:\Users\marc19
2013-09-20 12:38 - 2013-09-20 12:38 - 00000590 _____ C:\Users\marc19\Documents\1Ereignisse.txt
2013-09-20 12:38 - 2013-09-20 12:38 - 00000582 _____ C:\Users\marc19\Desktop\Ereignisse.txt
2013-09-19 10:40 - 2013-09-19 10:40 - 00000000 _____ C:\Windows\setuperr.log
2013-09-19 10:34 - 2013-05-24 23:42 - 00000000 ____D C:\Users\marc19\AppData\Roaming\DAEMON Tools Lite
2013-09-19 10:31 - 2013-09-19 10:31 - 00000000 ____D C:\FRST
2013-09-19 10:29 - 2013-09-19 10:29 - 00002398 _____ C:\Users\marc19\Documents\cc_20130919_102922.reg
2013-09-19 10:28 - 2011-09-17 01:46 - 00000000 ____D C:\ProgramData\LogiShrd
2013-09-19 10:28 - 2011-09-17 01:46 - 00000000 ____D C:\Program Files\Logitech
2013-09-19 10:28 - 2011-09-17 01:45 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-09-19 10:26 - 2013-09-19 10:25 - 00021776 _____ C:\Users\marc19\Documents\cc_20130919_102546.reg
2013-09-19 10:26 - 2013-04-24 19:03 - 00000000 ____D C:\Users\marc19\AppData\Roaming\BitTorrent
2013-09-19 10:24 - 2009-11-07 22:37 - 00000000 ____D C:\Windows\Minidump
2013-09-18 13:44 - 2009-10-12 19:28 - 00000000 ____D C:\ProgramData\Adobe
2013-09-18 13:42 - 2009-09-22 20:08 - 00000000 ____D C:\Users\marc19\AppData\Roaming\Adobe
2013-09-18 06:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-18 03:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-18 03:27 - 2009-07-14 06:33 - 00415880 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-18 03:25 - 2012-06-07 17:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-18 03:09 - 2009-09-22 20:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-18 03:04 - 2013-08-15 19:59 - 00000000 ____D C:\Windows\system32\MRT
2013-09-18 03:01 - 2009-11-12 22:25 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-17 23:31 - 2013-09-17 23:31 - 00377856 _____ C:\Users\marc19\Downloads\5mx25drd.exe
2013-09-17 23:27 - 2013-09-17 23:26 - 00602112 _____ (OldTimer Tools) C:\Users\marc19\Downloads\OTL.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-17 23:13 - 2013-09-17 23:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\ProgramData\Oracle
2013-09-17 23:13 - 2013-09-17 23:13 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-17 23:13 - 2013-05-23 18:18 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-17 23:13 - 2011-10-19 21:16 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-17 23:13 - 2009-09-22 20:25 - 00000000 ____D C:\Program Files\Java
2013-09-17 23:12 - 2009-10-12 19:22 - 00000000 ____D C:\Users\marc19\AppData\Local\Adobe
2013-09-17 23:10 - 2013-09-17 23:10 - 00001999 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-17 23:10 - 2013-09-17 23:09 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-17 23:09 - 2011-03-20 11:47 - 00000000 ____D C:\Program Files\Adobe
2013-09-17 23:07 - 2013-09-17 23:07 - 00913832 _____ (Oracle Corporation) C:\Users\marc19\Downloads\jxpiinstall(1).exe
2013-09-17 23:03 - 2013-09-02 23:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 22:32 - 2013-06-30 20:47 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-17 22:32 - 2013-06-30 20:46 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-17 22:32 - 2013-06-30 20:46 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-17 22:23 - 2013-09-17 22:23 - 22102304 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 12947360 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 09253664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-17 22:23 - 2013-09-17 22:23 - 07720576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 06329552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 02789152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 02007328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 01049376 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3232723.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 00893728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3232723.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 00586016 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2013-09-17 22:23 - 2013-09-17 22:23 - 00515360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2013-09-17 22:23 - 2012-10-10 22:14 - 13628208 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2013-09-17 22:23 - 2012-10-10 22:14 - 02630304 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2013-09-17 22:23 - 2010-07-10 05:37 - 00017699 _____ C:\Windows\system32\nvinfo.pb
2013-09-12 08:28 - 2010-07-09 16:37 - 04265760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-12 08:28 - 2010-07-09 16:37 - 03006240 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2013-09-12 08:28 - 2010-07-09 16:37 - 00662816 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-12 08:28 - 2010-07-09 16:37 - 00209184 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-12 08:28 - 2009-08-17 02:41 - 02555168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-12 08:28 - 2009-08-17 02:41 - 00062752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2013-09-02 22:17 - 2013-09-02 22:17 - 00001048 _____ C:\Users\marc19\Desktop\Dropbox.lnk
2013-09-02 22:15 - 2013-09-02 22:15 - 00000000 ____D C:\Users\marc19\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-02 22:14 - 2013-09-02 22:14 - 32966136 _____ (Dropbox, Inc.) C:\Users\marc19\Downloads\Dropbox 2.0.26.exe
2013-08-26 17:45 - 2013-08-26 17:45 - 00029564 _____ C:\Users\marc19\Desktop\AVSCAN-20130826-170900-874FBE1E.LOG
2013-08-26 17:00 - 2013-08-26 17:00 - 00080384 _____ C:\Users\marc19\Downloads\MBRCheck.exe
Files to move or delete:
====================
C:\ProgramData\5VV3vqp.dat
C:\ProgramData\wq0d8K.dat
Some content of TEMP:
====================
C:\Users\marc19\AppData\Local\Temp\bitool.dll
C:\Users\marc19\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-21 16:34
==================== End Of Log ============================
--- --- --- |
|
23.09.2013, 20:44
| #12 |
| /// TB-Ausbilder | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Ok, wie läuft der Rechner? Gibts noch Probleme? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\5VV3vqp.dat
C:\ProgramData\wq0d8K.dat
FF Extension: No Name - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
FF NewTab: hxxp://newtab.certified-toolbar.com/nff?si=41460&tid=2938&new=true
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2
Schritt 2 ESET Online Scanner
__________________ cheers, Leo |
|
26.09.2013, 11:29
| #13 |
| | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Rechner läuft gut!  Eset scan hat 15 Stunden gedauert, gehe davon aus,dass das normal ist, da Online-Scanner!? Hier die Logs: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2013
Ran by marc19 at 2013-09-24 12:41:00 Run:1
Running from C:\Users\marc19\Desktop\Neuer Ordner
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\ProgramData\5VV3vqp.dat
C:\ProgramData\wq0d8K.dat
FF Extension: No Name - C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
FF NewTab: hxxp://newtab.certified-toolbar.com/nff?si=41460&tid=2938&new=true
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
*****************
C:\ProgramData\5VV3vqp.dat => Moved successfully.
C:\ProgramData\wq0d8K.dat => Moved successfully.
C:\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi => Moved successfully.
Firefox newtab deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.24.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 marc19 :: SAMY [Administrator] 24.09.2013 12:43:46 mbam-log-2013-09-24 (12-43-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 260236 Laufzeit: 7 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\funmoodsToolbar (PUP.Optional.FunMoods.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\marc19\AppData\Local\Temp\nsu328A.tmp (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\marc19\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\marc19\Downloads\codec_pack_171337_ff.exe (PUP.BundleInstaller.DW) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\marc19\Downloads\codec_pack_878691_ff.exe (PUP.BundleInstaller.DW) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\marc19\Downloads\DTLite4471-0333.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6620ddd442fe7947804435856995d062
# engine=15237
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-26 02:03:43
# local_time=2013-09-26 04:03:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 142255 245584313 135038 0
# compatibility_mode=5893 16776573 100 94 284623 131792214 0 0
# scanned=4754939
# found=48
# cleaned=0
# scan_time=54176
sh=4808307C704D29122CDB8EA28287E082E48AC0EF ft=1 fh=d700a127a454b68d vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooIEClient.dll.vir"
sh=5B0CCA662149240D1FD4354BEAC1338E97E334EA ft=1 fh=45b9659c78b9b894 vn="Win32/Adware.MultiPlug.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Bcool\uninstall.exe.vir"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=A030238BBFC91AC6A9AC08659C65FBB4ACAECDFA ft=1 fh=1040e9e6e3d18f2b vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=D697D0396B6AD1245FA79335D8AAA1B8D3815375 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\marc19\AppData\Roaming\Mozilla\Firefox\Profiles\02lvfocj.default\Extensions\plugin@yontoo.com\content\overlay.js.vir"
sh=0A8AF089E4EC4FDE915595155CCF3E7E61BA4271 ft=1 fh=56868e71339e07ff vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Users\marc19\Downloads\Der_Hobbit_-_Eine_unerwartete_Reise(1).exe"
sh=0A8AF089E4EC4FDE915595155CCF3E7E61BA4271 ft=1 fh=56868e71339e07ff vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Users\marc19\Downloads\Der_Hobbit_-_Eine_unerwartete_Reise.exe"
sh=371B8426F7DCBFDC58230842DAE3867B17001173 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NIA trojan" ac=I fn="C:\Windows\Temp\jar_cache3007998920436561096.tmp"
sh=0A8AF089E4EC4FDE915595155CCF3E7E61BA4271 ft=1 fh=56868e71339e07ff vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Windows.old\Documents and Settings\marc19\Downloads\Der_Hobbit_-_Eine_unerwartete_Reise(1).exe"
sh=0A8AF089E4EC4FDE915595155CCF3E7E61BA4271 ft=1 fh=56868e71339e07ff vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Windows.old\Documents and Settings\marc19\Downloads\Der_Hobbit_-_Eine_unerwartete_Reise.exe"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130412_231245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130413_231245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130414_231245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130415_011245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130415_031245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130415_051245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130415_071245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130415_091245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130415_111245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130415_131245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130415_151245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130415_171245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Battalion HD\Nero Local Autobackup\20130629_131442_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=8FAADF53FC9C47C0BC1303791928928F73F065DF ft=0 fh=0000000000000000 vn="Win32/Theola.F trojan" ac=I fn="J:\C\Users\stadelmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegmiemjpeonmdgidakdcmleiggngoaf\1.0_0\content.js"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Nero Local Autobackup\20130129_231245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Nero Local Autobackup\20130130_171246_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Nero Local Autobackup\20130131_191245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Nero Local Autobackup\20130203_171245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_171245_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings(1).exe"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_171245_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings(2).exe"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_171245_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings.exe"
sh=698DC5FA8E76AD26A5D55D4BC00323F5175B0FA6 ft=1 fh=56608524339f9ad2 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_171245_Local Autobackup\C\Users\stadelmann\Downloads\the_silver_linings.exe"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Nero Local Autobackup\20130203_191247_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_191247_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings(1).exe"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_191247_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings(2).exe"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_191247_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings.exe"
sh=698DC5FA8E76AD26A5D55D4BC00323F5175B0FA6 ft=1 fh=56608524339f9ad2 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_191247_Local Autobackup\C\Users\stadelmann\Downloads\the_silver_linings.exe"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Nero Local Autobackup\20130203_231245_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_231245_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings(1).exe"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_231245_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings(2).exe"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_231245_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings.exe"
sh=698DC5FA8E76AD26A5D55D4BC00323F5175B0FA6 ft=1 fh=56608524339f9ad2 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130203_231245_Local Autobackup\C\Users\stadelmann\Downloads\the_silver_linings.exe"
sh=5EF49F0215402BFAC5014E314EA9EF1A2ED951CA ft=1 fh=2b15807df2f87738 vn="a variant of Win32/Kryptik.ASOD trojan" ac=I fn="J:\Nero Local Autobackup\20130204_200151_Local Autobackup\C\Qoobox\Quarantine\C\ProgramData\Windows\msdr.dll.vir"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130204_200151_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings(1).exe"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130204_200151_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings(2).exe"
sh=53AC55B03F919DC0B9BE34D04061F75B0A19E7F9 ft=1 fh=d47fc7113d6e29b7 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130204_200151_Local Autobackup\C\Users\stadelmann\Downloads\Silver_Linings.exe"
sh=698DC5FA8E76AD26A5D55D4BC00323F5175B0FA6 ft=1 fh=56608524339f9ad2 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="J:\Nero Local Autobackup\20130204_200151_Local Autobackup\C\Users\stadelmann\Downloads\the_silver_linings.exe"
sh=8FAADF53FC9C47C0BC1303791928928F73F065DF ft=0 fh=0000000000000000 vn="Win32/Theola.F trojan" ac=I fn="Z:\C\Users\stadelmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegmiemjpeonmdgidakdcmleiggngoaf\1.0_0\content.js"
|
|
26.09.2013, 11:44
| #14 |
| /// TB-Ausbilder | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Hallo, ja ESET dauert lange, das ist normal. Lösch diese beiden noch aus deinen Sicherungen: Code:
ATTFilter J:\C\Users\stadelmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegmiemjpeonmdgidakdcmleiggngoaf
Z:\C\Users\stadelmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegmiemjpeonmdgidakdcmleiggngoaf
Ansonsten sieht es gut aus. Schritt 1 Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 2 Überprüfe mit diesem Plugin-Check (mit dem Firefox hier), ob alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
26.09.2013, 18:01
| #15 |
| | Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' Hy Leo!! Erstmal fettes Dankeschön!! Habe alle SChritte ausgeführt bis auf Nr.2 TFC.exe Das Programm stürzt immer ab, auch nach Neustart/Neuinstallation(Keine Rückmeldung) Es fängt an zu löschen bis zum punkt :Windows Temp Folder emptied: 0bytes, dann geht nichts mehr und ich bin gezwungen TFC mit Ctrl Alt del zu schliessen. Wäre kool wenn wir dass noch zum laufen bringen, würde das Prog. gerne behalten für die Zukunft! Nochmals Dankeee |
|
| Themen zu Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\' |
| 4d36e972-e325-11ce-bfc1-08002be10318, addition/gmer., avira, avscan/frst, b00/whistleblower.bd, b00/whistler.db, bcrypt.dll, bonjour, boo/whistler.db, bootsektorvirus, browser, cubase, dllhost.exe, farbar, farbar recovery scan tool, flash player, gophoto, homepage, iexplore.exe, launch, masterbootsektor hd0, mozilla, newtab, ntdll.dll, ntopenkeyex, plug-in, programm, prozesse, registry, security, services.exe, software, svchost.exe, taskhost.exe, tunnel, windows, windows.old |
Linear-Darstellung
