| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.07.2012, 11:52
| #1 |
 |  Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Hallo liebe Forenmitglieder ! Ich bin ganz neu hier und deshalb bitte ich um Nachsicht, sollte ich nicht gleich zurechtkommen. Ich habe folgendes Problem: Mein Avast-Virenscanner kann Dateien nicht durchsuchen. In den Details habe ich folgende Datei gefunden, die wohl dieses Problem verursacht : c:\progra~1\micros~2\shellext.dll Malewarebytes hat aber nichts gefunden. Hier die aktuellste Logdatei. Muß ich mir trotzdem Sorgen um mein System machen ? Danke im Voraus für die Hilfe. Grüße, Olga1960 Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.19.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Heinrich 2 :: HEINRICH2-PC [Administrator] 19.07.2012 16:54:18 mbam-log-2012-07-19 (16-54-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 329637 Laufzeit: 24 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
23.07.2012, 09:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
24.07.2012, 19:16
| #3 |
| | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Ja, es sind noch diese Logdateien aus vorherigen Scans vorhanden.
__________________Avast hat gestern auch noch dieseBedrohung gefunden: BAcroIEHelpe169.dll Könnte vieleicht auch noch was damit zu tun haben. ?? Danke, Gruß Olga Hier die Logdateien aus Malewarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.19.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Heinrich 2 :: HEINRICH2-PC [Administrator] 20.07.2012 13:02:07 mbam-log-2012-07-20 (13-02-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 32144 Laufzeit: 1 Minute(n), 12 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.19.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Heinrich 2 :: HEINRICH2-PC [Administrator] 19.07.2012 16:54:18 mbam-log-2012-07-19 (16-54-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 329637 Laufzeit: 24 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) www.malwarebytes.org Datenbank Version: v2012.05.31.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Heinrich 2 :: HEINRICH2-PC [Administrator] 31.05.2012 22:26:01 mbam-log-2012-05-31 (22-26-01).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 331411 Laufzeit: 36 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Heinrich 2\AppData\Local\Temp\~!#7B2B.tmp (Trojan.Agent.Sin) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Heinrich 2\AppData\Local\Temp\~!#80F7.tmp (Trojan.Agent.Sin) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) [/code] Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.08.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Heinrich 2 :: HEINRICH2-PC [Administrator] 08.05.2012 16:37:13 mbam-log-2012-05-08 (16-37-13).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 324506 Laufzeit: 28 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.27.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Heinrich 2 :: HEINRICH2-PC [Administrator] 27.01.2012 13:43:20 mbam-log-2012-01-27 (13-43-20).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 291832 Laufzeit: 31 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
24.07.2012, 21:06
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Führ bitte auch ESET aus, danach sehen wir weiter. Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.07.2012, 21:43
| #5 |
| | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Hallo, habe ESET ausgeführt und wurde auch was gefunden. Hier die Logdatei. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=66bce4990544354caaab82c8b4b36b99
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-25 04:36:08
# local_time=2012-07-25 06:36:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 94858624 0 0
# compatibility_mode=8192 67108863 100 0 471 471 0 0
# scanned=105069
# found=8
# cleaned=0
# scan_time=5394
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Local\Temp\SXvy60M.exe a variant of Win32/Kryptik.AIWX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\4ff32c75-7a25cfe0 a variant of Java/Exploit.CVE-2012-1723.A trojan (unable to clean) 00000000000000000000000000000000 I
D:\Sich Daten (G)\Downloads\Software\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
D:\Sich Daten (G)\Downloads\Software\Nero\Nero_Setup7.8.5.0_Demo.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
D:\Sich Daten (G)\Downloads 2012-01-24 20;31;19\Software\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
D:\Sich Daten (G)\Downloads 2012-01-24 20;31;19\Software\Nero\Nero_Setup7.8.5.0_Demo.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Software\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Software\Nero\Nero_Setup7.8.5.0_Demo.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=66bce4990544354caaab82c8b4b36b99
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-25 08:37:09
# local_time=2012-07-25 10:37:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 6893 94871303 0 0
# compatibility_mode=8192 67108863 100 0 13150 13150 0 0
# scanned=120567
# found=8
# cleaned=0
# scan_time=7176
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Local\Temp\SXvy60M.exe a variant of Win32/Kryptik.AIWX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\4ff32c75-7a25cfe0 a variant of Java/Exploit.CVE-2012-1723.A trojan (unable to clean) 00000000000000000000000000000000 I
D:\Sich Daten (G)\Downloads\Software\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
D:\Sich Daten (G)\Downloads\Software\Nero\Nero_Setup7.8.5.0_Demo.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
D:\Sich Daten (G)\Downloads 2012-01-24 20;31;19\Software\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
D:\Sich Daten (G)\Downloads 2012-01-24 20;31;19\Software\Nero\Nero_Setup7.8.5.0_Demo.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Software\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Software\Nero\Nero_Setup7.8.5.0_Demo.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
|
|
26.07.2012, 14:37
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen |
|
26.07.2012, 19:16
| #7 |
| | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Danke Dir. Hab ich gemacht. Hier die Logdatei. Gruß, Olga Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/26/2012 at 20:12:19
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Heinrich 2 - HEINRICH2-PC
# Running from : G:\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Heinrich 2\AppData\Roaming\Mozilla\Firefox\Profiles\wndjemli.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ctj543gf.default\prefs.js
Found : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/?shva=1#inbox");
*************************
AdwCleaner[R1].txt - [938 octets] - [26/07/2012 20:12:19]
########## EOF - C:\AdwCleaner[R1].txt - [1065 octets] ##########
|
|
26.07.2012, 22:53
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2012, 12:23
| #9 |
| | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Du meinst damit sicher den Windows-Start. Ja WIN 7 startet ganz normal. Und in alle Programme ist, soweit ich das überblicke, alles vorhanden, auch keine leeren Ordner. Übrigens, das wollte ich noch mitteilen, Avast hatte ja diesen letzten Virus gefunden (falls das einer war) und meldete aber dann nicht mehr, dass er Dateien nicht scannen konnte. Ich benutze auch ab und an den CCleaner. Gruß, Olga |
|
27.07.2012, 13:45
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2012, 15:52
| #11 |
| | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Geschafft ! :-)) Hier OTL.txt : Code:
ATTFilter OTL logfile created on: 27.07.2012 16:33:49 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Heinrich 2\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,88 Gb Total Physical Memory | 2,93 Gb Available Physical Memory | 75,56% Memory free 7,77 Gb Paging File | 6,40 Gb Available in Paging File | 82,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 234,38 Gb Total Space | 201,39 Gb Free Space | 85,93% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 150,48 Gb Free Space | 64,62% Space Free | Partition Type: NTFS Drive G: | 231,28 Gb Total Space | 209,49 Gb Free Space | 90,58% Space Free | Partition Type: NTFS Computer Name: HEINRICH2-PC | User Name: Heinrich 2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.27 16:26:44 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Heinrich 2\Desktop\OTL.exe PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.10.11 19:49:04 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Heinrich 2\AppData\Local\Apps\2.0\BVOPMQ27.NBB\AJNG6PVA.HQO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.10.05 15:08:46 | 002,655,768 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.05 15:08:42 | 000,325,656 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.04.27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.12.03 11:26:02 | 000,498,792 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2007.09.11 15:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!DSL\StCenter.EXE PRC - [2007.09.07 11:06:46 | 001,070,384 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe PRC - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.22 10:04:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.22 10:03:56 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll MOD - [2012.06.21 23:37:39 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.06.21 23:37:19 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.06.21 23:37:17 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.05.11 17:26:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 17:25:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.11 17:25:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 17:25:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 17:25:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 17:25:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.10.11 19:48:23 | 000,368,640 | ---- | M] () -- C:\Users\Heinrich 2\AppData\Local\Apps\2.0\BVOPMQ27.NBB\AJNG6PVA.HQO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL MOD - [2011.04.12 09:43:19 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.26 23:01:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.06.24 16:53:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010.10.05 15:08:46 | 002,655,768 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.05 15:08:42 | 000,325,656 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.07.13 10:45:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe -- (cbVSCService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.12.03 11:26:02 | 000,498,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2007.12.03 11:06:42 | 000,599,320 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.14 20:12:08 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011.10.14 20:12:08 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2011.10.14 20:12:05 | 000,229,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011.10.14 20:12:04 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2011.10.11 19:48:48 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio) DRV:64bit: - [2011.08.31 19:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.30 13:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 13:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.03 07:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.10.26 17:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.20 20:09:18 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1308444173-748348572-3176675349-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1308444173-748348572-3176675349-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1308444173-748348572-3176675349-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 06 CA 5A C7 05 CD 01 [binary data] IE - HKU\S-1-5-21-1308444173-748348572-3176675349-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1308444173-748348572-3176675349-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1308444173-748348572-3176675349-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1308444173-748348572-3176675349-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1308444173-748348572-3176675349-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1308444173-748348572-3176675349-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.19 15:33:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 16:53:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.23 21:05:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.21 20:26:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 16:53:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.23 21:05:01 | 000,000,000 | ---D | M] [2011.10.11 15:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heinrich 2\AppData\Roaming\mozilla\Extensions [2012.07.05 19:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heinrich 2\AppData\Roaming\mozilla\Firefox\Profiles\wndjemli.default\extensions [2011.10.11 17:36:41 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Heinrich 2\AppData\Roaming\mozilla\Firefox\Profiles\wndjemli.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011.10.11 17:36:41 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\Heinrich 2\AppData\Roaming\mozilla\Firefox\Profiles\wndjemli.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66} [2011.12.04 18:00:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.05 17:53:14 | 000,399,561 | ---- | M] () (No name found) -- C:\USERS\HEINRICH 2\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WNDJEMLI.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI [2012.06.24 16:53:18 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.11 20:53:03 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.14 11:45:24 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.06.24 16:53:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.24 16:53:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.24 16:53:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.24 16:53:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.24 16:53:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.24 16:53:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.10.16 14:55:47 | 000,437,925 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15060 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1308444173-748348572-3176675349-1000..\Run: [AVMUSBFernanschluss] C:\Users\Heinrich 2\AppData\Local\Apps\2.0\BVOPMQ27.NBB\AJNG6PVA.HQO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Heinrich 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1308444173-748348572-3176675349-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1308444173-748348572-3176675349-1000\..Trusted Ranges: Range37 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ECB92F0-EB53-4CFD-AE76-580891123905}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0BE11CC-00C8-4FB5-B8CE-06B072F832A8}: DhcpNameServer = 192.168.42.129 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^Users^Heinrich 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) MsConfig:64bit - StartUpReg: AcronisTimounterMonitor - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - File not found MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AVMUSBFernanschluss - hkey= - key= - C:\Users\Heinrich 2\AppData\Local\Apps\2.0\BVOPMQ27.NBB\AJNG6PVA.HQO\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - File not found MsConfig:64bit - StartUpReg: OpwareSE4 - hkey= - key= - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.27 16:26:40 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Heinrich 2\Desktop\OTL.exe [2012.07.25 16:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.21 11:43:20 | 000,000,000 | ---D | C] -- C:\Users\Heinrich 2\Desktop\Köln 12.-18.07.2012 [2012.07.20 13:36:11 | 000,000,000 | ---D | C] -- C:\Users\Heinrich 2\AppData\Roaming\TuneUp Software [2012.07.20 13:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.07.20 13:34:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.07.20 13:34:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.07.20 12:28:44 | 000,000,000 | ---D | C] -- C:\Users\Heinrich 2\Desktop\shell.dll [2012.07.19 15:33:40 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.07.19 15:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.07.19 15:33:39 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.07.19 15:33:37 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.07.19 15:33:35 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.07.19 15:33:34 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.07.19 15:33:31 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.07.19 15:33:30 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.07.19 15:33:12 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.07.19 15:33:12 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.19 15:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.07.19 15:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.07.15 15:14:56 | 000,000,000 | ---D | C] -- C:\Users\Heinrich 2\AppData\Roaming\kock [2012.07.13 16:22:44 | 000,000,000 | ---D | C] -- C:\Users\Heinrich 2\AppData\Roaming\xmldm [1 C:\Users\Heinrich 2\AppData\Roaming\*.tmp files -> C:\Users\Heinrich 2\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.27 16:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.27 16:26:44 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Heinrich 2\Desktop\OTL.exe [2012.07.27 15:21:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.27 13:31:32 | 000,005,110 | ---- | M] () -- C:\Users\Heinrich 2\Desktop\Musterbrief_Rueckkaufswert.odt [2012.07.27 13:23:30 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.27 13:23:30 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.27 13:23:19 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.27 13:23:19 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.27 13:23:19 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.27 13:23:19 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.27 13:23:19 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.27 13:15:50 | 3127,357,440 | -HS- | M] () -- C:\hiberfil.sys [2012.07.24 09:45:51 | 000,020,451 | ---- | M] () -- C:\Users\Heinrich 2\Desktop\Einladung Mitgliederversammlung 2011.pdf [2012.07.22 16:16:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.07.20 16:57:48 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.19 16:49:28 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.19 15:33:40 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.07.19 15:30:15 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.07.13 16:31:40 | 000,000,051 | ---- | M] () -- C:\Users\Heinrich 2\AppData\Roaming\blckdom.res [2012.07.11 15:12:53 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Users\Heinrich 2\AppData\Roaming\*.tmp files -> C:\Users\Heinrich 2\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.27 13:31:32 | 000,005,110 | ---- | C] () -- C:\Users\Heinrich 2\Desktop\Musterbrief_Rueckkaufswert.odt [2012.07.24 09:45:51 | 000,020,451 | ---- | C] () -- C:\Users\Heinrich 2\Desktop\Einladung Mitgliederversammlung 2011.pdf [2012.07.20 16:57:48 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.19 15:33:40 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.07.19 15:33:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.07.13 16:22:56 | 000,000,051 | ---- | C] () -- C:\Users\Heinrich 2\AppData\Roaming\blckdom.res [2012.06.08 20:51:32 | 000,000,052 | ---- | C] () -- C:\ProgramData\ibxrowufdfirozd [2012.06.03 21:58:31 | 000,000,052 | ---- | C] () -- C:\ProgramData\iexmowgfsforfzd [2012.05.23 11:28:59 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI [2011.10.30 12:58:46 | 000,000,000 | ---- | C] () -- C:\Users\Heinrich 2\.gtk-bookmarks [2011.10.30 12:58:03 | 000,614,911 | ---- | C] () -- C:\Users\Heinrich 2\.fonts.cache-1 [2011.10.16 11:20:11 | 000,000,017 | ---- | C] () -- C:\Users\Heinrich 2\AppData\Local\resmon.resmoncfg [2011.10.11 15:18:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.10.11 15:15:40 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI [2011.10.11 13:47:50 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.11 13:32:52 | 000,008,192 | R--- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.10.11 13:24:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.31 19:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.31 19:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.31 19:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files (x86)\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files (x86)\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab [2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files (x86)\setup.ini ========== LOP Check ========== [2012.07.12 22:42:45 | 000,000,000 | ---D | M] -- C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.023 [2012.07.13 21:23:35 | 000,000,000 | ---D | M] -- C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.024 [2012.07.14 22:50:52 | 000,000,000 | ---D | M] -- C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.025 [2012.07.11 22:23:23 | 000,000,000 | ---D | M] -- C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\ImgBurn [2012.07.12 22:23:24 | 000,000,000 | ---D | M] -- C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\kock [2012.06.24 10:41:11 | 000,000,000 | ---D | M] -- C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\OpenOffice.org [2012.07.20 14:09:04 | 000,000,000 | ---D | M] -- C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\TuneUp Software [2012.07.12 22:42:25 | 000,000,000 | ---D | M] -- C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\xmldm [2011.12.12 17:17:46 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Acronis [2011.10.12 17:17:34 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Canon [2011.10.27 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\FreePDF [2012.07.27 13:15:00 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\FRITZ! [2011.10.11 15:24:37 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.06.11 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\ImgBurn [2012.07.15 15:14:56 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\kock [2011.10.11 21:07:02 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\OpenOffice.org [2011.10.13 16:32:44 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\PhotoFiltre [2011.10.11 15:15:36 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\ScanSoft [2012.05.23 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Teleca [2011.10.11 17:27:29 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Thunderbird [2012.07.20 13:36:11 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\TuneUp Software [2012.07.13 16:22:44 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\xmldm [2012.06.11 14:34:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.12 17:17:46 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Acronis [2011.10.12 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Adobe [2011.10.12 17:17:34 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Canon [2011.10.27 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\FreePDF [2012.07.27 13:15:00 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\FRITZ! [2011.10.11 15:24:37 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.10.11 13:19:11 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Identities [2012.06.11 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\ImgBurn [2012.07.15 15:14:56 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\kock [2011.10.11 20:42:21 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Macromedia [2011.10.21 16:31:02 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Malwarebytes [2011.04.12 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Media Center Programs [2011.11.09 20:04:42 | 000,000,000 | --SD | M] -- C:\Users\Heinrich 2\AppData\Roaming\Microsoft [2011.10.11 15:19:06 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Mozilla [2012.05.15 20:50:51 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Nero [2011.10.11 21:07:02 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\OpenOffice.org [2011.10.13 16:32:44 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\PhotoFiltre [2011.10.11 15:15:36 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\ScanSoft [2012.05.23 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Teleca [2011.10.11 17:27:29 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\Thunderbird [2012.07.20 13:36:11 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\TuneUp Software [2012.04.17 20:44:36 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\vlc [2011.10.11 21:17:59 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\WinRAR [2012.07.13 16:22:44 | 000,000,000 | ---D | M] -- C:\Users\Heinrich 2\AppData\Roaming\xmldm < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
27.07.2012, 20:34
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Heinrich 2\AppData\Roaming\blckdom.res
C:\ProgramData\ibxrowufdfirozd
C:\ProgramData\iexmowgfsforfzd
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.023
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.024
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.025
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\kock
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\xmldm
C:\Users\Heinrich 2\AppData\Roaming\kock
C:\Users\Heinrich 2\AppData\Roaming\xmldm
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.07.2012, 13:21
| #13 |
| | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Auch das geschafft ! *Schweiß auf Stirn*  Gruß, Olga Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\51cdb5cd-72c03eeb-n folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\51cdb5cd-23f790b3-n folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Heinrich 2\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\Heinrich 2\AppData\Roaming\blckdom.res moved successfully.
C:\ProgramData\ibxrowufdfirozd moved successfully.
C:\ProgramData\iexmowgfsforfzd moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.023\components folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.023 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.024\components folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.024 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.025\components folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\13001.025 folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\kock folder moved successfully.
C:\Users\Hans-Jörg.Heinrich2-PC\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Heinrich 2\AppData\Roaming\kock folder moved successfully.
C:\Users\Heinrich 2\AppData\Roaming\xmldm folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Hans-Jörg
User: Hans-Jörg.Heinrich2-PC
->Temp folder emptied: 242452 bytes
->Temporary Internet Files folder emptied: 1166011 bytes
->FireFox cache emptied: 66236963 bytes
->Flash cache emptied: 789 bytes
User: Heinrich 2
->Temp folder emptied: 6135585 bytes
->Temporary Internet Files folder emptied: 131918 bytes
->FireFox cache emptied: 55384347 bytes
->Flash cache emptied: 1347 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1130180 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 124,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Hans-Jörg
User: Hans-Jörg.Heinrich2-PC
->Flash cache emptied: 0 bytes
User: Heinrich 2
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 07282012_141332
Files\Folders moved on Reboot...
C:\Users\Heinrich 2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Heinrich 2\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
29.07.2012, 00:28
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2012, 12:52
| #15 |
| | Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen So, hoffe das hab ich auch hingekriegt. Hab auch noch nichts gelöscht, 2 Funde Hier das Log: Code:
ATTFilter 13:35:48.0660 3308 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:35:48.0956 3308 ============================================================
13:35:48.0956 3308 Current date / time: 2012/07/29 13:35:48.0956
13:35:48.0956 3308 SystemInfo:
13:35:48.0956 3308
13:35:48.0956 3308 OS Version: 6.1.7601 ServicePack: 1.0
13:35:48.0956 3308 Product type: Workstation
13:35:48.0972 3308 ComputerName: HEINRICH2-PC
13:35:48.0972 3308 UserName: Heinrich 2
13:35:48.0972 3308 Windows directory: C:\Windows
13:35:48.0972 3308 System windows directory: C:\Windows
13:35:48.0972 3308 Running under WOW64
13:35:48.0972 3308 Processor architecture: Intel x64
13:35:48.0972 3308 Number of processors: 4
13:35:48.0972 3308 Page size: 0x1000
13:35:48.0972 3308 Boot type: Normal boot
13:35:48.0972 3308 ============================================================
13:35:50.0844 3308 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:35:50.0844 3308 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:35:50.0844 3308 ============================================================
13:35:50.0844 3308 \Device\Harddisk0\DR0:
13:35:50.0844 3308 MBR partitions:
13:35:50.0844 3308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:35:50.0844 3308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C3000
13:35:50.0844 3308 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D4F5800, BlocksNum 0x1CE8F800
13:35:50.0844 3308 \Device\Harddisk1\DR1:
13:35:50.0844 3308 MBR partitions:
13:35:50.0844 3308 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
13:35:50.0844 3308 ============================================================
13:35:50.0859 3308 C: <-> \Device\Harddisk0\DR0\Partition1
13:35:50.0890 3308 G: <-> \Device\Harddisk0\DR0\Partition2
13:35:50.0922 3308 D: <-> \Device\Harddisk1\DR1\Partition0
13:35:50.0922 3308 ============================================================
13:35:50.0922 3308 Initialize success
13:35:50.0922 3308 ============================================================
13:36:30.0062 3840 ============================================================
13:36:30.0062 3840 Scan started
13:36:30.0062 3840 Mode: Manual; SigCheck; TDLFS;
13:36:30.0062 3840 ============================================================
13:36:30.0920 3840 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:36:31.0029 3840 1394ohci - ok
13:36:31.0076 3840 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:36:31.0092 3840 ACPI - ok
13:36:31.0107 3840 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:36:31.0138 3840 AcpiPmi - ok
13:36:31.0248 3840 AcrSch2Svc (ed990d05c5189ce96c98625ea182467e) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
13:36:31.0279 3840 AcrSch2Svc - ok
13:36:31.0388 3840 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:36:31.0404 3840 AdobeFlashPlayerUpdateSvc - ok
13:36:31.0513 3840 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:36:31.0544 3840 adp94xx - ok
13:36:31.0575 3840 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:36:31.0606 3840 adpahci - ok
13:36:31.0638 3840 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:36:31.0653 3840 adpu320 - ok
13:36:31.0684 3840 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:36:31.0731 3840 AeLookupSvc - ok
13:36:31.0794 3840 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:36:31.0840 3840 AFD - ok
13:36:31.0872 3840 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:36:31.0887 3840 agp440 - ok
13:36:31.0903 3840 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:36:31.0950 3840 ALG - ok
13:36:31.0965 3840 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:36:31.0981 3840 aliide - ok
13:36:31.0981 3840 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:36:31.0996 3840 amdide - ok
13:36:32.0012 3840 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:36:32.0043 3840 AmdK8 - ok
13:36:32.0059 3840 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:36:32.0090 3840 AmdPPM - ok
13:36:32.0121 3840 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:36:32.0137 3840 amdsata - ok
13:36:32.0168 3840 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:36:32.0184 3840 amdsbs - ok
13:36:32.0199 3840 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:36:32.0215 3840 amdxata - ok
13:36:32.0230 3840 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:36:32.0293 3840 AppID - ok
13:36:32.0308 3840 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:36:32.0355 3840 AppIDSvc - ok
13:36:32.0386 3840 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:36:32.0449 3840 Appinfo - ok
13:36:32.0464 3840 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:36:32.0480 3840 arc - ok
13:36:32.0511 3840 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:36:32.0527 3840 arcsas - ok
13:36:32.0558 3840 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
13:36:33.0369 3840 aswFsBlk - ok
13:36:33.0416 3840 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
13:36:33.0432 3840 aswMonFlt - ok
13:36:33.0463 3840 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
13:36:33.0463 3840 aswRdr - ok
13:36:33.0525 3840 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
13:36:33.0556 3840 aswSnx - ok
13:36:33.0619 3840 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
13:36:33.0634 3840 aswSP - ok
13:36:33.0666 3840 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
13:36:33.0681 3840 aswTdi - ok
13:36:33.0697 3840 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:36:33.0759 3840 AsyncMac - ok
13:36:33.0775 3840 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:36:33.0791 3840 atapi - ok
13:36:33.0853 3840 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:36:33.0931 3840 AudioEndpointBuilder - ok
13:36:33.0931 3840 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:36:33.0993 3840 AudioSrv - ok
13:36:34.0040 3840 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:36:34.0056 3840 avast! Antivirus - ok
13:36:34.0087 3840 avmaudio (bd39d7cfd9d6a73396b618113a8e8d57) C:\Windows\system32\DRIVERS\avmaudio.sys
13:36:34.0118 3840 avmaudio - ok
13:36:34.0134 3840 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:36:34.0181 3840 AxInstSV - ok
13:36:34.0227 3840 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:36:34.0259 3840 b06bdrv - ok
13:36:34.0290 3840 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:36:34.0321 3840 b57nd60a - ok
13:36:34.0368 3840 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:36:34.0383 3840 BDESVC - ok
13:36:34.0399 3840 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:36:34.0461 3840 Beep - ok
13:36:34.0524 3840 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:36:34.0586 3840 BFE - ok
13:36:34.0633 3840 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:36:34.0727 3840 BITS - ok
13:36:34.0773 3840 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:36:34.0805 3840 blbdrive - ok
13:36:34.0836 3840 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:36:34.0867 3840 bowser - ok
13:36:34.0883 3840 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:36:34.0914 3840 BrFiltLo - ok
13:36:34.0914 3840 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:36:34.0945 3840 BrFiltUp - ok
13:36:34.0976 3840 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:36:35.0039 3840 Browser - ok
13:36:35.0054 3840 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:36:35.0101 3840 Brserid - ok
13:36:35.0117 3840 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:36:35.0148 3840 BrSerWdm - ok
13:36:35.0163 3840 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:36:35.0195 3840 BrUsbMdm - ok
13:36:35.0195 3840 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:36:35.0210 3840 BrUsbSer - ok
13:36:35.0241 3840 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:36:35.0273 3840 BTHMODEM - ok
13:36:35.0304 3840 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:36:35.0351 3840 bthserv - ok
13:36:35.0429 3840 cbVSCService (ed5411a69c5bac78d245c893af64352a) C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
13:36:35.0444 3840 cbVSCService ( UnsignedFile.Multi.Generic ) - warning
13:36:35.0444 3840 cbVSCService - detected UnsignedFile.Multi.Generic (1)
13:36:35.0491 3840 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:36:35.0538 3840 cdfs - ok
13:36:35.0569 3840 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:36:35.0585 3840 cdrom - ok
13:36:35.0631 3840 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:36:35.0678 3840 CertPropSvc - ok
13:36:35.0709 3840 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:36:35.0741 3840 circlass - ok
13:36:35.0772 3840 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:36:35.0787 3840 CLFS - ok
13:36:35.0850 3840 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:35.0865 3840 clr_optimization_v2.0.50727_32 - ok
13:36:35.0897 3840 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:36:35.0912 3840 clr_optimization_v2.0.50727_64 - ok
13:36:35.0990 3840 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:36:36.0006 3840 clr_optimization_v4.0.30319_32 - ok
13:36:36.0037 3840 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:36:36.0053 3840 clr_optimization_v4.0.30319_64 - ok
13:36:36.0084 3840 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:36:36.0099 3840 CmBatt - ok
13:36:36.0115 3840 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:36:36.0131 3840 cmdide - ok
13:36:36.0193 3840 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
13:36:36.0255 3840 CNG - ok
13:36:36.0271 3840 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:36:36.0287 3840 Compbatt - ok
13:36:36.0302 3840 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:36:36.0333 3840 CompositeBus - ok
13:36:36.0333 3840 COMSysApp - ok
13:36:36.0349 3840 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:36:36.0365 3840 crcdisk - ok
13:36:36.0411 3840 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:36:36.0427 3840 CryptSvc - ok
13:36:36.0474 3840 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:36:36.0552 3840 DcomLaunch - ok
13:36:36.0567 3840 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:36:36.0630 3840 defragsvc - ok
13:36:36.0645 3840 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:36:36.0692 3840 DfsC - ok
13:36:36.0739 3840 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:36:36.0786 3840 Dhcp - ok
13:36:36.0817 3840 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:36:36.0879 3840 discache - ok
13:36:36.0895 3840 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:36:36.0911 3840 Disk - ok
13:36:36.0957 3840 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:36:36.0989 3840 Dnscache - ok
13:36:37.0035 3840 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:36:37.0082 3840 dot3svc - ok
13:36:37.0113 3840 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:36:37.0160 3840 DPS - ok
13:36:37.0191 3840 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:36:37.0223 3840 drmkaud - ok
13:36:37.0269 3840 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:36:37.0301 3840 DXGKrnl - ok
13:36:37.0332 3840 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:36:37.0394 3840 EapHost - ok
13:36:37.0519 3840 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:36:37.0613 3840 ebdrv - ok
13:36:37.0691 3840 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:36:37.0722 3840 EFS - ok
13:36:37.0800 3840 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:36:37.0847 3840 ehRecvr - ok
13:36:37.0878 3840 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:36:37.0893 3840 ehSched - ok
13:36:37.0971 3840 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:36:38.0003 3840 elxstor - ok
13:36:38.0003 3840 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:36:38.0034 3840 ErrDev - ok
13:36:38.0081 3840 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:36:38.0143 3840 EventSystem - ok
13:36:38.0159 3840 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:36:38.0221 3840 exfat - ok
13:36:38.0237 3840 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:36:38.0299 3840 fastfat - ok
13:36:38.0346 3840 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:36:38.0393 3840 Fax - ok
13:36:38.0408 3840 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:36:38.0424 3840 fdc - ok
13:36:38.0439 3840 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:36:38.0486 3840 fdPHost - ok
13:36:38.0502 3840 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:36:38.0549 3840 FDResPub - ok
13:36:38.0580 3840 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:36:38.0595 3840 FileInfo - ok
13:36:38.0611 3840 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:36:38.0673 3840 Filetrace - ok
13:36:38.0689 3840 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:36:38.0705 3840 flpydisk - ok
13:36:38.0720 3840 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:36:38.0751 3840 FltMgr - ok
13:36:38.0814 3840 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:36:38.0861 3840 FontCache - ok
13:36:38.0907 3840 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:36:38.0923 3840 FontCache3.0.0.0 - ok
13:36:38.0954 3840 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:36:38.0970 3840 FsDepends - ok
13:36:39.0001 3840 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:36:39.0017 3840 Fs_Rec - ok
13:36:39.0048 3840 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:36:39.0063 3840 fvevol - ok
13:36:39.0079 3840 FXDrv32 - ok
13:36:39.0095 3840 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:36:39.0110 3840 gagp30kx - ok
13:36:39.0141 3840 GigasetGenericUSB_x64 (b93252c4c5a3733ecd5522caf88de02d) C:\Windows\system32\DRIVERS\GigasetGenericUSB_x64.sys
13:36:39.0173 3840 GigasetGenericUSB_x64 - ok
13:36:39.0219 3840 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:36:39.0297 3840 gpsvc - ok
13:36:39.0297 3840 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:36:39.0329 3840 hcw85cir - ok
13:36:39.0360 3840 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:36:39.0407 3840 HdAudAddService - ok
13:36:39.0422 3840 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:36:39.0453 3840 HDAudBus - ok
13:36:39.0469 3840 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:36:39.0485 3840 HidBatt - ok
13:36:39.0500 3840 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:36:39.0531 3840 HidBth - ok
13:36:39.0563 3840 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:36:39.0578 3840 HidIr - ok
13:36:39.0594 3840 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:36:39.0641 3840 hidserv - ok
13:36:39.0656 3840 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:36:39.0687 3840 HidUsb - ok
13:36:39.0703 3840 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:36:39.0750 3840 hkmsvc - ok
13:36:39.0781 3840 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:36:39.0812 3840 HomeGroupListener - ok
13:36:39.0843 3840 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:36:39.0875 3840 HomeGroupProvider - ok
13:36:39.0906 3840 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:36:39.0921 3840 HpSAMD - ok
13:36:39.0937 3840 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys
13:36:39.0968 3840 HTCAND64 ( UnsignedFile.Multi.Generic ) - warning
13:36:39.0968 3840 HTCAND64 - detected UnsignedFile.Multi.Generic (1)
13:36:40.0015 3840 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:36:40.0093 3840 HTTP - ok
13:36:40.0093 3840 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:36:40.0109 3840 hwpolicy - ok
13:36:40.0140 3840 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:36:40.0155 3840 i8042prt - ok
13:36:40.0202 3840 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:36:40.0218 3840 iaStorV - ok
13:36:40.0311 3840 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:36:40.0343 3840 idsvc - ok
13:36:40.0421 3840 IGDCTRL (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
13:36:40.0452 3840 IGDCTRL - ok
13:36:40.0873 3840 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:36:41.0169 3840 igfx - ok
13:36:41.0263 3840 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:36:41.0279 3840 iirsp - ok
13:36:41.0325 3840 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:36:41.0403 3840 IKEEXT - ok
13:36:41.0528 3840 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) C:\Windows\system32\drivers\RTKVHD64.sys
13:36:41.0591 3840 IntcAzAudAddService - ok
13:36:41.0669 3840 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:36:41.0684 3840 intelide - ok
13:36:41.0700 3840 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:36:41.0731 3840 intelppm - ok
13:36:41.0762 3840 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:36:41.0825 3840 IPBusEnum - ok
13:36:41.0840 3840 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:41.0887 3840 IpFilterDriver - ok
13:36:41.0934 3840 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:36:42.0012 3840 iphlpsvc - ok
13:36:42.0027 3840 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:36:42.0043 3840 IPMIDRV - ok
13:36:42.0059 3840 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:36:42.0121 3840 IPNAT - ok
13:36:42.0137 3840 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:36:42.0168 3840 IRENUM - ok
13:36:42.0183 3840 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:36:42.0199 3840 isapnp - ok
13:36:42.0230 3840 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:36:42.0261 3840 iScsiPrt - ok
13:36:42.0277 3840 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:36:42.0293 3840 kbdclass - ok
13:36:42.0308 3840 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:36:42.0339 3840 kbdhid - ok
13:36:42.0355 3840 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:36:42.0371 3840 KeyIso - ok
13:36:42.0402 3840 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
13:36:42.0417 3840 KSecDD - ok
13:36:42.0433 3840 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
13:36:42.0449 3840 KSecPkg - ok
13:36:42.0464 3840 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:36:42.0511 3840 ksthunk - ok
13:36:42.0542 3840 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:36:42.0620 3840 KtmRm - ok
13:36:42.0651 3840 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:36:42.0729 3840 LanmanServer - ok
13:36:42.0745 3840 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:36:42.0807 3840 LanmanWorkstation - ok
13:36:42.0839 3840 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:36:42.0885 3840 lltdio - ok
13:36:42.0917 3840 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:36:42.0995 3840 lltdsvc - ok
13:36:43.0010 3840 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:36:43.0073 3840 lmhosts - ok
13:36:43.0151 3840 LMS (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:36:43.0166 3840 LMS - ok
13:36:43.0197 3840 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:36:43.0213 3840 LSI_FC - ok
13:36:43.0244 3840 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:36:43.0260 3840 LSI_SAS - ok
13:36:43.0275 3840 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:36:43.0291 3840 LSI_SAS2 - ok
13:36:43.0291 3840 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:36:43.0307 3840 LSI_SCSI - ok
13:36:43.0338 3840 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:36:43.0400 3840 luafv - ok
13:36:43.0416 3840 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:36:43.0447 3840 Mcx2Svc - ok
13:36:43.0463 3840 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:36:43.0478 3840 megasas - ok
13:36:43.0509 3840 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:36:43.0525 3840 MegaSR - ok
13:36:43.0556 3840 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:36:43.0572 3840 MEIx64 - ok
13:36:43.0587 3840 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:36:43.0634 3840 MMCSS - ok
13:36:43.0650 3840 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:36:43.0697 3840 Modem - ok
13:36:43.0712 3840 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:36:43.0743 3840 monitor - ok
13:36:43.0775 3840 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:36:43.0790 3840 mouclass - ok
13:36:43.0806 3840 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:36:43.0821 3840 mouhid - ok
13:36:43.0853 3840 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:36:43.0868 3840 mountmgr - ok
13:36:43.0946 3840 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:36:43.0962 3840 MozillaMaintenance - ok
13:36:43.0977 3840 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:36:44.0009 3840 mpio - ok
13:36:44.0024 3840 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:36:44.0071 3840 mpsdrv - ok
13:36:44.0118 3840 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:36:44.0180 3840 MpsSvc - ok
13:36:44.0211 3840 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:36:44.0243 3840 MRxDAV - ok
13:36:44.0274 3840 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:44.0289 3840 mrxsmb - ok
13:36:44.0321 3840 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:44.0336 3840 mrxsmb10 - ok
13:36:44.0367 3840 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:44.0383 3840 mrxsmb20 - ok
13:36:44.0399 3840 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:36:44.0414 3840 msahci - ok
13:36:44.0414 3840 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:36:44.0445 3840 msdsm - ok
13:36:44.0461 3840 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:36:44.0508 3840 MSDTC - ok
13:36:44.0508 3840 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:36:44.0570 3840 Msfs - ok
13:36:44.0586 3840 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:36:44.0633 3840 mshidkmdf - ok
13:36:44.0648 3840 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:36:44.0664 3840 msisadrv - ok
13:36:44.0695 3840 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:36:44.0757 3840 MSiSCSI - ok
13:36:44.0757 3840 msiserver - ok
13:36:44.0773 3840 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:36:44.0835 3840 MSKSSRV - ok
13:36:44.0851 3840 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:36:44.0898 3840 MSPCLOCK - ok
13:36:44.0898 3840 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:36:44.0960 3840 MSPQM - ok
13:36:44.0991 3840 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:36:45.0007 3840 MsRPC - ok
13:36:45.0023 3840 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:36:45.0038 3840 mssmbios - ok
13:36:45.0054 3840 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:36:45.0101 3840 MSTEE - ok
13:36:45.0116 3840 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:36:45.0132 3840 MTConfig - ok
13:36:45.0147 3840 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:36:45.0163 3840 Mup - ok
13:36:45.0194 3840 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:36:45.0272 3840 napagent - ok
13:36:45.0319 3840 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:36:45.0350 3840 NativeWifiP - ok
13:36:45.0397 3840 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:36:45.0444 3840 NDIS - ok
13:36:45.0459 3840 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:36:45.0506 3840 NdisCap - ok
13:36:45.0522 3840 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:36:45.0569 3840 NdisTapi - ok
13:36:45.0584 3840 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:36:45.0631 3840 Ndisuio - ok
13:36:45.0647 3840 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:36:45.0725 3840 NdisWan - ok
13:36:45.0740 3840 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:36:45.0787 3840 NDProxy - ok
13:36:45.0803 3840 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:36:45.0849 3840 NetBIOS - ok
13:36:45.0881 3840 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:36:45.0927 3840 NetBT - ok
13:36:45.0959 3840 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:36:45.0974 3840 Netlogon - ok
13:36:46.0021 3840 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:36:46.0083 3840 Netman - ok
13:36:46.0099 3840 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:36:46.0161 3840 netprofm - ok
13:36:46.0224 3840 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:36:46.0239 3840 NetTcpPortSharing - ok
13:36:46.0271 3840 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:36:46.0286 3840 nfrd960 - ok
13:36:46.0317 3840 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:36:46.0380 3840 NlaSvc - ok
13:36:46.0395 3840 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:36:46.0442 3840 Npfs - ok
13:36:46.0458 3840 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:36:46.0520 3840 nsi - ok
13:36:46.0520 3840 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:36:46.0567 3840 nsiproxy - ok
13:36:46.0676 3840 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:36:46.0739 3840 Ntfs - ok
13:36:46.0801 3840 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:36:46.0848 3840 Null - ok
13:36:46.0895 3840 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:36:46.0910 3840 nusb3hub - ok
13:36:46.0926 3840 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:36:46.0957 3840 nusb3xhc - ok
13:36:47.0004 3840 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:36:47.0019 3840 nvraid - ok
13:36:47.0051 3840 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:36:47.0082 3840 nvstor - ok
13:36:47.0113 3840 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:36:47.0129 3840 nv_agp - ok
13:36:47.0144 3840 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:36:47.0175 3840 ohci1394 - ok
13:36:47.0207 3840 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:36:47.0253 3840 p2pimsvc - ok
13:36:47.0285 3840 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:36:47.0316 3840 p2psvc - ok
13:36:47.0331 3840 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:36:47.0363 3840 Parport - ok
13:36:47.0378 3840 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:36:47.0394 3840 partmgr - ok
13:36:47.0425 3840 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:36:47.0456 3840 PcaSvc - ok
13:36:47.0487 3840 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:36:47.0503 3840 pci - ok
13:36:47.0519 3840 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:36:47.0534 3840 pciide - ok
13:36:47.0550 3840 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:36:47.0581 3840 pcmcia - ok
13:36:47.0581 3840 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:36:47.0597 3840 pcw - ok
13:36:47.0643 3840 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:36:47.0706 3840 PEAUTH - ok
13:36:47.0784 3840 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:36:47.0799 3840 PerfHost - ok
13:36:47.0877 3840 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:36:47.0955 3840 pla - ok
13:36:48.0018 3840 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:36:48.0049 3840 PlugPlay - ok
13:36:48.0065 3840 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:36:48.0096 3840 PNRPAutoReg - ok
13:36:48.0111 3840 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:36:48.0143 3840 PNRPsvc - ok
13:36:48.0189 3840 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:36:48.0252 3840 PolicyAgent - ok
13:36:48.0283 3840 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:36:48.0345 3840 Power - ok
13:36:48.0408 3840 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:36:48.0455 3840 PptpMiniport - ok
13:36:48.0470 3840 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:36:48.0501 3840 Processor - ok
13:36:48.0533 3840 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:36:48.0564 3840 ProfSvc - ok
13:36:48.0579 3840 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:36:48.0611 3840 ProtectedStorage - ok
13:36:48.0626 3840 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:36:48.0673 3840 Psched - ok
13:36:48.0767 3840 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:36:48.0829 3840 ql2300 - ok
13:36:48.0907 3840 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:36:48.0923 3840 ql40xx - ok
13:36:48.0954 3840 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:36:48.0985 3840 QWAVE - ok
13:36:49.0016 3840 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:36:49.0032 3840 QWAVEdrv - ok
13:36:49.0047 3840 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:36:49.0110 3840 RasAcd - ok
13:36:49.0141 3840 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:36:49.0188 3840 RasAgileVpn - ok
13:36:49.0203 3840 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:36:49.0266 3840 RasAuto - ok
13:36:49.0281 3840 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:36:49.0344 3840 Rasl2tp - ok
13:36:49.0375 3840 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:36:49.0437 3840 RasMan - ok
13:36:49.0453 3840 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:36:49.0515 3840 RasPppoe - ok
13:36:49.0531 3840 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:36:49.0593 3840 RasSstp - ok
13:36:49.0609 3840 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:36:49.0671 3840 rdbss - ok
13:36:49.0687 3840 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:36:49.0703 3840 rdpbus - ok
13:36:49.0734 3840 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:36:49.0781 3840 RDPCDD - ok
13:36:49.0796 3840 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:36:49.0843 3840 RDPENCDD - ok
13:36:49.0859 3840 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:36:49.0905 3840 RDPREFMP - ok
13:36:49.0937 3840 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:36:49.0968 3840 RDPWD - ok
13:36:50.0015 3840 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:36:50.0030 3840 rdyboost - ok
13:36:50.0061 3840 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:36:50.0108 3840 RemoteAccess - ok
13:36:50.0124 3840 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:36:50.0202 3840 RemoteRegistry - ok
13:36:50.0217 3840 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:36:50.0280 3840 RpcEptMapper - ok
13:36:50.0295 3840 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:36:50.0327 3840 RpcLocator - ok
13:36:50.0373 3840 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:36:50.0420 3840 RpcSs - ok
13:36:50.0451 3840 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:36:50.0498 3840 rspndr - ok
13:36:50.0545 3840 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:36:50.0561 3840 RTL8167 - ok
13:36:50.0576 3840 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:36:50.0592 3840 SamSs - ok
13:36:50.0607 3840 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:36:50.0623 3840 sbp2port - ok
13:36:50.0732 3840 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:36:50.0763 3840 SBSDWSCService - ok
13:36:50.0795 3840 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:36:50.0841 3840 SCardSvr - ok
13:36:50.0904 3840 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:36:50.0951 3840 scfilter - ok
13:36:50.0997 3840 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:36:51.0075 3840 Schedule - ok
13:36:51.0107 3840 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:36:51.0138 3840 SCPolicySvc - ok
13:36:51.0169 3840 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:36:51.0200 3840 SDRSVC - ok
13:36:51.0247 3840 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:36:51.0309 3840 secdrv - ok
13:36:51.0325 3840 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:36:51.0372 3840 seclogon - ok
13:36:51.0387 3840 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:36:51.0450 3840 SENS - ok
13:36:51.0450 3840 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:36:51.0481 3840 SensrSvc - ok
13:36:51.0497 3840 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:36:51.0528 3840 Serenum - ok
13:36:51.0543 3840 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:36:51.0575 3840 Serial - ok
13:36:51.0606 3840 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:36:51.0621 3840 sermouse - ok
13:36:51.0653 3840 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:36:51.0699 3840 SessionEnv - ok
13:36:51.0715 3840 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:36:51.0746 3840 sffdisk - ok
13:36:51.0746 3840 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:36:51.0777 3840 sffp_mmc - ok
13:36:51.0793 3840 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:36:51.0824 3840 sffp_sd - ok
13:36:51.0824 3840 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:36:51.0855 3840 sfloppy - ok
13:36:51.0887 3840 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:36:51.0949 3840 SharedAccess - ok
13:36:51.0996 3840 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:36:52.0074 3840 ShellHWDetection - ok
13:36:52.0105 3840 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:36:52.0121 3840 SiSRaid2 - ok
13:36:52.0136 3840 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:36:52.0152 3840 SiSRaid4 - ok
13:36:52.0167 3840 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:36:52.0230 3840 Smb - ok
13:36:52.0277 3840 snapman (d33f37dd403741982dbe99c7b6b6ff63) C:\Windows\system32\DRIVERS\snapman.sys
13:36:52.0292 3840 snapman - ok
13:36:52.0308 3840 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:36:52.0339 3840 SNMPTRAP - ok
13:36:52.0355 3840 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:36:52.0370 3840 spldr - ok
13:36:52.0401 3840 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:36:52.0464 3840 Spooler - ok
13:36:52.0589 3840 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:36:52.0729 3840 sppsvc - ok
13:36:52.0791 3840 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:36:52.0854 3840 sppuinotify - ok
13:36:52.0901 3840 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:36:52.0947 3840 srv - ok
13:36:52.0979 3840 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:36:53.0010 3840 srv2 - ok
13:36:53.0041 3840 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:36:53.0072 3840 srvnet - ok
13:36:53.0103 3840 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:36:53.0166 3840 SSDPSRV - ok
13:36:53.0166 3840 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:36:53.0228 3840 SstpSvc - ok
13:36:53.0244 3840 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:36:53.0259 3840 stexstor - ok
13:36:53.0306 3840 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:36:53.0353 3840 stisvc - ok
13:36:53.0369 3840 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:36:53.0369 3840 swenum - ok
13:36:53.0415 3840 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:36:53.0478 3840 swprv - ok
13:36:53.0571 3840 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:36:53.0649 3840 SysMain - ok
13:36:53.0727 3840 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:36:53.0743 3840 TabletInputService - ok
13:36:53.0774 3840 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:36:53.0837 3840 TapiSrv - ok
13:36:53.0852 3840 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:36:53.0899 3840 TBS - ok
13:36:54.0008 3840 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:36:54.0086 3840 Tcpip - ok
13:36:54.0227 3840 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:36:54.0273 3840 TCPIP6 - ok
13:36:54.0320 3840 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:36:54.0367 3840 tcpipreg - ok
13:36:54.0383 3840 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:36:54.0414 3840 TDPIPE - ok
13:36:54.0461 3840 tdrpman (ac1fc18d04b92bac16cbd85de2a08a0b) C:\Windows\system32\DRIVERS\tdrpman.sys
13:36:54.0492 3840 tdrpman - ok
13:36:54.0523 3840 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:36:54.0539 3840 TDTCP - ok
13:36:54.0570 3840 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:36:54.0601 3840 tdx - ok
13:36:54.0617 3840 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:36:54.0632 3840 TermDD - ok
13:36:54.0679 3840 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:36:54.0757 3840 TermService - ok
13:36:54.0773 3840 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:36:54.0804 3840 Themes - ok
13:36:54.0835 3840 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:36:54.0882 3840 THREADORDER - ok
13:36:54.0929 3840 tifsfilter (3e24b7fe52bc455da8d6e2cc2b4ca23f) C:\Windows\system32\DRIVERS\tifsfilt.sys
13:36:54.0929 3840 tifsfilter - ok
13:36:54.0975 3840 timounter (ec4fd4d147985a97e881729e808e6f34) C:\Windows\system32\DRIVERS\timntr.sys
13:36:55.0007 3840 timounter - ok
13:36:55.0022 3840 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:36:55.0085 3840 TrkWks - ok
13:36:55.0131 3840 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:36:55.0194 3840 TrustedInstaller - ok
13:36:55.0287 3840 TryAndDecideService (abee0a9ed1e0eb558c60f0881132ae32) C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
13:36:55.0319 3840 TryAndDecideService - ok
13:36:55.0350 3840 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:36:55.0412 3840 tssecsrv - ok
13:36:55.0428 3840 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:36:55.0443 3840 TsUsbFlt - ok
13:36:55.0459 3840 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:36:55.0475 3840 TsUsbGD - ok
13:36:55.0506 3840 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:36:55.0568 3840 tunnel - ok
13:36:55.0568 3840 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:36:55.0584 3840 uagp35 - ok
13:36:55.0615 3840 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:36:55.0693 3840 udfs - ok
13:36:55.0709 3840 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:36:55.0740 3840 UI0Detect - ok
13:36:55.0771 3840 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:36:55.0787 3840 uliagpkx - ok
13:36:55.0802 3840 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:36:55.0818 3840 umbus - ok
13:36:55.0849 3840 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:36:55.0865 3840 UmPass - ok
13:36:56.0083 3840 UNS (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:36:56.0161 3840 UNS - ok
13:36:56.0255 3840 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:36:56.0333 3840 upnphost - ok
13:36:56.0364 3840 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:36:56.0379 3840 usbccgp - ok
13:36:56.0411 3840 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:36:56.0442 3840 usbcir - ok
13:36:56.0457 3840 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:36:56.0473 3840 usbehci - ok
13:36:56.0504 3840 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:36:56.0551 3840 usbhub - ok
13:36:56.0567 3840 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:36:56.0598 3840 usbohci - ok
13:36:56.0613 3840 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:36:56.0660 3840 usbprint - ok
13:36:56.0676 3840 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:36:56.0691 3840 usbscan - ok
13:36:56.0723 3840 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:36:56.0754 3840 USBSTOR - ok
13:36:56.0754 3840 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:36:56.0769 3840 usbuhci - ok
13:36:56.0801 3840 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
13:36:56.0832 3840 usb_rndisx - ok
13:36:56.0847 3840 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:36:56.0910 3840 UxSms - ok
13:36:56.0925 3840 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:36:56.0941 3840 VaultSvc - ok
13:36:56.0988 3840 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:36:57.0003 3840 vdrvroot - ok
13:36:57.0035 3840 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:36:57.0113 3840 vds - ok
13:36:57.0175 3840 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:36:57.0237 3840 vga - ok
13:36:57.0300 3840 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:36:57.0409 3840 VgaSave - ok
13:36:57.0518 3840 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:36:57.0549 3840 vhdmp - ok
13:36:57.0643 3840 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:36:57.0674 3840 viaide - ok
13:36:57.0799 3840 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:36:57.0815 3840 volmgr - ok
13:36:57.0955 3840 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:36:57.0986 3840 volmgrx - ok
13:36:58.0017 3840 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:36:58.0033 3840 volsnap - ok
13:36:58.0064 3840 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:36:58.0095 3840 vsmraid - ok
13:36:58.0173 3840 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:36:58.0283 3840 VSS - ok
13:36:58.0345 3840 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:36:58.0376 3840 vwifibus - ok
13:36:58.0407 3840 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:36:58.0470 3840 W32Time - ok
13:36:58.0485 3840 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:36:58.0501 3840 WacomPen - ok
13:36:58.0532 3840 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:36:58.0595 3840 WANARP - ok
13:36:58.0595 3840 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:36:58.0641 3840 Wanarpv6 - ok
13:36:58.0719 3840 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:36:58.0782 3840 wbengine - ok
13:36:58.0860 3840 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:36:58.0891 3840 WbioSrvc - ok
13:36:58.0907 3840 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:36:58.0953 3840 wcncsvc - ok
13:36:58.0969 3840 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:36:59.0000 3840 WcsPlugInService - ok
13:36:59.0031 3840 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:36:59.0047 3840 Wd - ok
13:36:59.0078 3840 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:36:59.0109 3840 Wdf01000 - ok
13:36:59.0141 3840 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:36:59.0172 3840 WdiServiceHost - ok
13:36:59.0172 3840 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:36:59.0203 3840 WdiSystemHost - ok
13:36:59.0219 3840 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:36:59.0281 3840 WebClient - ok
13:36:59.0297 3840 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:36:59.0375 3840 Wecsvc - ok
13:36:59.0390 3840 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:36:59.0437 3840 wercplsupport - ok
13:36:59.0468 3840 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:36:59.0515 3840 WerSvc - ok
13:36:59.0577 3840 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:36:59.0624 3840 WfpLwf - ok
13:36:59.0640 3840 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:36:59.0655 3840 WIMMount - ok
13:36:59.0671 3840 WinDefend - ok
13:36:59.0671 3840 WinHttpAutoProxySvc - ok
13:36:59.0718 3840 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:36:59.0780 3840 Winmgmt - ok
13:36:59.0874 3840 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:36:59.0967 3840 WinRM - ok
13:37:00.0092 3840 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:37:00.0155 3840 Wlansvc - ok
13:37:00.0201 3840 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:37:00.0217 3840 WmiAcpi - ok
13:37:00.0264 3840 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:37:00.0311 3840 wmiApSrv - ok
13:37:00.0357 3840 WMPNetworkSvc - ok
13:37:00.0373 3840 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:37:00.0389 3840 WPCSvc - ok
13:37:00.0404 3840 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:37:00.0435 3840 WPDBusEnum - ok
13:37:00.0451 3840 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:37:00.0498 3840 ws2ifsl - ok
13:37:00.0513 3840 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:37:00.0560 3840 wscsvc - ok
13:37:00.0560 3840 WSearch - ok
13:37:00.0669 3840 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:37:00.0763 3840 wuauserv - ok
13:37:00.0841 3840 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:37:00.0888 3840 WudfPf - ok
13:37:00.0919 3840 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:37:00.0981 3840 WUDFRd - ok
13:37:01.0013 3840 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:37:01.0059 3840 wudfsvc - ok
13:37:01.0075 3840 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:37:01.0122 3840 WwanSvc - ok
13:37:01.0153 3840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:37:01.0387 3840 \Device\Harddisk0\DR0 - ok
13:37:01.0387 3840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:37:01.0465 3840 \Device\Harddisk1\DR1 - ok
13:37:01.0465 3840 Boot (0x1200) (f4638989264ad1d365ea18868f3a0950) \Device\Harddisk0\DR0\Partition0
13:37:01.0465 3840 \Device\Harddisk0\DR0\Partition0 - ok
13:37:01.0496 3840 Boot (0x1200) (e0c0c4f4239ad774549fa67f546f59da) \Device\Harddisk0\DR0\Partition1
13:37:01.0496 3840 \Device\Harddisk0\DR0\Partition1 - ok
13:37:01.0512 3840 Boot (0x1200) (293d7da50a095c728b3f66c9fb91799b) \Device\Harddisk0\DR0\Partition2
13:37:01.0512 3840 \Device\Harddisk0\DR0\Partition2 - ok
13:37:01.0512 3840 Boot (0x1200) (37a499a0a0aa04b0ff1611abe08286ff) \Device\Harddisk1\DR1\Partition0
13:37:01.0512 3840 \Device\Harddisk1\DR1\Partition0 - ok
13:37:01.0512 3840 ============================================================
13:37:01.0512 3840 Scan finished
13:37:01.0512 3840 ============================================================
13:37:01.0527 2020 Detected object count: 2
13:37:01.0527 2020 Actual detected object count: 2
13:38:30.0182 2020 cbVSCService ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:30.0182 2020 cbVSCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:38:30.0182 2020 HTCAND64 ( UnsignedFile.Multi.Generic ) - skipped by user
13:38:30.0182 2020 HTCAND64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:13.0570 2672 Deinitialize success
|
|
| Themen zu Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen |
| .dll, administrator, anti-malware, autostart, code, datei, dateien, explorer, folge, folgendes, heuristiks/extra, heuristiks/shuriken, malwarebytes, minute, neu, nichts, problem, registrierung, scan, scannen, scanner, service, sorge, speicher, system, version, verursacht |
Button.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
