| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf Tojaner - ZeuS + ZBot + IncredibarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
06.04.2013, 02:18
| #1 |
 |  Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Hallo Werte Profis vom Trojaner-Board. Zuerst einmal zu meiner Person: Michael, 46J. Der Rechner um den es geht wird hauptsächlich von meinem Sohn (Schule, Lego-Mindstorms, Schach, ab und an spielen), von meiner Frau (Surfen, Online-Shopping und erstellen von CEWE-Fotobüchern) und sporadisch auch von mir (surfen) genutzt. Neulich kam es whärend der Übertragung eines CEWE-Fotobuchs zu einem Absturz des Rechners. Nach einer Wiederherstellung eines älteren Standes war der Rechner wieder funktionstüchtig, es waren jedoch einige Ordner bzw. einzelne Dateien als versteckt markiert (es war kein System erkennbar). Kurze Zeit später habe auf dem Laptop den Incredibar-Trojaner gefunden. Als erstes habe ich ihn über die Systemsteuerung deinstalliert. Habe jedoch gelesen, dass damit leider nicht alles getan ist. Nun habe ich noch eine Mail vom „TELEKOM-Abuse-Team“ bezüglich eines Trojaners "ZeuS/ZBot" (Online-Banking-Trojaner) bekommen. Dabei war ein link zu www.botfrei.de. Daher habe ich einmal angefangen Sunny`s Liste (Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?) abzuarbeiten. Denke nun ist es an der Zeit den ganzen Rechner mal auf den Prüfstand zu legen…… Leider war mein Text etwas zu lang, daher habe ich "Extras.txt" und "Gmer.txt" gezippt. Hoffe ihr könnt mir helfen. Bereits vorab vielen Dank! Michael Hier OTL.Txt: OTL logfile created on: 06.04.2013 01:07:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 47,29% Memory free 7,82 Gb Paging File | 5,26 Gb Available in Paging File | 67,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 404,66 Gb Total Space | 314,76 Gb Free Space | 77,78% Space Free | Partition Type: NTFS Drive D: | 60,00 Gb Total Space | 30,01 Gb Free Space | 50,01% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL (2).exe (OldTimer Tools) PRC - C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P221RZ58\Defogger.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\PHotkey\POSD.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\PHotkey\PHotkey.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\PHotkey\MsgTranAgt.exe () PRC - C:\Program Files (x86)\PHotkey\ASLDRSrv.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P221RZ58\Defogger.exe () MOD - C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll () MOD - C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () ========== Services (SafeList) ========== SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (GFNEXSrv) -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe () SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (ASLDRService) -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (PEGAGFN) -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys (PEGATRON) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {512B7171-D866-40A0-AB9A-85792DB46733} IE - HKCU\..\SearchScopes\{512B7171-D866-40A0-AB9A-85792DB46733}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyGEM2hDK&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Anwendungen\Tools\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2012.07.01 23:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Anwendungen\Arbeit\Office_2007\Office12\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Anwendungen\Arbeit\Office_2007\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Anwendungen\Arbeit\Office_2007\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A44F70F-91A9-4ED3-A205-E742C1166F1C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4ECBD93-2721-4AC3-95B0-64293A4227C1}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.06 01:11:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.06 00:34:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6094306D-A79B-48D5-B951-3D8DBD834135} [2013.04.03 22:58:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{27581484-ACC4-4052-BF15-C471E0CB8669} [2013.04.02 21:37:58 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.02 21:37:58 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.02 21:37:58 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.04.02 21:18:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{886DEA3B-74E2-43D6-8F89-52A4236BD831} [2013.04.02 20:43:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7A339863-DE41-4947-9C64-0CA5FBC087C7} [2013.04.01 23:39:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{063AFCE1-8E62-44AE-8295-38FEA7DBE635} [2013.03.29 13:35:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{331BFC02-BEF6-40C2-9701-8557D768C43D} [2013.03.26 00:07:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Veuva [2013.03.26 00:07:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ulvus [2013.03.26 00:07:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Tuyr [2013.03.25 23:09:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6D4A2C70-EC02-4153-BB81-39B627FB4CE6} [2013.03.23 18:36:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{203100CB-512A-4E6A-89E3-70D4B7517F29} [2013.03.22 20:16:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3024DA7D-C719-4142-8BB0-404B2BF119FE} [2013.03.19 22:15:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F9099AF7-1289-474D-92A3-61577A40DB38} [2013.03.18 23:50:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Paint.NET [2013.03.17 17:30:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{92C6D5BE-B2F6-4667-8205-E15CCB739473} [2013.03.16 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9874D570-CC26-4309-A7DF-0D340B1193F2} [2013.03.13 17:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 17:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 17:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.13 16:40:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A9BE8B3-FE32-48A2-90BC-3FEDF29579C2} [2013.03.11 18:38:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{65C9A795-7848-4947-821D-D14DEBDE50B8} [2013.03.09 23:35:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1EB5C19E-C5E8-4979-A175-8A69063BF455} [2013.03.08 12:29:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E8D42D29-5976-4178-8BF9-0FCCEE118644} ========== Files - Modified Within 30 Days ========== [2013.04.06 01:10:12 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.06 01:07:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.06 00:40:58 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 00:40:58 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 00:37:59 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.06 00:37:59 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.06 00:37:59 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.06 00:37:59 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.06 00:37:59 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.06 00:33:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.06 00:32:59 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2013.04.06 00:32:53 | 3151,273,984 | -HS- | M] () -- C:\hiberfil.sys [2013.04.05 21:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.05 21:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.02 21:37:39 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.02 21:37:39 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.02 21:37:39 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.23 00:10:18 | 000,012,800 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2013.04.06 01:11:14 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.03.18 23:51:09 | 000,001,275 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2013.03.07 01:00:33 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.02.06 23:36:25 | 000,000,160 | ---- | C] () -- C:\ProgramData\-yasjtXfCHSr [2013.02.06 23:36:25 | 000,000,152 | ---- | C] () -- C:\ProgramData\-yasjtXfCHS [2013.02.06 23:36:21 | 000,000,168 | ---- | C] () -- C:\ProgramData\yasjtXfCHS [2012.10.25 20:51:08 | 000,012,800 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.13 22:51:48 | 000,000,017 | -H-- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2012.09.13 21:43:29 | 000,000,728 | -H-- | C] () -- C:\Users\***\AppData\Roaming\DriveCalculator Preferences [2012.08.25 16:42:34 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.08.25 16:42:34 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.08.14 21:36:16 | 000,001,582 | ---- | C] () -- C:\Users\***\Slender.lnk [2012.07.12 13:06:48 | 000,001,750 | ---- | C] () -- C:\Users\***\Browserwahl.lnk [2012.02.18 21:24:00 | 000,094,208 | ---- | C] () -- C:\Users\***\AppData\Roaming\skype.dat [2012.02.18 01:31:20 | 000,000,173 | -H-- | C] () -- C:\Users\***\AppData\Local\msmathematics.qat.*** [2012.02.17 16:53:42 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol [2011.11.15 13:38:00 | 000,072,017 | ---- | C] () -- C:\Windows\SysWow64\Uninstall ALDI SÜD Mah Jong.exe [2011.11.10 19:48:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.11.10 01:32:58 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.11.10 01:32:57 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.11.10 01:32:56 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.11.10 01:32:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.11.10 01:32:54 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.20 19:19:39 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2012.03.20 19:18:33 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ALDI_SUED_Mah_Jong [2012.02.19 13:45:47 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2013.02.07 00:36:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ChessBase [2012.03.22 23:41:26 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.03.22 23:41:17 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2013.02.07 00:36:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.03.20 22:25:00 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\iScreensaver [2013.03.10 15:36:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2012.07.01 23:49:25 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.09.17 22:40:38 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Phase6 [2013.03.26 00:07:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tuyr [2013.04.05 09:50:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulvus [2013.04.04 16:43:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Veuva [2012.02.17 12:41:49 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Virtual Desktop Manager [2013.04.05 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Voges [2013.02.07 00:36:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WebApp [2012.02.26 01:41:40 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2012.02.17 12:14:31 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\YoudaGames ========== Purity Check ========== < End of report > |
|
06.04.2013, 09:27
| #2 |
| /// TB-Ausbilder  | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Na dann schauen wir doch mal.
__________________!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Lesestoff:Banking-Trojaner Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
06.04.2013, 15:50
| #3 |
| | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Hallo Ryder,
__________________bereits vorab schon einmal vielen Dank für deine Unterstützung!  Werde mich tunlichst an alle deine Anweisungen halten. Zu unserem online-banking-Verhalten: Wird sporadisch mit dem Telefon-TAN-Verfahren praktiziert. In online-Shops eingekauft wird meist mit paypal. So, nun geht’s los: Schritt 1: Laufwerksemulationen abschalten mit Defogger Eine Datei “defogger_disable.txt” lag nich auf dem Desktop. Es war jedoch eine „defogger_disable.log“ da. Hier der Inhalt: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:35 on 06/04/2013 (Thorben)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Schritt 2: Scan mit aswMBR Der scan wurde nach ca. 4 Minuten abgebrochen (WLAN war aus und Virenscanner war deaktiviert). Folgende Fehlermeldung ploppte auf: avast! Antirootkit funktioniert nicht mehr Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist. Der scan wurde mit der Einstellung „AV scan: (none)“ erneut gestartet und lief sauber durch. Hier das log-file: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-06 16:03:33
-----------------------------
16:03:33.601 OS Version: Windows x64 6.1.7601 Service Pack 1
16:03:33.601 Number of processors: 4 586 0x2A07
16:03:33.601 ComputerName: THORBEN-PC UserName: Thorben
16:03:35.208 Initialize success
16:03:50.262 AVAST engine defs: 13040600
16:03:59.544 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:03:59.544 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
16:03:59.700 Disk 0 MBR read successfully
16:03:59.700 Disk 0 MBR scan
16:03:59.732 Disk 0 unknown MBR code
16:03:59.747 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:03:59.763 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 414372 MB offset 206848
16:03:59.794 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 61440 MB offset 848840704
16:03:59.856 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 974669824
16:03:59.950 Disk 0 scanning C:\Windows\system32\drivers
16:04:15.051 Service scanning
16:04:42.850 Modules scanning
16:04:42.866 Disk 0 trace - called modules:
16:04:42.912 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:04:42.912 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006ff7060]
16:04:42.928 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8003cf8040]
16:04:42.944 5 ACPI.sys[fffff88000d4d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d9e050]
16:04:42.959 Scan finished successfully
16:05:25.672 Disk 0 MBR has been saved successfully to "C:\Thorben - Maja - Michaela - Michael\Michael\Virenmail\2013-04-07_1.ter step\MBR.dat"
16:05:25.688 The log file has been saved successfully to "C:\Thorben - Maja - Michaela - Michael\Michael\Virenmail\2013-04-07_1.ter step\aswMBR.txt"
Schritt 3: Scan mit dem TDSS-Killer Es wurde nichts gefunden, hier der Report: Code:
ATTFilter 16:12:35.0778 3720 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:12:36.0215 3720 ============================================================
16:12:36.0215 3720 Current date / time: 2013/04/06 16:12:36.0215
16:12:36.0215 3720 SystemInfo:
16:12:36.0215 3720
16:12:36.0215 3720 OS Version: 6.1.7601 ServicePack: 1.0
16:12:36.0215 3720 Product type: Workstation
16:12:36.0215 3720 ComputerName: THORBEN-PC
16:12:36.0215 3720 UserName: Thorben
16:12:36.0215 3720 Windows directory: C:\Windows
16:12:36.0215 3720 System windows directory: C:\Windows
16:12:36.0215 3720 Running under WOW64
16:12:36.0215 3720 Processor architecture: Intel x64
16:12:36.0215 3720 Number of processors: 4
16:12:36.0215 3720 Page size: 0x1000
16:12:36.0215 3720 Boot type: Normal boot
16:12:36.0215 3720 ============================================================
16:12:37.0213 3720 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:12:37.0213 3720 ============================================================
16:12:37.0213 3720 \Device\Harddisk0\DR0:
16:12:37.0229 3720 MBR partitions:
16:12:37.0229 3720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:12:37.0229 3720 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x32952000
16:12:37.0229 3720 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x32984800, BlocksNum 0x7800000
16:12:37.0229 3720 ============================================================
16:12:37.0244 3720 C: <-> \Device\Harddisk0\DR0\Partition2
16:12:37.0291 3720 D: <-> \Device\Harddisk0\DR0\Partition3
16:12:37.0291 3720 ============================================================
16:12:37.0291 3720 Initialize success
16:12:37.0291 3720 ============================================================
16:13:19.0926 4312 ============================================================
16:13:19.0926 4312 Scan started
16:13:19.0926 4312 Mode: Manual; TDLFS;
16:13:19.0926 4312 ============================================================
16:13:20.0613 4312 ================ Scan system memory ========================
16:13:20.0613 4312 System memory - ok
16:13:20.0613 4312 ================ Scan services =============================
16:13:20.0753 4312 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:13:20.0784 4312 1394ohci - ok
16:13:20.0831 4312 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:13:20.0878 4312 ACPI - ok
16:13:20.0893 4312 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:13:20.0909 4312 AcpiPmi - ok
16:13:21.0018 4312 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:13:21.0018 4312 AdobeARMservice - ok
16:13:21.0127 4312 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:13:21.0159 4312 AdobeFlashPlayerUpdateSvc - ok
16:13:21.0190 4312 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:13:21.0237 4312 adp94xx - ok
16:13:21.0283 4312 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:13:21.0299 4312 adpahci - ok
16:13:21.0330 4312 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:13:21.0346 4312 adpu320 - ok
16:13:21.0393 4312 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:13:21.0408 4312 AeLookupSvc - ok
16:13:21.0517 4312 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:13:21.0564 4312 AFD - ok
16:13:21.0595 4312 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:13:21.0595 4312 agp440 - ok
16:13:21.0627 4312 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:13:21.0642 4312 ALG - ok
16:13:21.0658 4312 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:13:21.0673 4312 aliide - ok
16:13:21.0673 4312 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:13:21.0689 4312 amdide - ok
16:13:21.0720 4312 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:13:21.0720 4312 AmdK8 - ok
16:13:21.0751 4312 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:13:21.0767 4312 AmdPPM - ok
16:13:21.0814 4312 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:13:21.0814 4312 amdsata - ok
16:13:21.0861 4312 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:13:21.0876 4312 amdsbs - ok
16:13:21.0923 4312 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:13:21.0923 4312 amdxata - ok
16:13:21.0970 4312 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
16:13:21.0985 4312 AMPPAL - ok
16:13:22.0001 4312 [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
16:13:22.0001 4312 AMPPALP - ok
16:13:22.0126 4312 [ A47D7FEBD9381D34DDB4FF38B15A67FE ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:13:22.0204 4312 AMPPALR3 - ok
16:13:22.0235 4312 [ 08D51900C07BAE4F1FC82FC669B99B79 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
16:13:22.0251 4312 AmUStor - ok
16:13:22.0313 4312 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:13:22.0329 4312 AntiVirSchedulerService - ok
16:13:22.0344 4312 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:13:22.0360 4312 AntiVirService - ok
16:13:22.0438 4312 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:13:22.0453 4312 AppID - ok
16:13:22.0485 4312 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:13:22.0500 4312 AppIDSvc - ok
16:13:22.0516 4312 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:13:22.0531 4312 Appinfo - ok
16:13:22.0547 4312 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:13:22.0563 4312 arc - ok
16:13:22.0578 4312 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:13:22.0594 4312 arcsas - ok
16:13:22.0641 4312 [ EFD89582B55DD32DC79C1A4EB54612A1 ] ASLDRService C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
16:13:22.0656 4312 ASLDRService - ok
16:13:22.0687 4312 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:13:22.0703 4312 AsyncMac - ok
16:13:22.0719 4312 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:13:22.0734 4312 atapi - ok
16:13:22.0765 4312 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:13:22.0812 4312 AudioEndpointBuilder - ok
16:13:22.0828 4312 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:13:22.0843 4312 AudioSrv - ok
16:13:22.0890 4312 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:13:22.0906 4312 avgntflt - ok
16:13:22.0953 4312 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:13:22.0968 4312 avipbb - ok
16:13:22.0984 4312 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:13:22.0984 4312 avkmgr - ok
16:13:23.0046 4312 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:13:23.0062 4312 AxInstSV - ok
16:13:23.0140 4312 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:13:23.0187 4312 b06bdrv - ok
16:13:23.0218 4312 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:13:23.0233 4312 b57nd60a - ok
16:13:23.0265 4312 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:13:23.0280 4312 BDESVC - ok
16:13:23.0280 4312 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:13:23.0296 4312 Beep - ok
16:13:23.0327 4312 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:13:23.0374 4312 BFE - ok
16:13:23.0421 4312 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:13:23.0467 4312 BITS - ok
16:13:23.0499 4312 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:13:23.0514 4312 blbdrive - ok
16:13:23.0592 4312 [ 5FF7B9916A10E8E69E7C0D16F0B4787A ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
16:13:23.0592 4312 Bluetooth Device Monitor - ok
16:13:23.0655 4312 [ E43D73CAF1023976EFBA1D0F0E69E271 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
16:13:23.0764 4312 Bluetooth Media Service - ok
16:13:23.0811 4312 [ 20427929646784A482DF34EF8C4FED23 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
16:13:23.0904 4312 Bluetooth OBEX Service - ok
16:13:23.0935 4312 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:13:23.0951 4312 bowser - ok
16:13:23.0967 4312 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:13:23.0982 4312 BrFiltLo - ok
16:13:23.0998 4312 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:13:23.0998 4312 BrFiltUp - ok
16:13:24.0029 4312 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:13:24.0045 4312 Browser - ok
16:13:24.0076 4312 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:13:24.0091 4312 Brserid - ok
16:13:24.0123 4312 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:13:24.0123 4312 BrSerWdm - ok
16:13:24.0138 4312 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:13:24.0138 4312 BrUsbMdm - ok
16:13:24.0169 4312 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:13:24.0169 4312 BrUsbSer - ok
16:13:24.0216 4312 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:13:24.0216 4312 BthEnum - ok
16:13:24.0247 4312 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:13:24.0263 4312 BTHMODEM - ok
16:13:24.0294 4312 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:13:24.0310 4312 BthPan - ok
16:13:24.0341 4312 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:13:24.0388 4312 BTHPORT - ok
16:13:24.0419 4312 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:13:24.0435 4312 bthserv - ok
16:13:24.0450 4312 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:13:24.0466 4312 BTHSSecurityMgr - ok
16:13:24.0497 4312 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:13:24.0513 4312 BTHUSB - ok
16:13:24.0544 4312 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\Windows\system32\drivers\btmaud.sys
16:13:24.0544 4312 btmaudio - ok
16:13:24.0575 4312 [ 75EAB5AAF6E9F83739249CE60B4B9C39 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
16:13:24.0591 4312 btmaux - ok
16:13:24.0606 4312 [ 0B1CC2221DC5990E4557A78CE9AFAD4F ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
16:13:24.0622 4312 btmhsf - ok
16:13:24.0669 4312 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:13:24.0684 4312 cdfs - ok
16:13:24.0715 4312 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:13:24.0731 4312 cdrom - ok
16:13:24.0778 4312 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:13:24.0778 4312 CertPropSvc - ok
16:13:24.0825 4312 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:13:24.0825 4312 circlass - ok
16:13:24.0856 4312 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:13:24.0887 4312 CLFS - ok
16:13:24.0965 4312 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:13:24.0981 4312 clr_optimization_v2.0.50727_32 - ok
16:13:25.0027 4312 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:13:25.0043 4312 clr_optimization_v2.0.50727_64 - ok
16:13:25.0105 4312 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:13:25.0121 4312 clr_optimization_v4.0.30319_32 - ok
16:13:25.0152 4312 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:13:25.0168 4312 clr_optimization_v4.0.30319_64 - ok
16:13:25.0215 4312 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
16:13:25.0215 4312 clwvd - ok
16:13:25.0246 4312 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:13:25.0261 4312 CmBatt - ok
16:13:25.0293 4312 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:13:25.0293 4312 cmdide - ok
16:13:25.0339 4312 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:13:25.0371 4312 CNG - ok
16:13:25.0433 4312 [ E0B53D1FEF69106B76C06A0D783916E8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
16:13:25.0527 4312 CnxtHdAudService - ok
16:13:25.0558 4312 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:13:25.0558 4312 Compbatt - ok
16:13:25.0589 4312 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:13:25.0605 4312 CompositeBus - ok
16:13:25.0620 4312 COMSysApp - ok
16:13:25.0636 4312 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:13:25.0636 4312 crcdisk - ok
16:13:25.0683 4312 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:13:25.0698 4312 CryptSvc - ok
16:13:25.0729 4312 [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
16:13:25.0745 4312 CxAudMsg - ok
16:13:25.0839 4312 [ 7F5CD87CA5BDB4D83F992D8C77201483 ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
16:13:25.0854 4312 CyberLink PowerDVD 10 MS Monitor Service - ok
16:13:25.0885 4312 [ 9FAF58E876A3B1DB3030A0A5805F2D86 ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
16:13:25.0917 4312 CyberLink PowerDVD 10 MS Service - ok
16:13:25.0963 4312 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:13:25.0995 4312 DcomLaunch - ok
16:13:26.0010 4312 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:13:26.0057 4312 defragsvc - ok
16:13:26.0073 4312 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:13:26.0088 4312 DfsC - ok
16:13:26.0119 4312 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:13:26.0151 4312 Dhcp - ok
16:13:26.0166 4312 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:13:26.0182 4312 discache - ok
16:13:26.0213 4312 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:13:26.0229 4312 Disk - ok
16:13:26.0244 4312 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:13:26.0260 4312 Dnscache - ok
16:13:26.0291 4312 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:13:26.0307 4312 dot3svc - ok
16:13:26.0322 4312 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:13:26.0353 4312 DPS - ok
16:13:26.0385 4312 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:13:26.0385 4312 drmkaud - ok
16:13:26.0431 4312 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:13:26.0478 4312 DXGKrnl - ok
16:13:26.0494 4312 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:13:26.0509 4312 EapHost - ok
16:13:26.0619 4312 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:13:26.0743 4312 ebdrv - ok
16:13:26.0775 4312 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:13:26.0775 4312 EFS - ok
16:13:26.0837 4312 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:13:26.0899 4312 ehRecvr - ok
16:13:26.0915 4312 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:13:26.0931 4312 ehSched - ok
16:13:26.0977 4312 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:13:27.0009 4312 elxstor - ok
16:13:27.0040 4312 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:13:27.0040 4312 ErrDev - ok
16:13:27.0102 4312 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:13:27.0133 4312 EventSystem - ok
16:13:27.0227 4312 [ B20A788579E443F768AAB1A24F705D0A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:13:27.0321 4312 EvtEng - ok
16:13:27.0352 4312 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:13:27.0367 4312 exfat - ok
16:13:27.0383 4312 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:13:27.0399 4312 fastfat - ok
16:13:27.0445 4312 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:13:27.0477 4312 Fax - ok
16:13:27.0492 4312 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:13:27.0492 4312 fdc - ok
16:13:27.0523 4312 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:13:27.0523 4312 fdPHost - ok
16:13:27.0539 4312 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:13:27.0555 4312 FDResPub - ok
16:13:27.0570 4312 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:13:27.0586 4312 FileInfo - ok
16:13:27.0601 4312 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:13:27.0617 4312 Filetrace - ok
16:13:27.0633 4312 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:13:27.0633 4312 flpydisk - ok
16:13:27.0664 4312 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:13:27.0695 4312 FltMgr - ok
16:13:27.0757 4312 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
16:13:27.0820 4312 FontCache - ok
16:13:27.0851 4312 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:13:27.0867 4312 FontCache3.0.0.0 - ok
16:13:27.0882 4312 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:13:27.0882 4312 FsDepends - ok
16:13:27.0913 4312 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:13:27.0913 4312 Fs_Rec - ok
16:13:27.0945 4312 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:13:27.0976 4312 fvevol - ok
16:13:28.0007 4312 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:13:28.0023 4312 gagp30kx - ok
16:13:28.0054 4312 [ 4E1D0A246E10CFDDBF856432418DE404 ] GFNEXSrv C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
16:13:28.0069 4312 GFNEXSrv - ok
16:13:28.0116 4312 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:13:28.0179 4312 gpsvc - ok
16:13:28.0210 4312 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:13:28.0241 4312 gupdate - ok
16:13:28.0257 4312 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:13:28.0257 4312 gupdatem - ok
16:13:28.0288 4312 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:13:28.0319 4312 gusvc - ok
16:13:28.0350 4312 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:13:28.0350 4312 hcw85cir - ok
16:13:28.0397 4312 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:13:28.0428 4312 HdAudAddService - ok
16:13:28.0459 4312 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:13:28.0491 4312 HDAudBus - ok
16:13:28.0506 4312 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:13:28.0506 4312 HidBatt - ok
16:13:28.0537 4312 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:13:28.0537 4312 HidBth - ok
16:13:28.0553 4312 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:13:28.0569 4312 HidIr - ok
16:13:28.0600 4312 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:13:28.0600 4312 hidserv - ok
16:13:28.0631 4312 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:13:28.0647 4312 HidUsb - ok
16:13:28.0662 4312 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:13:28.0678 4312 hkmsvc - ok
16:13:28.0693 4312 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:13:28.0725 4312 HomeGroupListener - ok
16:13:28.0756 4312 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:13:28.0771 4312 HomeGroupProvider - ok
16:13:28.0803 4312 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:13:28.0803 4312 HpSAMD - ok
16:13:28.0849 4312 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:13:28.0896 4312 HTTP - ok
16:13:28.0912 4312 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:13:28.0912 4312 hwpolicy - ok
16:13:28.0943 4312 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:13:28.0959 4312 i8042prt - ok
16:13:29.0005 4312 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:13:29.0021 4312 iaStor - ok
16:13:29.0052 4312 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:13:29.0052 4312 IAStorDataMgrSvc - ok
16:13:29.0083 4312 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:13:29.0115 4312 iaStorV - ok
16:13:29.0146 4312 [ 8A4EC1C3F10385181B1066120C610AE5 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
16:13:29.0161 4312 iBtFltCoex - ok
16:13:29.0208 4312 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:13:29.0286 4312 idsvc - ok
16:13:29.0614 4312 [ 978D876A581D57E0DE6437674EB0014D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:13:29.0988 4312 igfx - ok
16:13:30.0019 4312 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:13:30.0035 4312 iirsp - ok
16:13:30.0082 4312 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:13:30.0113 4312 IKEEXT - ok
16:13:30.0144 4312 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
16:13:30.0160 4312 intaud_WaveExtensible - ok
16:13:30.0207 4312 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:13:30.0222 4312 IntcDAud - ok
16:13:30.0238 4312 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:13:30.0238 4312 intelide - ok
16:13:30.0285 4312 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:13:30.0300 4312 intelppm - ok
16:13:30.0316 4312 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:13:30.0316 4312 IPBusEnum - ok
16:13:30.0363 4312 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:13:30.0363 4312 IpFilterDriver - ok
16:13:30.0409 4312 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:13:30.0441 4312 iphlpsvc - ok
16:13:30.0456 4312 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:13:30.0472 4312 IPMIDRV - ok
16:13:30.0487 4312 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:13:30.0503 4312 IPNAT - ok
16:13:30.0534 4312 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:13:30.0550 4312 IRENUM - ok
16:13:30.0550 4312 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:13:30.0565 4312 isapnp - ok
16:13:30.0597 4312 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:13:30.0612 4312 iScsiPrt - ok
16:13:30.0659 4312 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\drivers\iwdbus.sys
16:13:30.0675 4312 iwdbus - ok
16:13:30.0706 4312 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:13:30.0721 4312 kbdclass - ok
16:13:30.0737 4312 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:13:30.0737 4312 kbdhid - ok
16:13:30.0753 4312 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:13:30.0753 4312 KeyIso - ok
16:13:30.0784 4312 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:13:30.0799 4312 KSecDD - ok
16:13:30.0815 4312 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:13:30.0831 4312 KSecPkg - ok
16:13:30.0846 4312 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:13:30.0846 4312 ksthunk - ok
16:13:30.0893 4312 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:13:30.0909 4312 KtmRm - ok
16:13:30.0940 4312 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
16:13:30.0955 4312 L1C - ok
16:13:30.0987 4312 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:13:31.0018 4312 LanmanServer - ok
16:13:31.0033 4312 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:13:31.0049 4312 LanmanWorkstation - ok
16:13:31.0080 4312 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:13:31.0096 4312 lltdio - ok
16:13:31.0111 4312 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:13:31.0143 4312 lltdsvc - ok
16:13:31.0158 4312 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:13:31.0174 4312 lmhosts - ok
16:13:31.0221 4312 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:13:31.0252 4312 LMS - ok
16:13:31.0283 4312 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:13:31.0299 4312 LSI_FC - ok
16:13:31.0314 4312 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:13:31.0330 4312 LSI_SAS - ok
16:13:31.0345 4312 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:13:31.0345 4312 LSI_SAS2 - ok
16:13:31.0377 4312 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:13:31.0392 4312 LSI_SCSI - ok
16:13:31.0423 4312 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:13:31.0423 4312 luafv - ok
16:13:31.0455 4312 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:13:31.0470 4312 Mcx2Svc - ok
16:13:31.0486 4312 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:13:31.0501 4312 megasas - ok
16:13:31.0533 4312 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:13:31.0548 4312 MegaSR - ok
16:13:31.0564 4312 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
16:13:31.0579 4312 MEIx64 - ok
16:13:31.0611 4312 [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
16:13:31.0626 4312 MemeoBackgroundService - ok
16:13:31.0642 4312 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:13:31.0657 4312 MMCSS - ok
16:13:31.0673 4312 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:13:31.0689 4312 Modem - ok
16:13:31.0704 4312 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:13:31.0720 4312 monitor - ok
16:13:31.0751 4312 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:13:31.0751 4312 mouclass - ok
16:13:31.0782 4312 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:13:31.0798 4312 mouhid - ok
16:13:31.0829 4312 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:13:31.0829 4312 mountmgr - ok
16:13:31.0876 4312 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:13:31.0891 4312 mpio - ok
16:13:31.0907 4312 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:13:31.0923 4312 mpsdrv - ok
16:13:31.0954 4312 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:13:32.0001 4312 MpsSvc - ok
16:13:32.0016 4312 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:13:32.0032 4312 MRxDAV - ok
16:13:32.0063 4312 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:32.0079 4312 mrxsmb - ok
16:13:32.0110 4312 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:32.0125 4312 mrxsmb10 - ok
16:13:32.0141 4312 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:32.0157 4312 mrxsmb20 - ok
16:13:32.0172 4312 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:13:32.0172 4312 msahci - ok
16:13:32.0203 4312 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:13:32.0219 4312 msdsm - ok
16:13:32.0250 4312 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:13:32.0266 4312 MSDTC - ok
16:13:32.0297 4312 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:13:32.0297 4312 Msfs - ok
16:13:32.0328 4312 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:13:32.0328 4312 mshidkmdf - ok
16:13:32.0344 4312 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:13:32.0359 4312 msisadrv - ok
16:13:32.0375 4312 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:13:32.0391 4312 MSiSCSI - ok
16:13:32.0406 4312 msiserver - ok
16:13:32.0422 4312 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:13:32.0422 4312 MSKSSRV - ok
16:13:32.0437 4312 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:32.0437 4312 MSPCLOCK - ok
16:13:32.0453 4312 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:13:32.0453 4312 MSPQM - ok
16:13:32.0484 4312 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:13:32.0500 4312 MsRPC - ok
16:13:32.0531 4312 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:13:32.0531 4312 mssmbios - ok
16:13:32.0547 4312 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:13:32.0547 4312 MSTEE - ok
16:13:32.0562 4312 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:13:32.0578 4312 MTConfig - ok
16:13:32.0593 4312 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:13:32.0609 4312 Mup - ok
16:13:32.0656 4312 [ F217D7718FD7577AF331E89910B2D21E ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:13:32.0687 4312 MyWiFiDHCPDNS - ok
16:13:32.0734 4312 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:13:32.0749 4312 napagent - ok
16:13:32.0796 4312 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:13:32.0812 4312 NativeWifiP - ok
16:13:32.0874 4312 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:13:32.0921 4312 NDIS - ok
16:13:32.0952 4312 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:13:32.0952 4312 NdisCap - ok
16:13:32.0983 4312 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:32.0999 4312 NdisTapi - ok
16:13:33.0015 4312 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:33.0030 4312 Ndisuio - ok
16:13:33.0046 4312 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:33.0061 4312 NdisWan - ok
16:13:33.0093 4312 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:13:33.0093 4312 NDProxy - ok
16:13:33.0108 4312 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:13:33.0124 4312 NetBIOS - ok
16:13:33.0155 4312 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:13:33.0171 4312 NetBT - ok
16:13:33.0186 4312 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:13:33.0186 4312 Netlogon - ok
16:13:33.0233 4312 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:13:33.0264 4312 Netman - ok
16:13:33.0280 4312 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:13:33.0311 4312 netprofm - ok
16:13:33.0327 4312 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:13:33.0358 4312 NetTcpPortSharing - ok
16:13:33.0592 4312 [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
16:13:33.0857 4312 NETwNs64 - ok
16:13:33.0904 4312 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:13:33.0904 4312 nfrd960 - ok
16:13:33.0935 4312 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:13:33.0982 4312 NlaSvc - ok
16:13:33.0997 4312 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:13:34.0013 4312 Npfs - ok
16:13:34.0029 4312 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:13:34.0044 4312 nsi - ok
16:13:34.0044 4312 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:13:34.0060 4312 nsiproxy - ok
16:13:34.0122 4312 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:13:34.0216 4312 Ntfs - ok
16:13:34.0231 4312 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:13:34.0231 4312 Null - ok
16:13:34.0263 4312 [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
16:13:34.0263 4312 nusb3hub - ok
16:13:34.0294 4312 [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
16:13:34.0309 4312 nusb3xhc - ok
16:13:34.0653 4312 [ E97E8C80793EF12C994607CA5645799A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:13:35.0074 4312 nvlddmkm - ok
16:13:35.0105 4312 [ 50612BD6943B9CB20008E9E241DC8B7D ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
16:13:35.0121 4312 nvpciflt - ok
16:13:35.0152 4312 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:13:35.0167 4312 nvraid - ok
16:13:35.0199 4312 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:13:35.0214 4312 nvstor - ok
16:13:35.0277 4312 [ F355C26FDE46EDB911E3E3D749E985AE ] nvsvc C:\Windows\system32\nvvsvc.exe
16:13:35.0339 4312 nvsvc - ok
16:13:35.0433 4312 [ 03AA7307C0D92D38D7AF90E181736B8D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:13:35.0511 4312 nvUpdatusService - ok
16:13:35.0526 4312 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:13:35.0542 4312 nv_agp - ok
16:13:35.0635 4312 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:13:35.0682 4312 odserv - ok
16:13:35.0807 4312 [ B659DAD6C3D1860C7FCEB94FC2FE165C ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
16:13:35.0854 4312 OfficeSvc - ok
16:13:35.0885 4312 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:13:35.0901 4312 ohci1394 - ok
16:13:35.0947 4312 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:13:35.0979 4312 ose - ok
16:13:36.0181 4312 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:13:36.0337 4312 osppsvc - ok
16:13:36.0369 4312 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:13:36.0400 4312 p2pimsvc - ok
16:13:36.0431 4312 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:13:36.0462 4312 p2psvc - ok
16:13:36.0478 4312 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:13:36.0493 4312 Parport - ok
16:13:36.0509 4312 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:13:36.0525 4312 partmgr - ok
16:13:36.0540 4312 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:13:36.0556 4312 PcaSvc - ok
16:13:36.0571 4312 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:13:36.0603 4312 pci - ok
16:13:36.0618 4312 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:13:36.0618 4312 pciide - ok
16:13:36.0649 4312 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:13:36.0665 4312 pcmcia - ok
16:13:36.0696 4312 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:13:36.0712 4312 pcw - ok
16:13:36.0743 4312 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:13:36.0790 4312 PEAUTH - ok
16:13:36.0805 4312 [ EE926C59CBD4DC4DC9FBB85014A2F1A5 ] PEGAGFN C:\Program Files (x86)\PHotkey\PEGAGFN.sys
16:13:36.0821 4312 PEGAGFN - ok
16:13:36.0899 4312 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:13:36.0915 4312 PerfHost - ok
16:13:36.0977 4312 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:13:37.0055 4312 pla - ok
16:13:37.0117 4312 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:13:37.0149 4312 PlugPlay - ok
16:13:37.0164 4312 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:13:37.0180 4312 PNRPAutoReg - ok
16:13:37.0195 4312 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:13:37.0211 4312 PNRPsvc - ok
16:13:37.0242 4312 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:13:37.0273 4312 PolicyAgent - ok
16:13:37.0305 4312 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:13:37.0320 4312 Power - ok
16:13:37.0351 4312 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:13:37.0367 4312 PptpMiniport - ok
16:13:37.0383 4312 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:13:37.0398 4312 Processor - ok
16:13:37.0429 4312 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:13:37.0461 4312 ProfSvc - ok
16:13:37.0476 4312 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:13:37.0476 4312 ProtectedStorage - ok
16:13:37.0507 4312 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:13:37.0523 4312 Psched - ok
16:13:37.0554 4312 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
16:13:37.0570 4312 PSI_SVC_2 - ok
16:13:37.0679 4312 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:13:37.0757 4312 ql2300 - ok
16:13:37.0788 4312 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:13:37.0788 4312 ql40xx - ok
16:13:37.0819 4312 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:13:37.0851 4312 QWAVE - ok
16:13:37.0866 4312 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:13:37.0866 4312 QWAVEdrv - ok
16:13:37.0897 4312 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:13:37.0897 4312 RasAcd - ok
16:13:37.0929 4312 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:13:37.0929 4312 RasAgileVpn - ok
16:13:37.0960 4312 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:13:37.0960 4312 RasAuto - ok
16:13:37.0975 4312 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:13:37.0991 4312 Rasl2tp - ok
16:13:38.0007 4312 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:13:38.0053 4312 RasMan - ok
16:13:38.0069 4312 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:13:38.0085 4312 RasPppoe - ok
16:13:38.0085 4312 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:13:38.0100 4312 RasSstp - ok
16:13:38.0116 4312 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:13:38.0147 4312 rdbss - ok
16:13:38.0178 4312 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:13:38.0178 4312 rdpbus - ok
16:13:38.0194 4312 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:13:38.0194 4312 RDPCDD - ok
16:13:38.0225 4312 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:13:38.0225 4312 RDPENCDD - ok
16:13:38.0256 4312 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:13:38.0256 4312 RDPREFMP - ok
16:13:38.0287 4312 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:13:38.0303 4312 RDPWD - ok
16:13:38.0319 4312 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:13:38.0334 4312 rdyboost - ok
16:13:38.0397 4312 [ B9A0810D16EA7935B10A5499ABA61DC3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:13:38.0443 4312 RegSrvc - ok
16:13:38.0475 4312 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:13:38.0490 4312 RemoteAccess - ok
16:13:38.0521 4312 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:13:38.0537 4312 RemoteRegistry - ok
16:13:38.0584 4312 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:13:38.0599 4312 RFCOMM - ok
16:13:38.0662 4312 [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
16:13:38.0693 4312 RichVideo64 - ok
16:13:38.0709 4312 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:13:38.0724 4312 RpcEptMapper - ok
16:13:38.0740 4312 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:13:38.0755 4312 RpcLocator - ok
16:13:38.0771 4312 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:13:38.0787 4312 RpcSs - ok
16:13:38.0818 4312 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:13:38.0833 4312 rspndr - ok
16:13:38.0833 4312 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:13:38.0849 4312 SamSs - ok
16:13:38.0865 4312 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:13:38.0880 4312 sbp2port - ok
16:13:38.0896 4312 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:13:38.0927 4312 SCardSvr - ok
16:13:38.0927 4312 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:13:38.0943 4312 scfilter - ok
16:13:38.0989 4312 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:13:39.0036 4312 Schedule - ok
16:13:39.0067 4312 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:13:39.0067 4312 SCPolicySvc - ok
16:13:39.0083 4312 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:13:39.0114 4312 SDRSVC - ok
16:13:39.0130 4312 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:13:39.0130 4312 secdrv - ok
16:13:39.0145 4312 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:13:39.0161 4312 seclogon - ok
16:13:39.0177 4312 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:13:39.0192 4312 SENS - ok
16:13:39.0192 4312 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:13:39.0208 4312 SensrSvc - ok
16:13:39.0239 4312 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:13:39.0239 4312 Serenum - ok
16:13:39.0270 4312 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:13:39.0286 4312 Serial - ok
16:13:39.0317 4312 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:13:39.0333 4312 sermouse - ok
16:13:39.0364 4312 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:13:39.0379 4312 SessionEnv - ok
16:13:39.0395 4312 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:13:39.0411 4312 sffdisk - ok
16:13:39.0442 4312 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:13:39.0442 4312 sffp_mmc - ok
16:13:39.0457 4312 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:13:39.0473 4312 sffp_sd - ok
16:13:39.0489 4312 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:13:39.0489 4312 sfloppy - ok
16:13:39.0535 4312 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:13:39.0567 4312 SharedAccess - ok
16:13:39.0582 4312 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:13:39.0613 4312 ShellHWDetection - ok
16:13:39.0645 4312 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:13:39.0645 4312 SiSRaid2 - ok
16:13:39.0660 4312 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:13:39.0676 4312 SiSRaid4 - ok
16:13:39.0707 4312 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:13:39.0723 4312 Smb - ok
16:13:39.0769 4312 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:13:39.0769 4312 SNMPTRAP - ok
16:13:39.0785 4312 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:13:39.0801 4312 spldr - ok
16:13:39.0832 4312 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:13:39.0863 4312 Spooler - ok
16:13:39.0957 4312 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:13:40.0081 4312 sppsvc - ok
16:13:40.0097 4312 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:13:40.0113 4312 sppuinotify - ok
16:13:40.0144 4312 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:13:40.0175 4312 srv - ok
16:13:40.0206 4312 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:13:40.0253 4312 srv2 - ok
16:13:40.0269 4312 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:13:40.0284 4312 srvnet - ok
16:13:40.0315 4312 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:13:40.0347 4312 SSDPSRV - ok
16:13:40.0362 4312 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:13:40.0378 4312 SstpSvc - ok
16:13:40.0409 4312 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:13:40.0409 4312 stexstor - ok
16:13:40.0456 4312 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:13:40.0503 4312 stisvc - ok
16:13:40.0518 4312 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:13:40.0534 4312 swenum - ok
16:13:40.0549 4312 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:13:40.0612 4312 swprv - ok
16:13:40.0643 4312 [ 772493A8945495F1A287BF6C4CA25B48 ] SynTP C:\Windows\system32\drivers\SynTP.sys
16:13:40.0674 4312 SynTP - ok
16:13:40.0737 4312 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:13:40.0799 4312 SysMain - ok
16:13:40.0830 4312 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:13:40.0846 4312 TabletInputService - ok
16:13:40.0861 4312 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:13:40.0893 4312 TapiSrv - ok
16:13:40.0924 4312 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:13:40.0924 4312 TBS - ok
16:13:41.0017 4312 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:13:41.0111 4312 Tcpip - ok
16:13:41.0205 4312 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:13:41.0236 4312 TCPIP6 - ok
16:13:41.0267 4312 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:13:41.0267 4312 tcpipreg - ok
16:13:41.0298 4312 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:13:41.0314 4312 TDPIPE - ok
16:13:41.0329 4312 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:13:41.0345 4312 TDTCP - ok
16:13:41.0361 4312 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:13:41.0376 4312 tdx - ok
16:13:41.0392 4312 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:13:41.0392 4312 TermDD - ok
16:13:41.0439 4312 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:13:41.0470 4312 TermService - ok
16:13:41.0485 4312 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:13:41.0501 4312 Themes - ok
16:13:41.0532 4312 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:13:41.0548 4312 THREADORDER - ok
16:13:41.0563 4312 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:13:41.0579 4312 TrkWks - ok
16:13:41.0626 4312 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:13:41.0641 4312 TrustedInstaller - ok
16:13:41.0657 4312 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:13:41.0657 4312 tssecsrv - ok
16:13:41.0688 4312 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:13:41.0688 4312 TsUsbFlt - ok
16:13:41.0719 4312 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:13:41.0735 4312 TsUsbGD - ok
16:13:41.0766 4312 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:13:41.0782 4312 tunnel - ok
16:13:41.0797 4312 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:13:41.0813 4312 uagp35 - ok
16:13:41.0844 4312 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:13:41.0860 4312 udfs - ok
16:13:41.0891 4312 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:13:41.0907 4312 UI0Detect - ok
16:13:41.0938 4312 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:13:41.0953 4312 uliagpkx - ok
16:13:41.0985 4312 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:13:41.0985 4312 umbus - ok
16:13:42.0000 4312 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:13:42.0016 4312 UmPass - ok
16:13:42.0125 4312 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:13:42.0219 4312 UNS - ok
16:13:42.0250 4312 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:13:42.0281 4312 upnphost - ok
16:13:42.0297 4312 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:13:42.0312 4312 usbccgp - ok
16:13:42.0328 4312 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:13:42.0343 4312 usbcir - ok
16:13:42.0359 4312 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:13:42.0375 4312 usbehci - ok
16:13:42.0390 4312 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
16:13:42.0421 4312 usbhub - ok
16:13:42.0437 4312 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:13:42.0453 4312 usbohci - ok
16:13:42.0468 4312 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:13:42.0484 4312 usbprint - ok
16:13:42.0515 4312 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:13:42.0531 4312 usbscan - ok
16:13:42.0562 4312 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:13:42.0577 4312 USBSTOR - ok
16:13:42.0593 4312 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:13:42.0593 4312 usbuhci - ok
16:13:42.0624 4312 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:13:42.0640 4312 usbvideo - ok
16:13:42.0671 4312 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:13:42.0687 4312 UxSms - ok
16:13:42.0687 4312 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:13:42.0702 4312 VaultSvc - ok
16:13:42.0718 4312 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:13:42.0733 4312 vdrvroot - ok
16:13:42.0749 4312 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:13:42.0811 4312 vds - ok
16:13:42.0843 4312 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:13:42.0843 4312 vga - ok
16:13:42.0858 4312 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:13:42.0874 4312 VgaSave - ok
16:13:42.0889 4312 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:13:42.0921 4312 vhdmp - ok
16:13:42.0936 4312 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:13:42.0952 4312 viaide - ok
16:13:42.0967 4312 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:13:42.0983 4312 volmgr - ok
16:13:42.0999 4312 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:13:43.0030 4312 volmgrx - ok
16:13:43.0061 4312 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:13:43.0077 4312 volsnap - ok
16:13:43.0123 4312 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:13:43.0139 4312 vsmraid - ok
16:13:43.0186 4312 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:13:43.0279 4312 VSS - ok
16:13:43.0295 4312 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:13:43.0311 4312 vwifibus - ok
16:13:43.0326 4312 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:13:43.0342 4312 vwififlt - ok
16:13:43.0357 4312 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:13:43.0357 4312 vwifimp - ok
16:13:43.0404 4312 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:13:43.0435 4312 W32Time - ok
16:13:43.0467 4312 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:13:43.0467 4312 WacomPen - ok
16:13:43.0498 4312 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:13:43.0513 4312 WANARP - ok
16:13:43.0529 4312 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:13:43.0529 4312 Wanarpv6 - ok
16:13:43.0560 4312 [ 261A725F8ACEDDA695C7FFF6D6EDE6B5 ] watchmi C:\Program Files (x86)\watchmi\TvdService.exe
16:13:43.0576 4312 watchmi - ok
16:13:43.0654 4312 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:13:43.0716 4312 wbengine - ok
16:13:43.0732 4312 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:13:43.0763 4312 WbioSrvc - ok
16:13:43.0779 4312 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:13:43.0810 4312 wcncsvc - ok
16:13:43.0841 4312 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:13:43.0841 4312 WcsPlugInService - ok
16:13:43.0872 4312 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:13:43.0872 4312 Wd - ok
16:13:43.0919 4312 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:13:43.0981 4312 Wdf01000 - ok
16:13:43.0997 4312 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:13:44.0013 4312 WdiServiceHost - ok
16:13:44.0028 4312 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:13:44.0044 4312 WdiSystemHost - ok
16:13:44.0059 4312 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:13:44.0091 4312 WebClient - ok
16:13:44.0106 4312 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:13:44.0122 4312 Wecsvc - ok
16:13:44.0137 4312 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:13:44.0153 4312 wercplsupport - ok
16:13:44.0184 4312 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:13:44.0200 4312 WerSvc - ok
16:13:44.0247 4312 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:13:44.0247 4312 WfpLwf - ok
16:13:44.0262 4312 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:13:44.0278 4312 WIMMount - ok
16:13:44.0309 4312 WinDefend - ok
16:13:44.0309 4312 WinHttpAutoProxySvc - ok
16:13:44.0371 4312 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:13:44.0403 4312 Winmgmt - ok
16:13:44.0465 4312 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:13:44.0559 4312 WinRM - ok
16:13:44.0605 4312 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
16:13:44.0621 4312 WinUsb - ok
16:13:44.0652 4312 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:13:44.0699 4312 Wlansvc - ok
16:13:44.0730 4312 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:13:44.0746 4312 wlcrasvc - ok
16:13:44.0839 4312 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:13:44.0917 4312 wlidsvc - ok
16:13:44.0917 4312 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:13:44.0933 4312 WmiAcpi - ok
16:13:44.0964 4312 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:13:44.0980 4312 wmiApSrv - ok
16:13:45.0027 4312 WMPNetworkSvc - ok
16:13:45.0042 4312 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:13:45.0058 4312 WPCSvc - ok
16:13:45.0073 4312 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:13:45.0089 4312 WPDBusEnum - ok
16:13:45.0120 4312 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:13:45.0120 4312 ws2ifsl - ok
16:13:45.0151 4312 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:13:45.0167 4312 wscsvc - ok
16:13:45.0167 4312 WSearch - ok
16:13:45.0261 4312 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:13:45.0354 4312 wuauserv - ok
16:13:45.0370 4312 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:13:45.0385 4312 WudfPf - ok
16:13:45.0401 4312 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:13:45.0417 4312 WUDFRd - ok
16:13:45.0448 4312 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:13:45.0463 4312 wudfsvc - ok
16:13:45.0479 4312 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:13:45.0495 4312 WwanSvc - ok
16:13:45.0541 4312 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
16:13:45.0557 4312 xusb21 - ok
16:13:45.0588 4312 ================ Scan global ===============================
16:13:45.0604 4312 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:13:45.0635 4312 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:13:45.0682 4312 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:13:45.0713 4312 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:13:45.0760 4312 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:13:45.0791 4312 [Global] - ok
16:13:45.0791 4312 ================ Scan MBR ==================================
16:13:45.0807 4312 [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
16:13:51.0766 4312 \Device\Harddisk0\DR0 - ok
16:13:51.0766 4312 ================ Scan VBR ==================================
16:13:51.0781 4312 [ 8258BDA4AD2F287A4770B18255AEF14A ] \Device\Harddisk0\DR0\Partition1
16:13:51.0781 4312 \Device\Harddisk0\DR0\Partition1 - ok
16:13:51.0813 4312 [ A07423F1CF94CBFC342FB18D08226CE4 ] \Device\Harddisk0\DR0\Partition2
16:13:51.0828 4312 \Device\Harddisk0\DR0\Partition2 - ok
16:13:51.0859 4312 [ 741F0DF247989B217406A831BC9782F7 ] \Device\Harddisk0\DR0\Partition3
16:13:51.0859 4312 \Device\Harddisk0\DR0\Partition3 - ok
16:13:51.0859 4312 ============================================================
16:13:51.0859 4312 Scan finished
16:13:51.0859 4312 ============================================================
16:13:51.0891 0804 Detected object count: 0
16:13:51.0891 0804 Actual detected object count: 0
Schritt 4: Scan mit DDS+ (mit attach) Hier das dds-logfile: DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470
Run by Thorben at 16:31:24 on 2013-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4007.2411 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\watchmi\TvdService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\PHotkey\PHotkey.exe
C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\PHotkey\ATouch64.exe
C:\Program Files (x86)\PHotkey\PVDesktop.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\PHotkey\PVDAgent.exe
C:\Program Files (x86)\PHotkey\POSD.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uDefault_Page_URL = hxxp://www.aldi.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Thorben\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - C:\ANWEND~1\Arbeit\OFFICE~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{3A44F70F-91A9-4ED3-A205-E742C1166F1C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D4ECBD93-2721-4AC3-95B0-64293A4227C1} : DHCPNameServer = 192.168.2.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-11-10 28992]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-4-2 28600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-7 86752]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-7 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-4-2 100712]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-11-10 198784]
R2 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [2011-4-14 70952]
R2 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service;C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [2011-4-14 312616]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [2011-11-10 156672]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-10 13592]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-9-28 25824]
R2 OfficeSvc;Microsoft Office-Dienst;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-2 1861288]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\PHotkey\PEGAGFN.sys [2011-11-10 14344]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-11-17 386344]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-10 2655768]
R2 watchmi;watchmi service;C:\Program Files (x86)\watchmi\TvdService.exe [2011-10-7 70144]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-5-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-5-19 53248]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-7-20 282624]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-11-17 31216]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-7-20 59904]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-11-10 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-9-9 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-11-3 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-4-13 87552]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-4-13 207872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-10-23 46592]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-9-9 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-16 340240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-04-06 13:14:28 -------- d-----w- C:\Users\Thorben\AppData\Local\{1F9CF275-7A46-4E69-9FAE-B89C9781D9CD}
2013-04-05 22:34:53 -------- d-----w- C:\Users\Thorben\AppData\Local\{6094306D-A79B-48D5-B951-3D8DBD834135}
2013-04-03 20:58:18 -------- d-----w- C:\Users\Thorben\AppData\Local\{27581484-ACC4-4052-BF15-C471E0CB8669}
2013-04-02 19:37:58 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-04-02 19:37:58 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-04-02 19:18:16 -------- d-----w- C:\Users\Thorben\AppData\Local\{886DEA3B-74E2-43D6-8F89-52A4236BD831}
2013-04-02 18:43:18 -------- d-----w- C:\Users\Thorben\AppData\Local\{7A339863-DE41-4947-9C64-0CA5FBC087C7}
2013-04-01 21:39:22 -------- d-----w- C:\Users\Thorben\AppData\Local\{063AFCE1-8E62-44AE-8295-38FEA7DBE635}
2013-03-29 11:35:56 -------- d-----w- C:\Users\Thorben\AppData\Local\{331BFC02-BEF6-40C2-9701-8557D768C43D}
2013-03-25 22:07:02 -------- d-----w- C:\Users\Thorben\AppData\Roaming\Veuva
2013-03-25 22:07:02 -------- d-----w- C:\Users\Thorben\AppData\Roaming\Ulvus
2013-03-25 22:07:02 -------- d-----w- C:\Users\Thorben\AppData\Roaming\Tuyr
2013-03-25 21:09:37 -------- d-----w- C:\Users\Thorben\AppData\Local\{6D4A2C70-EC02-4153-BB81-39B627FB4CE6}
2013-03-23 16:36:40 -------- d-----w- C:\Users\Thorben\AppData\Local\{203100CB-512A-4E6A-89E3-70D4B7517F29}
2013-03-22 18:16:15 -------- d-----w- C:\Users\Thorben\AppData\Local\{3024DA7D-C719-4142-8BB0-404B2BF119FE}
2013-03-20 21:44:30 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-19 20:15:51 -------- d-----w- C:\Users\Thorben\AppData\Local\{F9099AF7-1289-474D-92A3-61577A40DB38}
2013-03-18 21:50:15 -------- d-----w- C:\Users\Thorben\AppData\Local\Paint.NET
2013-03-17 15:30:57 -------- d-----w- C:\Users\Thorben\AppData\Local\{92C6D5BE-B2F6-4667-8205-E15CCB739473}
2013-03-16 19:24:29 -------- d-----w- C:\Users\Thorben\AppData\Local\{9874D570-CC26-4309-A7DF-0D340B1193F2}
2013-03-13 14:40:05 -------- d-----w- C:\Users\Thorben\AppData\Local\{8A9BE8B3-FE32-48A2-90BC-3FEDF29579C2}
2013-03-11 16:38:07 -------- d-----w- C:\Users\Thorben\AppData\Local\{65C9A795-7848-4947-821D-D14DEBDE50B8}
2013-03-09 21:35:09 -------- d-----w- C:\Users\Thorben\AppData\Local\{1EB5C19E-C5E8-4979-A175-8A69063BF455}
2013-03-08 10:29:59 -------- d-----w- C:\Users\Thorben\AppData\Local\{E8D42D29-5976-4178-8BF9-0FCCEE118644}
.
==================== Find3M ====================
.
2013-03-14 20:22:50 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 20:22:50 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-04 08:07:22 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2013-03-04 08:07:22 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 16:32:05,88 ===============
--- --- --- Hier das attach-logfile: Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17.02.2012 09:55:01
System Uptime: 06.04.2013 15:10:47 (1 hours ago)
.
Motherboard: Medion | | P6634
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU 1 | 782/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 405 GiB total, 314,39 GiB free.
D: is FIXED (NTFS) - 60 GiB total, 30,006 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP63: 21.03.2013 18:28:05 - Windows Update
RP64: 29.03.2013 12:40:35 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6) MUI
Adobe Shockwave Player 11.6
AeroFly Professional Deluxe
AeroFly Professional Deluxe AddOn FMT Magazin
Alcor Micro USB Card Reader
ALDI SÜD Mah Jong
AMI VR-pulse OS Switcher
Ashampoo Burning Studio
Ashampoo Photo Commander
Ashampoo Photo Optimizer
Ashampoo Snap
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Avira Free Antivirus
Conexant HD Audio
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Corel Graphics - Windows Shell Extension
Corel Graphics - Windows Shell Extension 64 Bit
CorelDRAW Essentials X5
CorelDRAW Essentials X5 - Common
CorelDRAW Essentials X5 - Connect
CorelDRAW Essentials X5 - Custom Data
CorelDRAW Essentials X5 - DE
CorelDRAW Essentials X5 - Draw
CorelDRAW Essentials X5 - EN
CorelDRAW Essentials X5 - ES
CorelDRAW Essentials X5 - Extra Content
CorelDRAW Essentials X5 - Filters
CorelDRAW Essentials X5 - FR
CorelDRAW Essentials X5 - IPM
CorelDRAW Essentials X5 - IT
CorelDRAW Essentials X5 - PHOTO-PAINT
CorelDRAW Essentials X5 - Redist
CorelDRAW Essentials X5 - Setup Files
CorelDRAW Essentials X5 - WT
CyberLink LabelPrint
CyberLink MediaEspresso
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 10
CyberLink PowerDVD Copy
CyberLink PowerProducer
CyberLink WaveEditor
CyberLink YouCam 5
D3DX10
Dolby Advanced Audio v2
DVD Shrink 3.2
DVD Shrink 3.2 deutsch (DeCSS-frei)
Fotogalerija Windows Live
Free M4a to MP3 Converter 7.0
Free YouTube to MP3 Converter version 3.11.17.319
Fritz und Fertig 1
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) WiDi
Intel(R) Wireless Display
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 29 (64-bit)
Junk Mail filter update
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
Landwirtschafts Simulator 2011
LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket
LEGO MINDSTORMS NXT Software v2.0
LEGO MINDSTORMS NXT x64 Driver
LEGO MINDSTORMS NXT x64 Driver Support
LEGO® Star Wars™: Die Komplette Saga
LEGO® Star Wars™: The Complete Saga
Medion Home Cinema
Mein CEWE FOTOBUCH
Memeo Instant Backup
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mathematics (64-Bit)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Plus 2013 - de-de
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Xbox 360 Accessories 1.2
Moorhuhn Piraten
Mp3tag v2.51
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
Nero 6 (32-bit)
NI VC2008MSMs x64
NI VC2008MSMs x86
NVIDIA Control Panel 285.64
NVIDIA Graphics Driver 285.64
NVIDIA Install Application
NVIDIA Optimus 1.5.20
NVIDIA PhysX
NVIDIA Update Components
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Paint.NET v3.5.10
PCSUITE SHREDDER
PDFCreator
phase-6 2.3.1a
PHotkey
PlayReady PC Runtime amd64
Pošta Windows Live
Raccolta foto di Windows Live
Renesas Electronics USB 3.0 Host Controller Driver
Schach.de
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SL-6555-SBK
Spelling Dictionaries Support For Adobe Reader X
swMSM
Synaptics Pointing Device Driver
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Versandhelfer
VLC media player 2.0.0
watchmi
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Youda Legend
.
==== End Of File ===========================
So, hoffe habe alles richtig gemacht! Gruß Michael |
|
06.04.2013, 15:54
| #4 |
| /// TB-Ausbilder | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Ja alles prima und ein ganz schlimmer Schädling ist es schonmal nicht. Weiter: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
06.04.2013, 16:57
| #5 |
| | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Hallo Ryder, das geht ja schnell….. Habe WLAN ausgeschaltet und bei AVIRA den Echtzeit-Scanner deaktiviert. Trotz allem meckerte AVIRA kurz und meldete „Registry blockiert“. Combofix wurde gestartet. Es öffnete sich ein Fenster in dem folgende Meldungen erschienen: Code:
ATTFilter Suche nach infizierten Dateien….
Dies dauert normalerweise nicht länger als 10 Minuten.
Die Scanzeit für stark infizierte Rechner kann sich leicht verdoppeln.
Fertiggestellt Stufe_1
Fertiggestellt Stufe_2
Fertiggestellt Stufe_3
Fertiggestellt Stufe_4
Ein Logfile wurde nicht erstellt. Ich habe nun das oben beschriebene „Combofix-Fenster“ geschlossen und diese Antwort verfasst. Soll ich AVIRA ganz abschalten (wie geht das überhaupt?)? In diesem Zusammenhang: Im AVIRA-Quarantäne-Ordner liegen folgende Dateien/Meldungen: TR/PSW.Zbot.73728.247 (Quelle C:\Users\Thorben\Appdata\Roaming\ie_util.exe) TR/Spy.ZBot.akt (Quelle C:\Users\Thorben\Appdata\Roaming\Voges\xaeja.exe) TR/Spy.ZBot.jxyx (Quelle C:\Users\Thorben\Appdata\Roaming\Ulvus\yhgo.exe) Gruß Michael |
|
06.04.2013, 17:00
| #6 |
| /// TB-Ausbilder | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Bitte Combofix.exe umbenennen in NoMBR.exe und nochmals probieren.
__________________ --> Verdacht auf Tojaner - ZeuS + ZBot + Incredibar |
|
06.04.2013, 18:14
| #7 |
| | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Hallo Ryder, nun hats funktioniert. Hier das ComboFix-Logfile: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 13-04-06.01 - Thorben 06.04.2013 18:46:03.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4007.2277 [GMT 2:00]
ausgeführt von:: c:\users\Thorben\Desktop\NoMBR.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Roaming
c:\users\Thorben\AppData\Roaming\.#
c:\users\Thorben\AppData\Roaming\.#\MBX@193C@2C2740.###
c:\users\Thorben\AppData\Roaming\.#\MBX@193C@2C2770.###
c:\users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
c:\users\Thorben\AppData\Roaming\skype.dat
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-06 bis 2013-04-06 ))))))))))))))))))))))))))))))
.
.
2013-04-06 16:53 . 2013-04-06 16:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-06 16:53 . 2013-04-06 16:53 -------- d-----w- c:\users\Thorben_2\AppData\Local\temp
2013-04-06 16:53 . 2013-04-06 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-02 19:37 . 2013-04-02 19:37 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-02 19:37 . 2013-04-02 19:37 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-04-02 19:37 . 2013-04-02 19:37 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-25 22:07 . 2013-04-05 07:50 -------- d-----w- c:\users\Thorben\AppData\Roaming\Ulvus
2013-03-25 22:07 . 2013-04-04 14:43 -------- d-----w- c:\users\Thorben\AppData\Roaming\Veuva
2013-03-25 22:07 . 2013-03-25 22:07 -------- d-----w- c:\users\Thorben\AppData\Roaming\Tuyr
2013-03-20 21:44 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-18 21:50 . 2013-03-18 23:14 -------- d-----w- c:\users\Thorben\AppData\Local\Paint.NET
2013-03-13 15:58 . 2013-03-13 15:58 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 15:58 . 2013-03-13 15:58 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 20:22 . 2012-05-17 21:50 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 20:22 . 2011-11-07 16:44 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 16:00 . 2011-11-03 20:34 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 15:00 . 2013-03-01 23:07 563312 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-03-04 08:07 . 2012-09-11 20:08 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-04 08:07 . 2012-09-11 20:08 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-02-12 05:45 . 2013-03-13 15:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 15:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 15:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 15:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 15:23 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 15:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-28 00:14 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 00:14 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 00:14 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 00:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 00:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 00:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 00:14 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 00:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 00:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 00:14 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 00:14 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 00:14 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 00:14 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 00:14 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 00:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 00:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 00:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 00:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 00:14 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 00:14 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 00:14 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 00:14 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 00:14 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 00:14 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 00:14 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 00:14 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 00:14 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 00:14 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 00:14 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 00:14 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 00:14 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 00:14 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 00:14 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 00:14 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 00:14 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 00:14 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 00:14 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 00:14 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 00:14 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 00:14 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 00:14 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 00:14 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 00:14 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 00:14 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 00:14 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 00:14 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 00:14 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 00:14 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 00:14 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 00:14 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 00:14 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-03-13 15:13 1722976 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-03-13 15:13 1722976 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-03-13 15:13 1722976 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-02-03 506712]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-02 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-10-23 46592]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-09-09 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-16 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-02 28600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-04-02 86752]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [2011-04-13 70952]
S2 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [2011-04-13 312616]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe [2011-10-13 156672]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
S2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-02-25 1861288]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys [2009-09-11 14344]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2011-10-07 70144]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31216]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2011-09-09 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-04-13 87552]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-04-13 207872]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-01 20:30 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 20:22]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 08:47]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 08:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-03-13 15:13 2325624 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-03-13 15:13 2325624 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-03-13 15:13 2325624 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-03 392472]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Thorben\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\anwend~1\Arbeit\OFFICE~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
AddRemove-DVD Shrink DE_is1 - c:\anwendungen\Tools\DVD Shrink\DVD Shrink DE\unins000.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_¯\00\00¯\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~¯\00\00¯\00\00\00\00x\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-06 18:56:10
ComboFix-quarantined-files.txt 2013-04-06 16:56
.
Vor Suchlauf: 16 Verzeichnis(se), 337.786.916.864 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 337.173.016.576 Bytes frei
.
- - End Of File - - F287DA19C8CCD1598D0DACF6703E1B95
Gruß Michael |
|
06.04.2013, 18:57
| #8 |
| /// TB-Ausbilder | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Okay dann weiter: Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: Scan mit MBAR Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
06.04.2013, 21:11
| #9 |
| | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Hallo Ryder, weiter geht’s….. Schritt 1: Deinstallation von Programmen entfernt wurden: - Google Toolbar for Internet Explorer - Java(TM) 6 Update 29 - Java(TM) 6 Update 29 (64-bit) Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Hier der Logfile: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 06/04/2013 um 21:07:27 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Thorben - THORBEN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Thorben\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Thorben\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Thorben\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Thorben_2\AppData\LocalLow\incredibar.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [2103 octets] - [06/04/2013 21:07:27]
########## EOF - C:\AdwCleaner[S1].txt - [2163 octets] ##########
Schritt 3: Scan mit MBAR Hier kam die Meldung: Scan Finished: No malware found! Und hier der Logfile: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.06.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thorben :: THORBEN-PC [administrator]
06.04.2013 21:59:09
mbar-log-2013-04-06 (21-59-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30618
Time elapsed: 12 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Gruß Michael |
|
07.04.2013, 09:10
| #10 |
| /// TB-Ausbilder | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Prima. Wir prüfen dann gerade noch deine Sicherheit. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 2: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
07.04.2013, 22:44
| #11 |
| | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Hallo Ryder, nach ca. 5 Std. Suchlauf (1 Trojaner wurde gefunden) hier das Logfile von ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=89b18986ca167b4a8a0aade374888d27
# engine=13567
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-07 04:37:24
# local_time=2013-04-07 06:37:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 1046 230775934 0 0
# compatibility_mode=5893 16776574 100 94 35139110 116982494 0 0
# scanned=7
# found=0
# cleaned=0
# scan_time=5
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=89b18986ca167b4a8a0aade374888d27
# engine=13567
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-07 09:13:28
# local_time=2013-04-07 11:13:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 17610 230792498 10385 0
# compatibility_mode=5893 16776574 100 94 34316874 116999058 0 0
# scanned=284236
# found=1
# cleaned=0
# scan_time=16484
sh=26F24A6DC8F344DFE386FE1899D7061AD8453C7E ft=1 fh=5c77f78f901270c8 vn="a variant of Win32/Kryptik.AXPR trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Thorben\AppData\Roaming\skype.dat.vir"
…und hier das Logfile von SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Google Chrome 25.0.1364.172
Google Chrome 26.0.1410.43
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Schönen Sonntag noch und viel Ruhe an deinem "freien" Montag!  Gruß Michael |
|
09.04.2013, 10:55
| #12 |
| /// TB-Ausbilder | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Jepp den haben wir schon erledigt. Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: ESET deinstallieren (Optional)
Abschließend noch Tipps zu folgenden Themen:
Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
 Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
09.04.2013, 21:42
| #13 |
| | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Hallo ryder, habe nun alle Punkte abgearbeitet. Wie empfohlen habe ich die updates durchgeführt und ESET + MALWAREBYTES installiert. Ich bedanke mich sehr für deine Hilfe und die investierte Zeit! Vielen, vielen Dank! Gruß Michael |
|
10.04.2013, 13:25
| #14 |
| /// TB-Ausbilder | Verdacht auf Tojaner - ZeuS + ZBot + Incredibar Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Verdacht auf Tojaner - ZeuS + ZBot + Incredibar |
| absturz, adobe, antivir, avira, bho, browser, converter, defender, desktop, ebay, excel, firefox, flash player, format, helper, home, logfile, mp3, nvpciflt.sys, plug-in, registry, scan, schach, software, spielen, system, tojaner, usb, windows |
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
