| |
| |||||||
Log-Analyse und Auswertung: fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
03.03.2013, 01:55
| #1 |
| |  fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr Hallo erstmal, und ein dickes dankeschön an alle, die sich die Mühe machen sich durch mein Problem zu forsten. Seit einiger Zeit kommt (manchmal) bei Google statt eines Suchergebnisses ein Captcha, da mein traffic wohl verdächtig ist. Nach Eingabe des Captchas bekomme ich zwar meine Suchergebnisse, aber die vermeintliche Schadsoftware dürfte dann wohl genauso unbehelligt weiter machen wie ich - alle scans, die ich daraufhin durchgeführt habe, waren ohne Befund: MS Essentials, Avira, McAffee Stinger. Genervt von einem erneuten Captcha, brachte ein Blick auf meinen Router gestern (NAT Active Sessions Table) dann so etwas zu Tage (beispielsweise, wechselt ständig): Code:
ATTFilter Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50225 29006 89.1.11.151 443 3 3
oder
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50225 29006 89.1.11.151 443 3 3
192.168.1.50 50371 847 173.194.69.101 80 3 6
192.168.1.50 50373 1359 173.194.69.100 80 3 6
192.168.1.50 50375 1871 173.194.69.102 80 3 6
192.168.1.50 50377 2383 173.194.69.139 80 3 6
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50641 4428 173.194.69.113 80 3 6
192.168.1.50 50646 5708 89.1.11.151 443 3 3
192.168.1.50 50225 29006 89.1.11.151 443 3 3
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50646 5708 89.1.11.151 443 3 3
192.168.1.50 50759 34636 173.194.69.155 80 3 6
192.168.1.50 50771 37708 173.194.69.102 80 3 6
192.168.1.50 50781 40268 85.13.130.30 80 3 6
192.168.1.50 50783 40780 85.13.130.30 80 3 6
192.168.1.50 50225 29006 89.1.11.151 443 3 3
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50646 5708 89.1.11.151 443 3 3
192.168.1.50 50953 18765 173.194.69.103 443 3 6
192.168.1.50 50959 20301 173.194.69.94 443 3 6
192.168.1.50 50961 20813 173.194.69.94 443 3 6
192.168.1.50 50962 21069 173.194.69.120 443 3 6
192.168.1.50 50225 29006 89.1.11.151 443 3 3
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50646 5708 89.1.11.151 443 3 3
192.168.1.50 50225 29006 89.1.11.151 443 3 3
192.168.1.50 51394 591 173.194.69.113 80 3 6
192.168.1.50 51402 2639 173.194.69.113 80 3 3
192.168.1.50 51438 11855 85.13.130.30 80 3 3
192.168.1.50 51448 14415 173.194.69.156 80 3 6
Private IP :Port #Pseudo Port Peer IP :Port Ifno Status
-------------------------------------------------------------------------------
192.168.1.50 50646 5708 89.1.11.151 443 3 3
192.168.1.50 50225 29006 89.1.11.151 443 3 3
192.168.1.50 51605 54607 173.194.69.99 443 3 6
192.168.1.50 51607 55119 173.194.69.94 443 3 6
192.168.1.50 51608 55375 173.194.69.120 443 3 6
192.168.1.50 51624 59471 173.194.69.94 80 3 6
192.168.1.50 51632 61519 23.43.116.211 80 3 6
192.168.1.50 51640 63567 23.43.118.41 80 3 6
192.168.1.50 51642 64079 23.43.118.41 80 3 6
192.168.1.50 51644 64591 23.43.118.41 80 3 6
192.168.1.50 51646 65103 23.43.118.41 80 3 6
192.168.1.50 51648 84 23.43.118.41 80 3 6
192.168.1.50 51650 596 23.43.118.41 80 3 6
192.168.1.50 51652 1108 23.43.118.41 80 3 6
192.168.1.50 51654 1620 23.43.118.41 80 3 6
192.168.1.50 51656 2132 23.43.118.41 80 3 6
192.168.1.50 51658 2644 23.43.118.41 80 3 6
192.168.1.50 51660 3156 23.43.118.41 80 3 6
192.168.1.50 51662 3668 23.43.118.41 80 3 6
192.168.1.50 51664 4180 23.43.118.41 80 3 6
192.168.1.50 51666 4692 23.43.118.41 80 3 6
192.168.1.50 51668 5204 23.43.118.41 80 3 6
192.168.1.50 51670 5716 23.43.118.41 80 3 6
192.168.1.50 51676 7252 23.43.118.41 80 3 6
192.168.1.50 51678 7764 23.43.118.41 80 3 6
192.168.1.50 51680 8276 23.43.118.41 80 3 6
192.168.1.50 51682 8788 23.43.118.41 80 3 6
192.168.1.50 51684 9300 23.43.118.41 80 3 6
192.168.1.50 51686 9812 85.13.130.30 80 3 2
192.168.1.50 51688 10324 173.194.69.95 80 3 6
192.168.1.50 51690 10836 173.194.69.95 80 3 6
192.168.1.50 51692 11348 85.13.130.30 80 3 2
192.168.1.50 51694 11860 85.13.130.30 80 3 6
192.168.1.50 51696 12372 173.194.69.156 80 3 6
192.168.1.50 51698 12884 85.13.130.30 80 3 6
192.168.1.50 51700 13396 85.13.130.30 80 3 6
192.168.1.50 51702 13908 85.13.130.30 80 3 6
192.168.1.50 51708 15444 50.19.254.195 80 3 4
Außerdem hängt sich mein Router (nur nachts!) regelmäßig einmalig auf und erkennt keinerlei Signale mehr, soll heißen die ADSL Spectrum Analyse (ein Menüpunkt im Vigor) zeigt statt grüner Balken nur noch schwarz - interpretieren kann ich die Anzeige (BIN-bits/Gain/SNR) nicht. Ohne Kaltstart des Routers kommt aber kein internet mehr an. Da ich den traffic äußerst suspekt fand, wollte ich generell alle ssh-Verbindungen über die Firewall-Einstellungen des Routers blocken, um mich um den Rechner zu kümmern, ohne dass mir irgendwer/was dazwischen funkt. Nachdem ich meinte erfolgreich die Regeln eingepflegt zu haben (sie wurden angezeigt und ich war gerade dabei zu überprüfen, dass ich mein externes Email-Postfach nicht mehr erreichen kann), wurden die Default-Call-Filter gelöscht! Die Data-Filter, die ich gerade aufgesetzt hatte, waren deaktiviert! Kurz entschlossen (eher panisch) habe ich meinen Rechner mit der recovery-partition neu installiert (dem Router hatte ich bereits ohne bestehende Internet-Verbindung ein neues Kennwort verpasst) - aber ich hatte sofort wieder aktive sessions. Eine IP die eindeutig barclaycards zuzuordnen ist taucht seitdem nicht mehr auf. Auch ist die Liste der Verbindungen deutlich kleiner geworden. Non-TCP Verbindungen habe ich seitdem auch nicht mehr beobachtet. Weder die Windows Essentials noch Avira haben jemals Alarm geschlagen und waren immer hoch-aktuell, genauso wie Firefox, Adobes Flash, deren Reader und Oracles Java, womit ich dachte die gröbsten Einfallstore dicht zu haben. Der Task-Manager zeigt Prozesse ohne User/Beschreibung und teilweise doppelt an:
Malwarebytes hatte Rogue.ControlCenter erkannt (den ich sehr wahrscheinlich ursprünglich über den PDF-Creator von chip-online reingewürgt bekam). Auch nach dem recovery gerade, pures Windows im Auslieferungszustand ohne jede weitere Installation, war Rogue sofort wieder drauf. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.02.12 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Hildebrandt :: Acon [Administrator] Schutz: Aktiviert 02.03.2013 22:19:24 MBAM-log-2013-03-02 (22-27-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195339 Laufzeit: 4 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Public\Desktop\Control Center.lnk (Rogue.ControlCenter) -> Keine Aktion durchgeführt. (Ende) --- Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.02.12 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Hildebrandt :: Acon [Administrator] Schutz: Aktiviert 02.03.2013 22:19:24 mbam-log-2013-03-02 (22-19-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195339 Laufzeit: 4 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Public\Desktop\Control Center.lnk (Rogue.ControlCenter) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OldTimer laufen lassen: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.03.2013 22:45:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hildebrandt\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,14% Memory free 5,99 Gb Paging File | 4,67 Gb Available in Paging File | 77,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 880,99 Gb Free Space | 97,84% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 18,50 Gb Free Space | 61,66% Space Free | Partition Type: NTFS Computer Name: ACON | User Name: Hildebrandt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe PRC - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe PRC - [2013.03.02 22:17:05 | 000,304,464 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuard.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe PRC - [2009.12.29 18:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe PRC - [2009.11.02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.07.01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2009.11.02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.07.01 18:03:24 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2009.06.18 09:34:14 | 000,099,664 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll MOD - [2009.04.06 11:33:14 | 000,061,952 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\zlib1.dll MOD - [2009.04.06 11:33:08 | 000,380,928 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\libxml2.dll ========== Services (SafeList) ========== SRV - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BgLiveSvc) SRV - [2013.03.02 22:17:05 | 000,079,184 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BgMainSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv) SRV - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.16 13:20:18 | 000,087,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy.dll -- (BsMailProxy) SRV - [2009.04.06 11:32:54 | 000,132,432 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.01.07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.12.22 13:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.12.16 10:14:14 | 000,991,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.12.03 11:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.29 11:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 11:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009.10.13 13:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.07.01 12:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2009.01.23 14:48:56 | 000,055,504 | ---- | M] (BullGuard Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy) DRV - [2005.12.08 14:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Programme\RemoteKeySrv\GENPORT.sys -- (genport) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\SearchScopes,DefaultScope = {AE9E4319-3461-420B-A361-7E84A055E257} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AE9E4319-3461-420B-A361-7E84A055E257}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.01.08 11:06:16 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.02 22:14:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.02 22:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hildebrandt\AppData\Roaming\mozilla\Extensions [2013.03.02 22:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92769A46-3929-47A2-B76D-CCF55D949C5B}: DhcpNameServer = 10.41.20.10 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.02 22:44:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe [2013.03.02 22:17:42 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Malwarebytes [2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.02 22:17:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.02 22:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.02 22:17:14 | 000,087,376 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2013.03.02 22:17:14 | 000,014,160 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll [2013.03.02 22:17:12 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Programs [2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Mozilla [2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Mozilla [2013.03.02 22:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.02 22:11:10 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Macromedia [2013.03.02 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Adobe [2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Broadcom [2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\Documents\Bluetooth-Exchange-Ordner [2013.03.02 21:57:05 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\BullGuard [2013.03.02 21:57:04 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Power2Go [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Searches [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.02 21:56:49 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Identities [2013.03.02 21:56:48 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Contacts [2013.03.02 21:56:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.02 21:56:27 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\VirtualStore [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Vorlagen [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Verlauf [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Temporary Internet Files [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Startmenü [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\SendTo [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Recent [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Netzwerkumgebung [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Lokale Einstellungen [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Videos [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Musik [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Eigene Dateien [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Bilder [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Druckumgebung [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Cookies [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Anwendungsdaten [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Anwendungsdaten [2013.03.02 21:56:24 | 000,000,000 | --SD | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Videos [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Saved Games [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Pictures [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Music [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Links [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Favorites [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Downloads [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Documents [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Desktop [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.02 21:56:24 | 000,000,000 | -H-D | C] -- C:\Users\Hildebrandt\AppData [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Temp [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Microsoft [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Media Center Programs [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.02 21:56:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution ========== Files - Modified Within 30 Days ========== [2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe [2013.03.02 22:43:00 | 000,000,000 | ---- | M] () -- C:\Users\Hildebrandt\defogger_reenable [2013.03.02 22:41:34 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 22:41:34 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 22:38:51 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.02 22:38:51 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.02 22:38:51 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.02 22:38:51 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.02 22:31:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.02 22:31:37 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 22:17:31 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 22:17:14 | 000,087,376 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2013.03.02 22:17:14 | 000,014,160 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll [2013.03.02 22:14:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.02 21:55:11 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2013.03.02 22:43:00 | 000,000,000 | ---- | C] () -- C:\Users\Hildebrandt\defogger_reenable [2013.03.02 22:17:31 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 22:14:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.02 21:56:58 | 000,001,417 | ---- | C] () -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.02 21:16:59 | 2414,432,256 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.03.02 21:57:13 | 000,000,000 | ---D | M] -- C:\Users\Hildebrandt\AppData\Roaming\BullGuard ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.03.2013 22:45:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hildebrandt\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,14% Memory free
5,99 Gb Paging File | 4,67 Gb Available in Paging File | 77,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 880,99 Gb Free Space | 97,84% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 18,50 Gb Free Space | 61,66% Space Free | Partition Type: NTFS
Computer Name: ACON | User Name: Hildebrandt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45F5358D-58AD-4E2F-8A9C-A3E2599D82DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{58497DDA-AE32-45D0-BD11-BA8BD7BBF700}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E82D9F-40B5-4D10-BB8C-562A0C754137}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{16B68B53-0307-49A8-8ADE-6A7B014C411E}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{3FAAF35C-AA05-48D9-8079-48A42DCEBBCF}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe |
"{41451582-CF6B-4D01-847B-1C40EE851168}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe |
"{4219C811-AF72-4F2D-BCAF-75817A92F588}" = dir=in | app=c:\program files\cyberlink\youmemo\youmemo.exe |
"{5E533F78-0E51-4D4A-A69D-0930EBF1B77D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{69801E10-B0C6-4BA5-B187-3FA83EA23831}" = dir=in | app=c:\program files\cyberlink\youmemo\pcmservice.exe |
"{7230ADDB-FE58-4D7F-B50E-B8DA28F17FAA}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe |
"{76CCB166-4C34-4395-81FD-E244C9262695}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{89CADAE9-2679-41F1-8C78-C912481E1BE9}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{9112CBE4-20CF-42B8-875B-F6451B5D4E3D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{ACA53645-D65A-402A-8C62-3AECCC229810}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BDED4097-A2EC-41B9-BC6F-F2935633644C}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{C27AB3D2-CB54-4569-B2FC-F5C817CA6297}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D24DDF98-7CBD-4590-9952-F2B398E89AB4}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dms\clmsservice.exe |
"{E6FCF82F-3281-400E-80BF-C04E4303D9A6}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{EA510B3E-6A62-4367-8F70-8FA807D5A5C6}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dmp\clbrowserengine.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}" = RemoteKeySrv
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{714F1BA5-F95E-4821-AA70-D30BBE04A5FF}" = NextWindow Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"BullGuard" = BullGuard 8.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.03.2013 17:07:51 | Computer Name = Acon | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.03.2013 17:32:16 | Computer Name = Acon | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 02.03.2013 16:18:58 | Computer Name = WIN-L8H6EQD96SM | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard File Scan Service" wurde nicht richtig gestartet.
Error - 02.03.2013 16:19:00 | Computer Name = WIN-L8H6EQD96SM | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard Email Monitoring Service" wurde nicht richtig
gestartet.
Error - 02.03.2013 16:56:00 | Computer Name = Acon | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard File Scan Service" wurde nicht richtig gestartet.
Error - 02.03.2013 16:56:02 | Computer Name = Acon | Source = Service Control Manager | ID = 7022
Description = Der Dienst "BullGuard Email Monitoring Service" wurde nicht richtig
gestartet.
< End of report >
Gmer Beim Start hatte mich gleich die erste Zeile verwundert: device\harddisk0\DR0 unknown MBR code ... kurz danach kam ein blue screen: irqnotless ... aber das Speicherabbild war schneller erstellt wie ich lesen konnte. Nach dem erzwungenen Neustart GMER nochmal ausgeführt [CODE] GMER Logfile: Code:
ATTFilter GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-02 23:07:04
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\HILDEB~1\AppData\Local\Temp\fgldrpog.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83058579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs BdFileSpy.sys (BullGuard File Monitor (x86)/BullGuard Ltd.)
Device \Driver\BTHUSB \Device\00000093 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000093 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000095 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000095 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BsFileScan\Statistics@UiTotalScans 7666
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a14f3d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a15499
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6003335
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60bb8b2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a14f3d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a15499 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6003335 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60bb8b2 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Habe dann nochmal OTL laufen lassen, aber scan statt quick-scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.03.2013 23:37:27 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hildebrandt\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,36% Memory free 5,99 Gb Paging File | 4,62 Gb Available in Paging File | 77,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 880,54 Gb Free Space | 97,79% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 18,50 Gb Free Space | 61,66% Space Free | Partition Type: NTFS Computer Name: ACON | User Name: Hildebrandt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe PRC - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe PRC - [2009.12.29 18:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe PRC - [2009.11.02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.07.01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2009.11.02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.07.01 18:03:24 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ========== Services (SafeList) ========== SRV - [2013.03.02 22:17:07 | 000,308,560 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BgLiveSvc) SRV - [2013.03.02 22:17:05 | 000,079,184 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BgMainSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010.01.08 14:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv) SRV - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.16 13:20:18 | 000,087,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy.dll -- (BsMailProxy) SRV - [2009.04.06 11:32:54 | 000,132,432 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\HILDEB~1\AppData\Local\Temp\fgldrpog.sys -- (fgldrpog) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.01.07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.12.22 13:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.12.16 10:14:14 | 000,991,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.12.03 11:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.29 11:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 11:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009.10.13 13:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.07.01 12:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2009.01.23 14:48:56 | 000,055,504 | ---- | M] (BullGuard Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy) DRV - [2005.12.08 14:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Programme\RemoteKeySrv\GENPORT.sys -- (genport) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\SearchScopes,DefaultScope = {AE9E4319-3461-420B-A361-7E84A055E257} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AE9E4319-3461-420B-A361-7E84A055E257}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.01.08 11:06:16 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.02 22:14:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.02 22:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hildebrandt\AppData\Roaming\mozilla\Extensions [2013.03.02 22:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKCU..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92769A46-3929-47A2-B76D-CCF55D949C5B}: DhcpNameServer = 10.41.20.10 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C01B1037-EBDE-4812-918C-42D7B7594353}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.02 23:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.03.02 23:00:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.03.02 22:44:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe [2013.03.02 22:17:42 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Malwarebytes [2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.02 22:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.02 22:17:29 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.02 22:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.02 22:17:14 | 000,087,376 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2013.03.02 22:17:14 | 000,014,160 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll [2013.03.02 22:17:12 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Programs [2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Mozilla [2013.03.02 22:14:17 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Mozilla [2013.03.02 22:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.02 22:12:41 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2013.03.02 22:11:10 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Macromedia [2013.03.02 22:11:08 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Adobe [2013.03.02 22:08:39 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2013.03.02 22:08:39 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2013.03.02 22:08:23 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2013.03.02 22:08:23 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2013.03.02 22:08:23 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2013.03.02 22:08:16 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2013.03.02 22:08:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Broadcom [2013.03.02 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\Documents\Bluetooth-Exchange-Ordner [2013.03.02 21:57:05 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\BullGuard [2013.03.02 21:57:04 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Power2Go [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Searches [2013.03.02 21:56:56 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.02 21:56:49 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Identities [2013.03.02 21:56:48 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Contacts [2013.03.02 21:56:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.02 21:56:27 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\VirtualStore [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Vorlagen [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Verlauf [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Temporary Internet Files [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Startmenü [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\SendTo [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Recent [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Netzwerkumgebung [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Lokale Einstellungen [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Videos [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Musik [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Eigene Dateien [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Documents\Eigene Bilder [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Druckumgebung [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Cookies [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\AppData\Local\Anwendungsdaten [2013.03.02 21:56:26 | 000,000,000 | -HSD | C] -- C:\Users\Hildebrandt\Anwendungsdaten [2013.03.02 21:56:24 | 000,000,000 | --SD | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Videos [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Saved Games [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Pictures [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Music [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Links [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Favorites [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Downloads [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Documents [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\Desktop [2013.03.02 21:56:24 | 000,000,000 | R--D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.02 21:56:24 | 000,000,000 | -H-D | C] -- C:\Users\Hildebrandt\AppData [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Temp [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Local\Microsoft [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Media Center Programs [2013.03.02 21:56:24 | 000,000,000 | ---D | C] -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.02 21:56:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.02 21:56:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution ========== Files - Modified Within 30 Days ========== [2013.03.02 23:07:37 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 23:07:37 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 23:04:34 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.02 23:04:34 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.02 23:04:34 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.02 23:04:34 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.02 23:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.02 23:00:12 | 370,732,657 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.02 23:00:07 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 22:55:03 | 000,377,856 | ---- | M] () -- C:\Users\Hildebrandt\Desktop\gmer_2.1.19115.exe [2013.03.02 22:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hildebrandt\Desktop\OTL.exe [2013.03.02 22:43:00 | 000,000,000 | ---- | M] () -- C:\Users\Hildebrandt\defogger_reenable [2013.03.02 22:17:31 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 22:17:14 | 000,087,376 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2013.03.02 22:17:14 | 000,014,160 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\client_cc.dll [2013.03.02 22:14:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.02 21:55:11 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2013.03.02 23:00:12 | 370,732,657 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.03.02 22:55:01 | 000,377,856 | ---- | C] () -- C:\Users\Hildebrandt\Desktop\gmer_2.1.19115.exe [2013.03.02 22:43:00 | 000,000,000 | ---- | C] () -- C:\Users\Hildebrandt\defogger_reenable [2013.03.02 22:17:31 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 22:14:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.02 21:56:58 | 000,001,417 | ---- | C] () -- C:\Users\Hildebrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.02 21:16:59 | 2414,432,256 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Langer Rede kurzer Sinn, ich kann mir gratulieren  , bin erfolgreich verseucht, habe einen Zombie und kein Scanner findet nix  ! Zumindest nichts konkretes außer, dass mein Startsektor verbogen ist  Aber so ohne jeden Hinweis womit ich es da zutun habe, mag ich nicht wirklich irgendein tool rüber laufen lassen  und vielleicht gibt's ja jemanden, der so etwas interessant findet.Jede Hilfestellung und jeder weitere Hinweis wird dankend angenommen. heiter weiter  Geändert von hinundher (03.03.2013 um 02:24 Uhr) |
|
04.03.2013, 10:18
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr Hallo,
__________________Zitat:
Welche Probleme sind dann dem Recovern jetzt noch konkret offen? Zudem seh ich nichts an SSH-Verbindungen in dem ersten Log von dir, da seh ich nur http und https Verbindungen. Zitat:
__________________ |
|
05.03.2013, 14:58
| #3 |
| | fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr danke für die Antwort,
__________________habe in meiner Unsicherheit dann auch noch ssl und https durcheinander gebracht, sry. //panic mode off Irgend etwas scheint gewesen zu sein oder evtl immer noch zu sein, da selbst nach dem recovery immer wieder Malwarebytes aus der Taskleiste mit einer Nachrichtenblase hoch kam, mit dem Hinweis eine Verbindung zu blocken, obwohl ich selber nichts aktiv am Rechner gemacht habe. Sophos hatte auch nichts gefunden und Kaspersky ließ sich gar nicht erst installieren, statt dessen wurde der Rechner immer wieder neu gestartet. Nach erneutem recovery bin ich derzeit dabei den Rechner stückchenweise zu installieren. Router Aktivitäten werden im syslog protokolliert, MalwareBytes kommt gleich wieder drauf. Patient steht dann unter beobachtung. Die ständigen captcha Aufforderungen von google sind sehr irritierend, können aber wohl auch daher kommen, dass ich meinen Router regelmäßig ausschalte - und dann eben eine ip erhalte auf der vorher verdächtiger traffic lief. |
|
05.03.2013, 15:00
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.03.2013, 17:18
| #5 |
| |  fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr Wie angedroht, MalwareBytes installiert, quick-scan: Rogue.ControlCenter gefunden. Allerdings, wie beschrieben (http://www.trojaner-board.de/80623-c...entfernen.html) finde ich weder als Datei noch in der Registry Hinweise auf die Existenz von
--- aswMBR meckert nur bei der MS Antimalware Signatur Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-05 15:48:26
-----------------------------
15:48:26.832 OS Version: Windows 6.1.7601 Service Pack 1
15:48:26.832 Number of processors: 2 586 0x170A
15:48:26.832 ComputerName: ACON UserName:
15:48:29.406 Initialize success
15:50:34.311 AVAST engine defs: 13030500
15:50:56.510 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:50:56.510 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
15:50:56.541 Disk 0 MBR read successfully
15:50:56.541 Disk 0 MBR scan
15:50:56.572 Disk 0 unknown MBR code
15:50:56.572 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:50:56.635 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 922021 MB offset 206848
15:50:56.682 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 1888507904
15:50:56.744 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
15:50:56.775 Disk 0 scanning sectors +1953521664
15:50:56.884 Disk 0 scanning C:\Windows\system32\drivers
15:51:13.452 Service scanning
15:51:24.808 Service MpKsl9113f8e8 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE5E4C56-E308-4425-AF88-B418B7D87C3A}\MpKsl9113f8e8.sys **LOCKED** 32
15:51:41.969 Modules scanning
15:51:49.020 Disk 0 trace - called modules:
15:51:49.051 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
15:51:49.067 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8819b030]
15:51:49.067 3 CLASSPNP.SYS[8b9a959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x859a0028]
15:51:52.296 AVAST engine scan C:\Windows
15:52:02.342 AVAST engine scan C:\Windows\system32
15:57:36.678 AVAST engine scan C:\Windows\system32\drivers
15:58:31.090 AVAST engine scan C:\Users\Admin
16:00:01.524 AVAST engine scan C:\ProgramData
16:00:48.215 Scan finished successfully
16:02:37.867 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
16:02:37.883 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
Code:
ATTFilter 16:05:00.0665 2344 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:05:00.0836 2344 ============================================================
16:05:00.0836 2344 Current date / time: 2013/03/05 16:05:00.0836
16:05:00.0836 2344 SystemInfo:
16:05:00.0836 2344
16:05:00.0836 2344 OS Version: 6.1.7601 ServicePack: 1.0
16:05:00.0836 2344 Product type: Workstation
16:05:00.0836 2344 ComputerName: ACON
16:05:00.0836 2344 UserName: Admin
16:05:00.0836 2344 Windows directory: C:\Windows
16:05:00.0836 2344 System windows directory: C:\Windows
16:05:00.0836 2344 Processor architecture: Intel x86
16:05:00.0836 2344 Number of processors: 2
16:05:00.0836 2344 Page size: 0x1000
16:05:00.0836 2344 Boot type: Normal boot
16:05:00.0836 2344 ============================================================
16:05:01.0804 2344 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:05:01.0835 2344 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:05:01.0835 2344 ============================================================
16:05:01.0835 2344 \Device\Harddisk0\DR0:
16:05:01.0835 2344 MBR partitions:
16:05:01.0835 2344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:05:01.0835 2344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x708D2800
16:05:01.0835 2344 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x70905800, BlocksNum 0x3C00000
16:05:01.0835 2344 \Device\Harddisk1\DR1:
16:05:01.0835 2344 MBR partitions:
16:05:01.0835 2344 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x28, BlocksNum 0x777FD7
16:05:01.0835 2344 ============================================================
16:05:01.0850 2344 C: <-> \Device\Harddisk0\DR0\Partition2
16:05:01.0897 2344 D: <-> \Device\Harddisk0\DR0\Partition3
16:05:01.0897 2344 ============================================================
16:05:01.0897 2344 Initialize success
16:05:01.0897 2344 ============================================================
16:05:17.0232 1188 ============================================================
16:05:17.0232 1188 Scan started
16:05:17.0232 1188 Mode: Manual; SigCheck; TDLFS;
16:05:17.0232 1188 ============================================================
16:05:17.0497 1188 ================ Scan system memory ========================
16:05:17.0497 1188 System memory - ok
16:05:17.0497 1188 ================ Scan services =============================
16:05:17.0638 1188 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:05:17.0731 1188 1394ohci - ok
16:05:17.0762 1188 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:05:17.0778 1188 ACPI - ok
16:05:17.0794 1188 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:05:17.0825 1188 AcpiPmi - ok
16:05:17.0887 1188 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:05:17.0903 1188 adp94xx - ok
16:05:17.0934 1188 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:05:17.0950 1188 adpahci - ok
16:05:17.0965 1188 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:05:17.0981 1188 adpu320 - ok
16:05:18.0012 1188 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:05:18.0028 1188 AeLookupSvc - ok
16:05:18.0090 1188 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:05:18.0121 1188 AFD - ok
16:05:18.0152 1188 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:05:18.0152 1188 agp440 - ok
16:05:18.0184 1188 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:05:18.0199 1188 aic78xx - ok
16:05:18.0230 1188 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:05:18.0246 1188 ALG - ok
16:05:18.0262 1188 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:05:18.0277 1188 aliide - ok
16:05:18.0277 1188 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:05:18.0293 1188 amdagp - ok
16:05:18.0355 1188 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:05:18.0371 1188 amdide - ok
16:05:18.0449 1188 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:05:18.0496 1188 AmdK8 - ok
16:05:18.0511 1188 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:05:18.0542 1188 AmdPPM - ok
16:05:18.0558 1188 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:05:18.0574 1188 amdsata - ok
16:05:18.0589 1188 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:05:18.0605 1188 amdsbs - ok
16:05:18.0620 1188 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:05:18.0620 1188 amdxata - ok
16:05:18.0667 1188 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:05:18.0683 1188 AppID - ok
16:05:18.0714 1188 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:05:18.0745 1188 AppIDSvc - ok
16:05:18.0808 1188 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:05:18.0854 1188 Appinfo - ok
16:05:18.0886 1188 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:05:18.0901 1188 arc - ok
16:05:18.0901 1188 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:05:18.0917 1188 arcsas - ok
16:05:18.0948 1188 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:05:18.0979 1188 AsyncMac - ok
16:05:18.0995 1188 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:05:19.0010 1188 atapi - ok
16:05:19.0057 1188 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:05:19.0088 1188 AudioEndpointBuilder - ok
16:05:19.0088 1188 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:05:19.0120 1188 Audiosrv - ok
16:05:19.0166 1188 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:05:19.0244 1188 AxInstSV - ok
16:05:19.0276 1188 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:05:19.0307 1188 b06bdrv - ok
16:05:19.0322 1188 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:05:19.0354 1188 b57nd60x - ok
16:05:19.0385 1188 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:05:19.0416 1188 BDESVC - ok
16:05:19.0416 1188 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:05:19.0447 1188 Beep - ok
16:05:19.0478 1188 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:05:19.0541 1188 BFE - ok
16:05:19.0603 1188 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
16:05:19.0650 1188 BITS - ok
16:05:19.0666 1188 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:05:19.0681 1188 blbdrive - ok
16:05:19.0712 1188 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:05:19.0759 1188 bowser - ok
16:05:19.0759 1188 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:05:19.0806 1188 BrFiltLo - ok
16:05:19.0822 1188 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:05:19.0853 1188 BrFiltUp - ok
16:05:19.0868 1188 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:05:19.0915 1188 Browser - ok
16:05:19.0946 1188 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:05:19.0978 1188 Brserid - ok
16:05:19.0993 1188 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:05:20.0009 1188 BrSerWdm - ok
16:05:20.0024 1188 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:05:20.0056 1188 BrUsbMdm - ok
16:05:20.0087 1188 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:05:20.0118 1188 BrUsbSer - ok
16:05:20.0165 1188 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:05:20.0212 1188 BthEnum - ok
16:05:20.0227 1188 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:05:20.0243 1188 BTHMODEM - ok
16:05:20.0274 1188 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:05:20.0290 1188 BthPan - ok
16:05:20.0321 1188 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:05:20.0336 1188 BTHPORT - ok
16:05:20.0368 1188 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:05:20.0399 1188 bthserv - ok
16:05:20.0414 1188 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:05:20.0430 1188 BTHUSB - ok
16:05:20.0461 1188 [ 92C5B845803F3662637EB691AC0B250F ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
16:05:20.0477 1188 btusbflt - ok
16:05:20.0508 1188 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:05:20.0524 1188 btwaudio - ok
16:05:20.0539 1188 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
16:05:20.0555 1188 btwavdt - ok
16:05:20.0633 1188 [ F7434401AE320BB97903A3C1865242FB ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:05:20.0664 1188 btwdins - ok
16:05:20.0664 1188 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:05:20.0680 1188 btwl2cap - ok
16:05:20.0695 1188 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:05:20.0695 1188 btwrchid - ok
16:05:20.0711 1188 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:05:20.0742 1188 cdfs - ok
16:05:20.0789 1188 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:05:20.0804 1188 cdrom - ok
16:05:20.0851 1188 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:05:20.0898 1188 CertPropSvc - ok
16:05:20.0914 1188 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:05:20.0929 1188 circlass - ok
16:05:20.0945 1188 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:05:20.0960 1188 CLFS - ok
16:05:21.0007 1188 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:21.0023 1188 clr_optimization_v2.0.50727_32 - ok
16:05:21.0038 1188 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:05:21.0054 1188 CmBatt - ok
16:05:21.0070 1188 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:05:21.0070 1188 cmdide - ok
16:05:21.0101 1188 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:05:21.0116 1188 CNG - ok
16:05:21.0148 1188 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:05:21.0163 1188 Compbatt - ok
16:05:21.0194 1188 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:05:21.0210 1188 CompositeBus - ok
16:05:21.0210 1188 COMSysApp - ok
16:05:21.0241 1188 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:05:21.0257 1188 crcdisk - ok
16:05:21.0288 1188 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:05:21.0335 1188 CryptSvc - ok
16:05:21.0397 1188 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:05:21.0444 1188 DcomLaunch - ok
16:05:21.0460 1188 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:05:21.0491 1188 defragsvc - ok
16:05:21.0538 1188 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:05:21.0569 1188 DfsC - ok
16:05:21.0616 1188 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:05:21.0647 1188 Dhcp - ok
16:05:21.0647 1188 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:05:21.0678 1188 discache - ok
16:05:21.0694 1188 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:05:21.0694 1188 Disk - ok
16:05:21.0740 1188 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:05:21.0772 1188 Dnscache - ok
16:05:21.0787 1188 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:05:21.0834 1188 dot3svc - ok
16:05:21.0881 1188 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:05:21.0912 1188 DPS - ok
16:05:21.0928 1188 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:05:21.0943 1188 drmkaud - ok
16:05:21.0990 1188 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:05:22.0021 1188 DXGKrnl - ok
16:05:22.0037 1188 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:05:22.0068 1188 EapHost - ok
16:05:22.0146 1188 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:05:22.0255 1188 ebdrv - ok
16:05:22.0302 1188 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:05:22.0364 1188 EFS - ok
16:05:22.0411 1188 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:05:22.0458 1188 ehRecvr - ok
16:05:22.0489 1188 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:05:22.0536 1188 ehSched - ok
16:05:22.0567 1188 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:05:22.0583 1188 elxstor - ok
16:05:22.0614 1188 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:05:22.0614 1188 ErrDev - ok
16:05:22.0645 1188 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:05:22.0676 1188 EventSystem - ok
16:05:22.0692 1188 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:05:22.0723 1188 exfat - ok
16:05:22.0739 1188 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:05:22.0770 1188 fastfat - ok
16:05:22.0817 1188 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:05:22.0864 1188 Fax - ok
16:05:22.0879 1188 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:05:22.0895 1188 fdc - ok
16:05:22.0910 1188 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:05:22.0926 1188 fdPHost - ok
16:05:22.0957 1188 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:05:22.0973 1188 FDResPub - ok
16:05:22.0988 1188 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:05:23.0004 1188 FileInfo - ok
16:05:23.0004 1188 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:05:23.0035 1188 Filetrace - ok
16:05:23.0066 1188 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:05:23.0082 1188 flpydisk - ok
16:05:23.0082 1188 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:05:23.0098 1188 FltMgr - ok
16:05:23.0144 1188 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
16:05:23.0176 1188 FontCache - ok
16:05:23.0238 1188 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:05:23.0254 1188 FontCache3.0.0.0 - ok
16:05:23.0269 1188 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:05:23.0285 1188 FsDepends - ok
16:05:23.0300 1188 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:05:23.0316 1188 Fs_Rec - ok
16:05:23.0347 1188 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:05:23.0363 1188 fvevol - ok
16:05:23.0378 1188 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:05:23.0394 1188 gagp30kx - ok
16:05:23.0441 1188 [ C1049F3D658F33D0D64CC48B0DCCCF08 ] genport C:\Program Files\RemoteKeySrv\GenPort.sys
16:05:23.0456 1188 genport ( UnsignedFile.Multi.Generic ) - warning
16:05:23.0456 1188 genport - detected UnsignedFile.Multi.Generic (1)
16:05:23.0488 1188 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:05:23.0566 1188 gpsvc - ok
16:05:23.0597 1188 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:05:23.0612 1188 hcw85cir - ok
16:05:23.0659 1188 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:05:23.0706 1188 HdAudAddService - ok
16:05:23.0737 1188 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:05:23.0753 1188 HDAudBus - ok
16:05:23.0768 1188 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:05:23.0784 1188 HidBatt - ok
16:05:23.0800 1188 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:05:23.0831 1188 HidBth - ok
16:05:23.0831 1188 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:05:23.0846 1188 HidIr - ok
16:05:23.0878 1188 [ 1FAB2540C1BD6DA847CCD292F4EEE48A ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
16:05:23.0893 1188 hidkmdf - ok
16:05:23.0909 1188 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:05:23.0940 1188 hidserv - ok
16:05:23.0956 1188 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:05:23.0971 1188 HidUsb - ok
16:05:24.0002 1188 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:05:24.0049 1188 hkmsvc - ok
16:05:24.0096 1188 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:05:24.0127 1188 HomeGroupListener - ok
16:05:24.0158 1188 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:05:24.0205 1188 HomeGroupProvider - ok
16:05:24.0205 1188 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:05:24.0221 1188 HpSAMD - ok
16:05:24.0283 1188 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:05:24.0314 1188 HTTP - ok
16:05:24.0330 1188 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:05:24.0346 1188 hwpolicy - ok
16:05:24.0377 1188 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:05:24.0392 1188 i8042prt - ok
16:05:24.0424 1188 [ 5A6C5876FB84418D08D67B8CAED5EFCF ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:05:24.0439 1188 iaStor - ok
16:05:24.0502 1188 [ DE9560E9703BFE1BD08014A406BE0033 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:05:24.0517 1188 IAStorDataMgrSvc - ok
16:05:24.0548 1188 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:05:24.0580 1188 iaStorV - ok
16:05:24.0642 1188 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:05:24.0673 1188 idsvc - ok
16:05:24.0704 1188 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:05:24.0720 1188 iirsp - ok
16:05:24.0767 1188 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:05:24.0798 1188 IKEEXT - ok
16:05:24.0876 1188 [ BA9A1F572D1A91559E6E76504CFD381C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:05:24.0954 1188 IntcAzAudAddService - ok
16:05:24.0970 1188 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:05:24.0985 1188 intelide - ok
16:05:25.0001 1188 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:05:25.0016 1188 intelppm - ok
16:05:25.0032 1188 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:05:25.0063 1188 IPBusEnum - ok
16:05:25.0079 1188 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:05:25.0126 1188 IpFilterDriver - ok
16:05:25.0141 1188 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:05:25.0188 1188 iphlpsvc - ok
16:05:25.0204 1188 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:05:25.0219 1188 IPMIDRV - ok
16:05:25.0235 1188 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:05:25.0266 1188 IPNAT - ok
16:05:25.0266 1188 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:05:25.0297 1188 IRENUM - ok
16:05:25.0313 1188 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:05:25.0328 1188 isapnp - ok
16:05:25.0344 1188 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:05:25.0360 1188 iScsiPrt - ok
16:05:25.0391 1188 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:05:25.0406 1188 kbdclass - ok
16:05:25.0453 1188 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:05:25.0469 1188 kbdhid - ok
16:05:25.0484 1188 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:05:25.0500 1188 KeyIso - ok
16:05:25.0531 1188 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:05:25.0547 1188 KSecDD - ok
16:05:25.0547 1188 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:05:25.0562 1188 KSecPkg - ok
16:05:25.0594 1188 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:05:25.0625 1188 KtmRm - ok
16:05:25.0640 1188 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
16:05:25.0672 1188 LanmanServer - ok
16:05:25.0687 1188 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:05:25.0718 1188 LanmanWorkstation - ok
16:05:25.0750 1188 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:05:25.0781 1188 lltdio - ok
16:05:25.0796 1188 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:05:25.0828 1188 lltdsvc - ok
16:05:25.0843 1188 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:05:25.0874 1188 lmhosts - ok
16:05:25.0890 1188 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:05:25.0906 1188 LSI_FC - ok
16:05:25.0921 1188 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:05:25.0921 1188 LSI_SAS - ok
16:05:25.0952 1188 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:05:25.0968 1188 LSI_SAS2 - ok
16:05:25.0984 1188 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:05:25.0999 1188 LSI_SCSI - ok
16:05:26.0015 1188 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:05:26.0046 1188 luafv - ok
16:05:26.0077 1188 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:05:26.0093 1188 Mcx2Svc - ok
16:05:26.0108 1188 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:05:26.0124 1188 megasas - ok
16:05:26.0140 1188 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:05:26.0155 1188 MegaSR - ok
16:05:26.0171 1188 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:05:26.0218 1188 MMCSS - ok
16:05:26.0233 1188 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:05:26.0264 1188 Modem - ok
16:05:26.0296 1188 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:05:26.0311 1188 monitor - ok
16:05:26.0342 1188 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
16:05:26.0358 1188 mouclass - ok
16:05:26.0374 1188 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:05:26.0389 1188 mouhid - ok
16:05:26.0436 1188 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:05:26.0452 1188 mountmgr - ok
16:05:26.0514 1188 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:05:26.0530 1188 MozillaMaintenance - ok
16:05:26.0561 1188 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:05:26.0576 1188 MpFilter - ok
16:05:26.0592 1188 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:05:26.0608 1188 mpio - ok
16:05:26.0732 1188 [ A69630D039C38018689190234F866D77 ] MpKsl9113f8e8 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE5E4C56-E308-4425-AF88-B418B7D87C3A}\MpKsl9113f8e8.sys
16:05:26.0748 1188 MpKsl9113f8e8 - ok
16:05:26.0748 1188 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:05:26.0795 1188 mpsdrv - ok
16:05:26.0842 1188 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:05:26.0904 1188 MpsSvc - ok
16:05:26.0935 1188 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:05:26.0951 1188 MRxDAV - ok
16:05:26.0982 1188 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:05:27.0029 1188 mrxsmb - ok
16:05:27.0044 1188 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:05:27.0076 1188 mrxsmb10 - ok
16:05:27.0107 1188 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:05:27.0138 1188 mrxsmb20 - ok
16:05:27.0154 1188 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:05:27.0169 1188 msahci - ok
16:05:27.0185 1188 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:05:27.0200 1188 msdsm - ok
16:05:27.0216 1188 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:05:27.0247 1188 MSDTC - ok
16:05:27.0263 1188 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:05:27.0294 1188 Msfs - ok
16:05:27.0294 1188 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:05:27.0325 1188 mshidkmdf - ok
16:05:27.0341 1188 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:05:27.0356 1188 msisadrv - ok
16:05:27.0388 1188 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:05:27.0419 1188 MSiSCSI - ok
16:05:27.0434 1188 msiserver - ok
16:05:27.0434 1188 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:05:27.0466 1188 MSKSSRV - ok
16:05:27.0481 1188 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:05:27.0497 1188 MsMpSvc - ok
16:05:27.0512 1188 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:05:27.0528 1188 MSPCLOCK - ok
16:05:27.0544 1188 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:05:27.0575 1188 MSPQM - ok
16:05:27.0575 1188 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:05:27.0590 1188 MsRPC - ok
16:05:27.0622 1188 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:05:27.0622 1188 mssmbios - ok
16:05:27.0637 1188 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:05:27.0668 1188 MSTEE - ok
16:05:27.0668 1188 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:05:27.0684 1188 MTConfig - ok
16:05:27.0700 1188 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:05:27.0715 1188 Mup - ok
16:05:27.0746 1188 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:05:27.0778 1188 napagent - ok
16:05:27.0809 1188 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:05:27.0840 1188 NativeWifiP - ok
16:05:27.0887 1188 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:05:27.0918 1188 NDIS - ok
16:05:27.0934 1188 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:05:27.0965 1188 NdisCap - ok
16:05:27.0980 1188 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:05:28.0012 1188 NdisTapi - ok
16:05:28.0058 1188 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:05:28.0074 1188 Ndisuio - ok
16:05:28.0121 1188 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:05:28.0152 1188 NdisWan - ok
16:05:28.0199 1188 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:05:28.0214 1188 NDProxy - ok
16:05:28.0230 1188 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:05:28.0261 1188 NetBIOS - ok
16:05:28.0292 1188 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:05:28.0324 1188 NetBT - ok
16:05:28.0339 1188 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:05:28.0355 1188 Netlogon - ok
16:05:28.0402 1188 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:05:28.0433 1188 Netman - ok
16:05:28.0448 1188 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:05:28.0480 1188 netprofm - ok
16:05:28.0526 1188 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:05:28.0542 1188 NetTcpPortSharing - ok
16:05:28.0558 1188 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:05:28.0573 1188 nfrd960 - ok
16:05:28.0604 1188 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:05:28.0620 1188 NisDrv - ok
16:05:28.0651 1188 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:05:28.0667 1188 NisSrv - ok
16:05:28.0698 1188 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:05:28.0714 1188 NlaSvc - ok
16:05:28.0729 1188 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:05:28.0760 1188 Npfs - ok
16:05:28.0776 1188 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:05:28.0807 1188 nsi - ok
16:05:28.0807 1188 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:05:28.0838 1188 nsiproxy - ok
16:05:28.0870 1188 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:05:28.0901 1188 Ntfs - ok
16:05:28.0932 1188 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:05:28.0963 1188 Null - ok
16:05:29.0026 1188 [ EFF6795CDACB959D1AB89EB9B9C29B57 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
16:05:29.0041 1188 NVHDA - ok
16:05:29.0244 1188 [ 50C1B2DD2A5B3ED82C6E4683C4AD58B8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:05:29.0494 1188 nvlddmkm - ok
16:05:29.0540 1188 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:05:29.0556 1188 nvraid - ok
16:05:29.0556 1188 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:05:29.0572 1188 nvstor - ok
16:05:29.0603 1188 [ D9051D79D19C63B67CA12BD1C3B6FFB3 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:05:29.0618 1188 nvsvc - ok
16:05:29.0634 1188 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:05:29.0650 1188 nv_agp - ok
16:05:29.0681 1188 [ F1A718C6C6CD3EDF157FA3D459ADFEF7 ] NW1950 C:\Windows\system32\DRIVERS\NW1950.sys
16:05:29.0696 1188 NW1950 - ok
16:05:29.0743 1188 [ 953E08D5CA0B02697A8145AAA0CA28BE ] NxpCap C:\Windows\system32\DRIVERS\NxpCap.sys
16:05:29.0806 1188 NxpCap - ok
16:05:29.0884 1188 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:05:29.0899 1188 odserv - ok
16:05:29.0915 1188 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:05:29.0946 1188 ohci1394 - ok
16:05:29.0962 1188 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:05:29.0977 1188 ose - ok
16:05:30.0008 1188 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:05:30.0055 1188 p2pimsvc - ok
16:05:30.0086 1188 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:05:30.0118 1188 p2psvc - ok
16:05:30.0149 1188 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:05:30.0164 1188 Parport - ok
16:05:30.0180 1188 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:05:30.0196 1188 partmgr - ok
16:05:30.0211 1188 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:05:30.0227 1188 Parvdm - ok
16:05:30.0258 1188 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:05:30.0274 1188 PcaSvc - ok
16:05:30.0289 1188 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:05:30.0305 1188 pci - ok
16:05:30.0336 1188 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:05:30.0336 1188 pciide - ok
16:05:30.0352 1188 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:05:30.0367 1188 pcmcia - ok
16:05:30.0398 1188 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:05:30.0414 1188 pcw - ok
16:05:30.0445 1188 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:05:30.0523 1188 PEAUTH - ok
16:05:30.0586 1188 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:05:30.0648 1188 pla - ok
16:05:30.0695 1188 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:05:30.0726 1188 PlugPlay - ok
16:05:30.0742 1188 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:05:30.0773 1188 PNRPAutoReg - ok
16:05:30.0773 1188 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:05:30.0788 1188 PNRPsvc - ok
16:05:30.0820 1188 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:05:30.0851 1188 PolicyAgent - ok
16:05:30.0898 1188 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:05:30.0929 1188 Power - ok
16:05:30.0960 1188 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:05:30.0991 1188 PptpMiniport - ok
16:05:31.0022 1188 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:05:31.0038 1188 Processor - ok
16:05:31.0069 1188 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
16:05:31.0132 1188 ProfSvc - ok
16:05:31.0147 1188 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:05:31.0163 1188 ProtectedStorage - ok
16:05:31.0163 1188 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:05:31.0194 1188 Psched - ok
16:05:31.0241 1188 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:05:31.0256 1188 PSI_SVC_2 - ok
16:05:31.0288 1188 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:05:31.0319 1188 ql2300 - ok
16:05:31.0334 1188 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:05:31.0350 1188 ql40xx - ok
16:05:31.0366 1188 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:05:31.0381 1188 QWAVE - ok
16:05:31.0412 1188 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:05:31.0428 1188 QWAVEdrv - ok
16:05:31.0428 1188 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:05:31.0475 1188 RasAcd - ok
16:05:31.0475 1188 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:05:31.0506 1188 RasAgileVpn - ok
16:05:31.0537 1188 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:05:31.0568 1188 RasAuto - ok
16:05:31.0584 1188 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:05:31.0631 1188 Rasl2tp - ok
16:05:31.0678 1188 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:05:31.0709 1188 RasMan - ok
16:05:31.0724 1188 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:05:31.0771 1188 RasPppoe - ok
16:05:31.0771 1188 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:05:31.0802 1188 RasSstp - ok
16:05:31.0818 1188 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:05:31.0849 1188 rdbss - ok
16:05:31.0880 1188 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:05:31.0896 1188 rdpbus - ok
16:05:31.0927 1188 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:05:31.0943 1188 RDPCDD - ok
16:05:31.0990 1188 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:05:32.0021 1188 RDPENCDD - ok
16:05:32.0036 1188 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:05:32.0068 1188 RDPREFMP - ok
16:05:32.0083 1188 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:05:32.0146 1188 RDPWD - ok
16:05:32.0177 1188 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:05:32.0192 1188 rdyboost - ok
16:05:32.0224 1188 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:05:32.0255 1188 RemoteAccess - ok
16:05:32.0286 1188 [ 3B2CFF6F5DF5E087745014B47CAAB81A ] RemoteKeySrv C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe
16:05:32.0302 1188 RemoteKeySrv ( UnsignedFile.Multi.Generic ) - warning
16:05:32.0302 1188 RemoteKeySrv - detected UnsignedFile.Multi.Generic (1)
16:05:32.0317 1188 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:05:32.0348 1188 RemoteRegistry - ok
16:05:32.0364 1188 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:05:32.0395 1188 RFCOMM - ok
16:05:32.0473 1188 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
16:05:32.0504 1188 RichVideo ( UnsignedFile.Multi.Generic ) - warning
16:05:32.0504 1188 RichVideo - detected UnsignedFile.Multi.Generic (1)
16:05:32.0520 1188 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:05:32.0551 1188 RpcEptMapper - ok
16:05:32.0567 1188 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:05:32.0598 1188 RpcLocator - ok
16:05:32.0614 1188 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:05:32.0645 1188 RpcSs - ok
16:05:32.0645 1188 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:05:32.0676 1188 rspndr - ok
16:05:32.0723 1188 [ B87F999E05DD9C0312C83A8752E8E66B ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
16:05:32.0738 1188 RSUSBSTOR - ok
16:05:32.0770 1188 [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
16:05:32.0848 1188 RTL8167 - ok
16:05:32.0894 1188 [ 2A529A3DF6458C93663BAD515BA8680C ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
16:05:32.0910 1188 rtl8192se - ok
16:05:32.0941 1188 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:05:32.0957 1188 SamSs - ok
16:05:32.0988 1188 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:05:33.0019 1188 sbp2port - ok
16:05:33.0035 1188 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:05:33.0066 1188 SCardSvr - ok
16:05:33.0066 1188 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:05:33.0097 1188 scfilter - ok
16:05:33.0144 1188 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:05:33.0191 1188 Schedule - ok
16:05:33.0206 1188 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:05:33.0238 1188 SCPolicySvc - ok
16:05:33.0269 1188 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:05:33.0300 1188 SDRSVC - ok
16:05:33.0331 1188 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:05:33.0347 1188 SeaPort - ok
16:05:33.0378 1188 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:05:33.0409 1188 secdrv - ok
16:05:33.0425 1188 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:05:33.0456 1188 seclogon - ok
16:05:33.0487 1188 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:05:33.0534 1188 SENS - ok
16:05:33.0550 1188 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:05:33.0581 1188 SensrSvc - ok
16:05:33.0596 1188 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:05:33.0628 1188 Serenum - ok
16:05:33.0659 1188 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:05:33.0690 1188 Serial - ok
16:05:33.0706 1188 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:05:33.0737 1188 sermouse - ok
16:05:33.0768 1188 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:05:33.0830 1188 SessionEnv - ok
16:05:33.0830 1188 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:05:33.0862 1188 sffdisk - ok
16:05:33.0877 1188 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:05:33.0893 1188 sffp_mmc - ok
16:05:33.0908 1188 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:05:33.0924 1188 sffp_sd - ok
16:05:33.0940 1188 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:05:33.0940 1188 sfloppy - ok
16:05:33.0986 1188 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:05:34.0033 1188 SharedAccess - ok
16:05:34.0064 1188 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:05:34.0111 1188 ShellHWDetection - ok
16:05:34.0127 1188 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:05:34.0142 1188 sisagp - ok
16:05:34.0158 1188 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:05:34.0174 1188 SiSRaid2 - ok
16:05:34.0189 1188 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:05:34.0205 1188 SiSRaid4 - ok
16:05:34.0220 1188 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:05:34.0252 1188 Smb - ok
16:05:34.0283 1188 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:05:34.0298 1188 SNMPTRAP - ok
16:05:34.0298 1188 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:05:34.0314 1188 spldr - ok
16:05:34.0361 1188 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
16:05:34.0423 1188 Spooler - ok
16:05:34.0501 1188 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:05:34.0595 1188 sppsvc - ok
16:05:34.0642 1188 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:05:34.0673 1188 sppuinotify - ok
16:05:34.0704 1188 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:05:34.0735 1188 srv - ok
16:05:34.0751 1188 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:05:34.0798 1188 srv2 - ok
16:05:34.0813 1188 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:05:34.0829 1188 srvnet - ok
16:05:34.0844 1188 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:05:34.0876 1188 SSDPSRV - ok
16:05:34.0876 1188 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:05:34.0907 1188 SstpSvc - ok
16:05:34.0938 1188 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:05:34.0954 1188 stexstor - ok
16:05:34.0985 1188 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:05:35.0016 1188 StiSvc - ok
16:05:35.0032 1188 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:05:35.0047 1188 swenum - ok
16:05:35.0063 1188 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:05:35.0094 1188 swprv - ok
16:05:35.0141 1188 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:05:35.0172 1188 SysMain - ok
16:05:35.0203 1188 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:05:35.0219 1188 TabletInputService - ok
16:05:35.0250 1188 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:05:35.0297 1188 TapiSrv - ok
16:05:35.0312 1188 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:05:35.0344 1188 TBS - ok
16:05:35.0406 1188 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:05:35.0468 1188 Tcpip - ok
16:05:35.0500 1188 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:05:35.0531 1188 TCPIP6 - ok
16:05:35.0546 1188 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:05:35.0609 1188 tcpipreg - ok
16:05:35.0640 1188 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:05:35.0687 1188 TDPIPE - ok
16:05:35.0687 1188 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:05:35.0702 1188 TDTCP - ok
16:05:35.0749 1188 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:05:35.0780 1188 tdx - ok
16:05:35.0796 1188 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:05:35.0812 1188 TermDD - ok
16:05:35.0858 1188 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:05:35.0905 1188 TermService - ok
16:05:35.0921 1188 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:05:35.0952 1188 Themes - ok
16:05:35.0968 1188 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:05:35.0999 1188 THREADORDER - ok
16:05:36.0014 1188 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:05:36.0046 1188 TrkWks - ok
16:05:36.0092 1188 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:05:36.0139 1188 TrustedInstaller - ok
16:05:36.0186 1188 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:05:36.0217 1188 tssecsrv - ok
16:05:36.0248 1188 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:05:36.0264 1188 TsUsbFlt - ok
16:05:36.0326 1188 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:05:36.0389 1188 tunnel - ok
16:05:36.0404 1188 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:05:36.0420 1188 uagp35 - ok
16:05:36.0436 1188 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:05:36.0467 1188 udfs - ok
16:05:36.0482 1188 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:05:36.0498 1188 UI0Detect - ok
16:05:36.0529 1188 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:05:36.0545 1188 uliagpkx - ok
16:05:36.0592 1188 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
16:05:36.0607 1188 umbus - ok
16:05:36.0638 1188 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:05:36.0654 1188 UmPass - ok
16:05:36.0685 1188 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:05:36.0716 1188 upnphost - ok
16:05:36.0732 1188 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:05:36.0748 1188 usbccgp - ok
16:05:36.0763 1188 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:05:36.0779 1188 usbcir - ok
16:05:36.0810 1188 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:05:36.0826 1188 usbehci - ok
16:05:36.0841 1188 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\drivers\usbhub.sys
16:05:36.0857 1188 usbhub - ok
16:05:36.0872 1188 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:05:36.0888 1188 usbohci - ok
16:05:36.0904 1188 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:05:36.0919 1188 usbprint - ok
16:05:36.0935 1188 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:05:36.0966 1188 USBSTOR - ok
16:05:36.0982 1188 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:05:36.0997 1188 usbuhci - ok
16:05:37.0013 1188 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:05:37.0028 1188 usbvideo - ok
16:05:37.0044 1188 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:05:37.0075 1188 UxSms - ok
16:05:37.0091 1188 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:05:37.0106 1188 VaultSvc - ok
16:05:37.0106 1188 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:05:37.0122 1188 vdrvroot - ok
16:05:37.0153 1188 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:05:37.0200 1188 vds - ok
16:05:37.0216 1188 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:05:37.0247 1188 vga - ok
16:05:37.0247 1188 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:05:37.0278 1188 VgaSave - ok
16:05:37.0294 1188 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:05:37.0309 1188 vhdmp - ok
16:05:37.0309 1188 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:05:37.0325 1188 viaagp - ok
16:05:37.0340 1188 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:05:37.0372 1188 ViaC7 - ok
16:05:37.0387 1188 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:05:37.0403 1188 viaide - ok
16:05:37.0418 1188 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:05:37.0434 1188 volmgr - ok
16:05:37.0450 1188 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:05:37.0465 1188 volmgrx - ok
16:05:37.0481 1188 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:05:37.0496 1188 volsnap - ok
16:05:37.0543 1188 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:05:37.0559 1188 vsmraid - ok
16:05:37.0606 1188 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:05:37.0652 1188 VSS - ok
16:05:37.0668 1188 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:05:37.0684 1188 vwifibus - ok
16:05:37.0684 1188 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:05:37.0699 1188 vwififlt - ok
16:05:37.0746 1188 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:05:37.0777 1188 W32Time - ok
16:05:37.0793 1188 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:05:37.0808 1188 WacomPen - ok
16:05:37.0871 1188 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:05:37.0902 1188 WANARP - ok
16:05:37.0918 1188 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:05:37.0933 1188 Wanarpv6 - ok
16:05:37.0980 1188 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:05:38.0027 1188 wbengine - ok
16:05:38.0042 1188 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:05:38.0058 1188 WbioSrvc - ok
16:05:38.0105 1188 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:05:38.0136 1188 wcncsvc - ok
16:05:38.0152 1188 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:05:38.0183 1188 WcsPlugInService - ok
16:05:38.0214 1188 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:05:38.0230 1188 Wd - ok
16:05:38.0245 1188 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:05:38.0261 1188 Wdf01000 - ok
16:05:38.0276 1188 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:05:38.0323 1188 WdiServiceHost - ok
16:05:38.0323 1188 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:05:38.0339 1188 WdiSystemHost - ok
16:05:38.0386 1188 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:05:38.0417 1188 WebClient - ok
16:05:38.0432 1188 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:05:38.0464 1188 Wecsvc - ok
16:05:38.0479 1188 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:05:38.0510 1188 wercplsupport - ok
16:05:38.0526 1188 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:05:38.0557 1188 WerSvc - ok
16:05:38.0588 1188 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:05:38.0635 1188 WfpLwf - ok
16:05:38.0651 1188 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:05:38.0666 1188 WIMMount - ok
16:05:38.0713 1188 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:05:38.0729 1188 WinDefend - ok
16:05:38.0744 1188 WinHttpAutoProxySvc - ok
16:05:38.0776 1188 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:05:38.0822 1188 Winmgmt - ok
16:05:38.0885 1188 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:05:38.0916 1188 WinRM - ok
16:05:38.0963 1188 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:05:38.0994 1188 Wlansvc - ok
16:05:39.0010 1188 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:05:39.0025 1188 WmiAcpi - ok
16:05:39.0056 1188 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:05:39.0072 1188 wmiApSrv - ok
16:05:39.0134 1188 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:05:39.0197 1188 WMPNetworkSvc - ok
16:05:39.0228 1188 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:05:39.0244 1188 WPCSvc - ok
16:05:39.0275 1188 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:05:39.0306 1188 WPDBusEnum - ok
16:05:39.0322 1188 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:05:39.0337 1188 ws2ifsl - ok
16:05:39.0368 1188 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
16:05:39.0384 1188 wscsvc - ok
16:05:39.0400 1188 WSearch - ok
16:05:39.0446 1188 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:05:39.0509 1188 wuauserv - ok
16:05:39.0524 1188 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:05:39.0556 1188 WudfPf - ok
16:05:39.0602 1188 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:05:39.0634 1188 WUDFRd - ok
16:05:39.0665 1188 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:05:39.0712 1188 wudfsvc - ok
16:05:39.0727 1188 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:05:39.0743 1188 WwanSvc - ok
16:05:39.0790 1188 [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid C:\Windows\System32\Drivers\x10hid.sys
16:05:39.0790 1188 X10Hid - ok
16:05:39.0836 1188 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
16:05:39.0852 1188 x10nets ( UnsignedFile.Multi.Generic ) - warning
16:05:39.0852 1188 x10nets - detected UnsignedFile.Multi.Generic (1)
16:05:39.0868 1188 [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF C:\Windows\System32\Drivers\x10ufx2.sys
16:05:39.0868 1188 XUIF - ok
16:05:39.0914 1188 ================ Scan global ===============================
16:05:39.0961 1188 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:05:39.0977 1188 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:05:39.0992 1188 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:05:40.0024 1188 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:05:40.0055 1188 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:05:40.0055 1188 [Global] - ok
16:05:40.0055 1188 ================ Scan MBR ==================================
16:05:40.0070 1188 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
16:05:43.0003 1188 \Device\Harddisk0\DR0 - ok
16:05:43.0003 1188 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
16:05:49.0805 1188 \Device\Harddisk1\DR1 - ok
16:05:49.0805 1188 ================ Scan VBR ==================================
16:05:49.0836 1188 [ 08363D8100DE257D3E5DE7A79C42EE97 ] \Device\Harddisk0\DR0\Partition1
16:05:49.0836 1188 \Device\Harddisk0\DR0\Partition1 - ok
16:05:49.0852 1188 [ 13A565A01ED32E56C7B3E0A2B719CE6B ] \Device\Harddisk0\DR0\Partition2
16:05:49.0852 1188 \Device\Harddisk0\DR0\Partition2 - ok
16:05:49.0883 1188 [ C3F1D970FBD9236E264F06842EBC10B1 ] \Device\Harddisk0\DR0\Partition3
16:05:49.0883 1188 \Device\Harddisk0\DR0\Partition3 - ok
16:05:49.0883 1188 [ 8C77F6FF44364696358EBE6888E85D41 ] \Device\Harddisk1\DR1\Partition1
16:05:49.0898 1188 \Device\Harddisk1\DR1\Partition1 - ok
16:05:49.0898 1188 ============================================================
16:05:49.0898 1188 Scan finished
16:05:49.0898 1188 ============================================================
16:05:49.0914 2360 Detected object count: 4
16:05:49.0914 2360 Actual detected object count: 4
16:07:25.0231 2360 genport ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:25.0231 2360 genport ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:25.0231 2360 RemoteKeySrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:25.0231 2360 RemoteKeySrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:25.0231 2360 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:25.0231 2360 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:07:25.0247 2360 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:25.0247 2360 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
Vorher hatte ich mir noch versucht mit der Avira Rescue CD zu helfen, bin aber total gar nicht damit klar gekommen. Der Fehler scheint hier gewesen zu sein, dass ich die über Softonic gesaugt habe. Mein bisheriges Fazit:
 |
|
06.03.2013, 00:39
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbrZitat:
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein! Finger weg von Softonic!!  Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller oder von Filepony aber nicht von solchen Toolbarklitschen wie Softonic!
__________________ --> fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr |
|
| Themen zu fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr |
| applaus, autorun, avira, bho, desktop, error, eset smart security, excel, fehler, firefox, flash player, format, google, helper, home, hängt, install.exe, installation, logfile, office 2007, ohne befund, plug-in, port, problem, prozesse, realtek, registry, rundll, security, svchost.exe, unknown mbr, windows |
wenn man nur mit autodidaktischem Halbwissen gesegnet ist.
