| |
| |||||||
Log-Analyse und Auswertung: System Care AntivirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
18.06.2013, 15:07
| #1 | |
 |  System Care Antivirus Hallo zusammen, ich war, wie mein Leidensgenosse bertram1, auch von "System Care Antivirus" befallen und würde mich freuen, wenn ihr mir weiterhelfen könntet! siehe hier: http://www.trojaner-board.de/135241-...us-befall.html Nach erster Recherche im Internet habe ich den Ordner "08D6D9468F1EC0A3000008D6D074C5AA" im abgesicherten Modus gelöscht, seit dem habe ich wieder vollen zugriff auf mein System. Ob dies wirklich gut war... der Ordner wurde aber wenigstens vor dem löschen passwortgeschützt als rar gepackt (falls dafür noch Verwendung besteht). Falls "mein" löschen nicht ganz so katastrophal war hier schon einmal der nächste, damals von markusg empfohlene schritt. Zitat:
Code:
ATTFilter 13:29:59.0046 6068 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:29:59.0421 6068 ============================================================
13:29:59.0421 6068 Current date / time: 2013/06/18 13:29:59.0421
13:29:59.0421 6068 SystemInfo:
13:29:59.0421 6068
13:29:59.0421 6068 OS Version: 6.1.7601 ServicePack: 1.0
13:29:59.0421 6068 Product type: Workstation
13:29:59.0421 6068 ComputerName: AS
13:29:59.0421 6068 UserName: Schirmayer
13:29:59.0421 6068 Windows directory: C:\Windows
13:29:59.0421 6068 System windows directory: C:\Windows
13:29:59.0421 6068 Processor architecture: Intel x86
13:29:59.0421 6068 Number of processors: 2
13:29:59.0421 6068 Page size: 0x1000
13:29:59.0421 6068 Boot type: Normal boot
13:29:59.0421 6068 ============================================================
13:30:00.0296 6068 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x1C042, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
13:30:00.0296 6068 ============================================================
13:30:00.0296 6068 \Device\Harddisk0\DR0:
13:30:00.0296 6068 MBR partitions:
13:30:00.0296 6068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:30:00.0296 6068 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x74F9800
13:30:00.0296 6068 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x752C000, BlocksNum 0x61A8000
13:30:00.0312 6068 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xD6D4800, BlocksNum 0xF424000
13:30:00.0312 6068 ============================================================
13:30:00.0343 6068 C: <-> \Device\Harddisk0\DR0\Partition2
13:30:00.0390 6068 D: <-> \Device\Harddisk0\DR0\Partition3
13:30:00.0421 6068 E: <-> \Device\Harddisk0\DR0\Partition4
13:30:00.0421 6068 ============================================================
13:30:00.0421 6068 Initialize success
13:30:00.0421 6068 ============================================================
13:30:08.0375 4152 ============================================================
13:30:08.0375 4152 Scan started
13:30:08.0375 4152 Mode: Manual; SigCheck; TDLFS;
13:30:08.0375 4152 ============================================================
13:30:08.0843 4152 ================ Scan system memory ========================
13:30:08.0843 4152 System memory - ok
13:30:08.0843 4152 ================ Scan services =============================
13:30:09.0000 4152 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:30:09.0078 4152 1394ohci - ok
13:30:09.0125 4152 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:30:09.0140 4152 ACPI - ok
13:30:09.0156 4152 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:30:09.0187 4152 AcpiPmi - ok
13:30:09.0250 4152 [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:30:09.0250 4152 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:30:09.0250 4152 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:30:09.0328 4152 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:30:09.0343 4152 AdobeFlashPlayerUpdateSvc - ok
13:30:09.0390 4152 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:30:09.0406 4152 adp94xx - ok
13:30:09.0437 4152 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:30:09.0453 4152 adpahci - ok
13:30:09.0468 4152 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:30:09.0484 4152 adpu320 - ok
13:30:09.0515 4152 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:30:09.0531 4152 AeLookupSvc - ok
13:30:09.0593 4152 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
13:30:09.0625 4152 AFD - ok
13:30:09.0671 4152 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:30:09.0687 4152 agp440 - ok
13:30:09.0703 4152 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:30:09.0718 4152 aic78xx - ok
13:30:09.0734 4152 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:30:09.0750 4152 ALG - ok
13:30:09.0796 4152 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
13:30:09.0812 4152 aliide - ok
13:30:09.0828 4152 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:30:09.0843 4152 amdagp - ok
13:30:09.0859 4152 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
13:30:09.0875 4152 amdide - ok
13:30:09.0890 4152 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:30:09.0906 4152 AmdK8 - ok
13:30:09.0921 4152 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:30:09.0937 4152 AmdPPM - ok
13:30:09.0984 4152 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:30:10.0000 4152 amdsata - ok
13:30:10.0015 4152 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:30:10.0046 4152 amdsbs - ok
13:30:10.0062 4152 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:30:10.0078 4152 amdxata - ok
13:30:10.0156 4152 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:30:10.0171 4152 AntiVirSchedulerService - ok
13:30:10.0203 4152 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:30:10.0218 4152 AntiVirService - ok
13:30:10.0265 4152 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
13:30:10.0296 4152 AppID - ok
13:30:10.0328 4152 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:30:10.0375 4152 AppIDSvc - ok
13:30:10.0406 4152 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
13:30:10.0421 4152 Appinfo - ok
13:30:10.0468 4152 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
13:30:10.0484 4152 AppMgmt - ok
13:30:10.0500 4152 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:30:10.0515 4152 arc - ok
13:30:10.0531 4152 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:30:10.0546 4152 arcsas - ok
13:30:10.0671 4152 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:30:10.0687 4152 aspnet_state - ok
13:30:10.0703 4152 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:30:10.0781 4152 AsyncMac - ok
13:30:10.0812 4152 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
13:30:10.0828 4152 atapi - ok
13:30:10.0875 4152 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
13:30:11.0046 4152 athr - ok
13:30:11.0109 4152 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:30:11.0156 4152 AudioEndpointBuilder - ok
13:30:11.0171 4152 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:30:11.0203 4152 Audiosrv - ok
13:30:11.0234 4152 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:30:11.0265 4152 avgntflt - ok
13:30:11.0281 4152 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:30:11.0296 4152 avipbb - ok
13:30:11.0312 4152 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:30:11.0343 4152 avkmgr - ok
13:30:11.0375 4152 [ 728C4A6C722535C16D1025F51AA31E22 ] avmaudio C:\Windows\system32\DRIVERS\avmaudio.sys
13:30:11.0406 4152 avmaudio - ok
13:30:11.0453 4152 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:30:11.0484 4152 AxInstSV - ok
13:30:11.0515 4152 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:30:11.0546 4152 b06bdrv - ok
13:30:11.0562 4152 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:30:11.0625 4152 b57nd60x - ok
13:30:11.0656 4152 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:30:11.0687 4152 BDESVC - ok
13:30:11.0703 4152 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:30:11.0734 4152 Beep - ok
13:30:11.0765 4152 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
13:30:11.0796 4152 BFE - ok
13:30:11.0843 4152 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
13:30:11.0890 4152 BITS - ok
13:30:11.0906 4152 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:30:11.0921 4152 blbdrive - ok
13:30:11.0968 4152 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:30:11.0984 4152 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
13:30:11.0984 4152 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
13:30:12.0015 4152 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:30:12.0031 4152 bowser - ok
13:30:12.0046 4152 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:30:12.0078 4152 BrFiltLo - ok
13:30:12.0093 4152 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:30:12.0109 4152 BrFiltUp - ok
13:30:12.0156 4152 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
13:30:12.0171 4152 Browser - ok
13:30:12.0203 4152 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:30:12.0234 4152 Brserid - ok
13:30:12.0250 4152 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:30:12.0265 4152 BrSerWdm - ok
13:30:12.0281 4152 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:30:12.0296 4152 BrUsbMdm - ok
13:30:12.0328 4152 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:30:12.0343 4152 BrUsbSer - ok
13:30:12.0359 4152 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:30:12.0390 4152 BTHMODEM - ok
13:30:12.0421 4152 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:30:12.0468 4152 bthserv - ok
13:30:12.0515 4152 [ AA7E8990BD4762F3E0C3D21AA1655468 ] cbfs3 C:\Windows\system32\drivers\cbfs3.sys
13:30:12.0546 4152 cbfs3 - ok
13:30:12.0578 4152 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:30:12.0609 4152 cdfs - ok
13:30:12.0656 4152 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:30:12.0671 4152 cdrom - ok
13:30:12.0718 4152 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
13:30:12.0750 4152 CertPropSvc - ok
13:30:12.0765 4152 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:30:12.0781 4152 circlass - ok
13:30:12.0812 4152 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:30:12.0828 4152 CLFS - ok
13:30:12.0875 4152 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:30:12.0890 4152 clr_optimization_v2.0.50727_32 - ok
13:30:12.0921 4152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:30:12.0953 4152 clr_optimization_v4.0.30319_32 - ok
13:30:12.0968 4152 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:30:12.0984 4152 CmBatt - ok
13:30:13.0109 4152 [ 2A2D72271844C52F004901A60312B96A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:30:13.0171 4152 cmdAgent - ok
13:30:13.0203 4152 [ A1865742BBCF4C5F38FEE1258F8048FD ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
13:30:13.0250 4152 cmdGuard - ok
13:30:13.0265 4152 [ 221D000474F01B1606FFC3FF362D9333 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
13:30:13.0296 4152 cmdHlp - ok
13:30:13.0312 4152 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:30:13.0328 4152 cmdide - ok
13:30:13.0375 4152 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
13:30:13.0421 4152 CNG - ok
13:30:13.0484 4152 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:30:13.0500 4152 Compbatt - ok
13:30:13.0625 4152 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:30:13.0640 4152 CompositeBus - ok
13:30:13.0671 4152 COMSysApp - ok
13:30:13.0703 4152 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:30:13.0718 4152 crcdisk - ok
13:30:13.0781 4152 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:30:13.0812 4152 CryptSvc - ok
13:30:13.0843 4152 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
13:30:13.0859 4152 CSC - ok
13:30:13.0906 4152 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
13:30:13.0937 4152 CscService - ok
13:30:13.0953 4152 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:30:14.0000 4152 DcomLaunch - ok
13:30:14.0031 4152 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:30:14.0078 4152 defragsvc - ok
13:30:14.0125 4152 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:30:14.0156 4152 DfsC - ok
13:30:14.0203 4152 [ 7F19DBA1A467B838CCB23124A2C55568 ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
13:30:14.0203 4152 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
13:30:14.0203 4152 DgiVecp - detected UnsignedFile.Multi.Generic (1)
13:30:14.0265 4152 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:30:14.0281 4152 Dhcp - ok
13:30:14.0312 4152 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:30:14.0359 4152 discache - ok
13:30:14.0375 4152 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:30:14.0406 4152 Disk - ok
13:30:14.0437 4152 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:30:14.0468 4152 Dnscache - ok
13:30:14.0500 4152 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
13:30:14.0531 4152 dot3svc - ok
13:30:14.0546 4152 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
13:30:14.0593 4152 DPS - ok
13:30:14.0625 4152 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:30:14.0640 4152 drmkaud - ok
13:30:14.0687 4152 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:30:14.0718 4152 DXGKrnl - ok
13:30:14.0750 4152 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:30:14.0796 4152 EapHost - ok
13:30:14.0890 4152 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:30:14.0937 4152 ebdrv - ok
13:30:14.0968 4152 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
13:30:15.0000 4152 EFS - ok
13:30:15.0046 4152 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:30:15.0062 4152 ehRecvr - ok
13:30:15.0093 4152 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:30:15.0109 4152 ehSched - ok
13:30:15.0140 4152 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:30:15.0156 4152 elxstor - ok
13:30:15.0187 4152 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:30:15.0218 4152 ErrDev - ok
13:30:15.0265 4152 [ C4BC617B3608624CDB7CDD1606691066 ] EuDisk C:\Windows\system32\DRIVERS\EuDisk.sys
13:30:15.0281 4152 EuDisk ( UnsignedFile.Multi.Generic ) - warning
13:30:15.0281 4152 EuDisk - detected UnsignedFile.Multi.Generic (1)
13:30:15.0312 4152 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:30:15.0359 4152 EventSystem - ok
13:30:15.0406 4152 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:30:15.0437 4152 exfat - ok
13:30:15.0468 4152 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:30:15.0500 4152 fastfat - ok
13:30:15.0546 4152 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
13:30:15.0578 4152 Fax - ok
13:30:15.0593 4152 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:30:15.0625 4152 fdc - ok
13:30:15.0640 4152 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:30:15.0671 4152 fdPHost - ok
13:30:15.0687 4152 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:30:15.0718 4152 FDResPub - ok
13:30:15.0750 4152 [ F5CB6CB6D12F495516BE27CFFCCDE4BF ] FETNDIS C:\Windows\system32\DRIVERS\fetnd6.sys
13:30:15.0781 4152 FETNDIS - ok
13:30:15.0781 4152 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:30:15.0812 4152 FileInfo - ok
13:30:15.0828 4152 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:30:15.0875 4152 Filetrace - ok
13:30:15.0937 4152 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:30:15.0953 4152 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:30:15.0953 4152 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:30:15.0968 4152 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:30:15.0984 4152 flpydisk - ok
13:30:16.0015 4152 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:30:16.0031 4152 FltMgr - ok
13:30:16.0093 4152 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
13:30:16.0125 4152 FontCache - ok
13:30:16.0187 4152 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:30:16.0203 4152 FontCache3.0.0.0 - ok
13:30:16.0218 4152 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:30:16.0234 4152 FsDepends - ok
13:30:16.0265 4152 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:30:16.0296 4152 Fs_Rec - ok
13:30:16.0328 4152 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:30:16.0359 4152 fvevol - ok
13:30:16.0375 4152 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:30:16.0406 4152 gagp30kx - ok
13:30:16.0453 4152 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
13:30:16.0484 4152 gpsvc - ok
13:30:16.0500 4152 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:30:16.0531 4152 hcw85cir - ok
13:30:16.0578 4152 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:30:16.0593 4152 HdAudAddService - ok
13:30:16.0625 4152 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:30:16.0640 4152 HDAudBus - ok
13:30:16.0656 4152 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:30:16.0687 4152 HidBatt - ok
13:30:16.0703 4152 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:30:16.0734 4152 HidBth - ok
13:30:16.0765 4152 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:30:16.0781 4152 HidIr - ok
13:30:16.0796 4152 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
13:30:16.0843 4152 hidserv - ok
13:30:16.0890 4152 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
13:30:16.0906 4152 HidUsb - ok
13:30:16.0937 4152 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:30:16.0968 4152 hkmsvc - ok
13:30:17.0000 4152 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:30:17.0015 4152 HomeGroupListener - ok
13:30:17.0062 4152 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:30:17.0078 4152 HomeGroupProvider - ok
13:30:17.0125 4152 [ 86A41BAB21B31F8A1B8F5FB93106B63F ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys
13:30:17.0140 4152 hotcore3 - ok
13:30:17.0156 4152 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:30:17.0171 4152 HpSAMD - ok
13:30:17.0218 4152 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:30:17.0265 4152 HTTP - ok
13:30:17.0312 4152 [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:30:17.0328 4152 hwdatacard - ok
13:30:17.0359 4152 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:30:17.0375 4152 hwpolicy - ok
13:30:17.0406 4152 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:30:17.0421 4152 i8042prt - ok
13:30:17.0468 4152 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:30:17.0484 4152 iaStorV - ok
13:30:17.0546 4152 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:30:17.0578 4152 idsvc - ok
13:30:17.0609 4152 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:30:17.0625 4152 iirsp - ok
13:30:17.0656 4152 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
13:30:17.0703 4152 IKEEXT - ok
13:30:17.0734 4152 [ 3B6BE2DA5993B1E38613976FAF4AC83E ] inspect C:\Windows\system32\DRIVERS\inspect.sys
13:30:17.0750 4152 inspect - ok
13:30:17.0781 4152 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
13:30:17.0796 4152 intelide - ok
13:30:17.0828 4152 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:30:17.0843 4152 intelppm - ok
13:30:17.0875 4152 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:30:17.0906 4152 IPBusEnum - ok
13:30:17.0921 4152 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:30:17.0953 4152 IpFilterDriver - ok
13:30:17.0984 4152 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:30:18.0015 4152 iphlpsvc - ok
13:30:18.0062 4152 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:30:18.0078 4152 IPMIDRV - ok
13:30:18.0093 4152 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:30:18.0125 4152 IPNAT - ok
13:30:18.0156 4152 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:30:18.0171 4152 IRENUM - ok
13:30:18.0203 4152 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:30:18.0218 4152 isapnp - ok
13:30:18.0234 4152 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:30:18.0265 4152 iScsiPrt - ok
13:30:18.0281 4152 ISWKL - ok
13:30:18.0281 4152 IswSvc - ok
13:30:18.0343 4152 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:30:18.0359 4152 kbdclass - ok
13:30:18.0375 4152 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:30:18.0390 4152 kbdhid - ok
13:30:18.0406 4152 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
13:30:18.0437 4152 KeyIso - ok
13:30:18.0468 4152 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:30:18.0484 4152 KSecDD - ok
13:30:18.0515 4152 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:30:18.0531 4152 KSecPkg - ok
13:30:18.0562 4152 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:30:18.0593 4152 KtmRm - ok
13:30:18.0671 4152 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
13:30:18.0703 4152 LanmanServer - ok
13:30:18.0781 4152 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:30:18.0812 4152 LanmanWorkstation - ok
13:30:18.0828 4152 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:30:18.0859 4152 lltdio - ok
13:30:18.0875 4152 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:30:18.0921 4152 lltdsvc - ok
13:30:18.0921 4152 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:30:18.0953 4152 lmhosts - ok
13:30:18.0984 4152 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:30:19.0000 4152 LSI_FC - ok
13:30:19.0031 4152 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:30:19.0046 4152 LSI_SAS - ok
13:30:19.0062 4152 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:30:19.0093 4152 LSI_SAS2 - ok
13:30:19.0093 4152 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:30:19.0125 4152 LSI_SCSI - ok
13:30:19.0125 4152 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:30:19.0156 4152 luafv - ok
13:30:19.0203 4152 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:30:19.0218 4152 Mcx2Svc - ok
13:30:19.0218 4152 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:30:19.0234 4152 megasas - ok
13:30:19.0265 4152 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:30:19.0281 4152 MegaSR - ok
13:30:19.0343 4152 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:30:19.0359 4152 Microsoft Office Groove Audit Service - ok
13:30:19.0375 4152 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:30:19.0421 4152 MMCSS - ok
13:30:19.0437 4152 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:30:19.0468 4152 Modem - ok
13:30:19.0484 4152 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:30:19.0500 4152 monitor - ok
13:30:19.0531 4152 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
13:30:19.0546 4152 mouclass - ok
13:30:19.0593 4152 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:30:19.0609 4152 mouhid - ok
13:30:19.0640 4152 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:30:19.0671 4152 mountmgr - ok
13:30:19.0718 4152 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:30:19.0750 4152 MozillaMaintenance - ok
13:30:19.0765 4152 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
13:30:19.0781 4152 mpio - ok
13:30:19.0812 4152 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:30:19.0843 4152 mpsdrv - ok
13:30:19.0890 4152 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:30:19.0921 4152 MpsSvc - ok
13:30:19.0953 4152 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:30:19.0984 4152 MRxDAV - ok
13:30:20.0015 4152 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:30:20.0046 4152 mrxsmb - ok
13:30:20.0078 4152 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:30:20.0109 4152 mrxsmb10 - ok
13:30:20.0125 4152 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:30:20.0140 4152 mrxsmb20 - ok
13:30:20.0156 4152 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
13:30:20.0171 4152 msahci - ok
13:30:20.0171 4152 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:30:20.0203 4152 msdsm - ok
13:30:20.0218 4152 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:30:20.0234 4152 MSDTC - ok
13:30:20.0265 4152 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:30:20.0296 4152 Msfs - ok
13:30:20.0312 4152 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:30:20.0343 4152 mshidkmdf - ok
13:30:20.0390 4152 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:30:20.0406 4152 msisadrv - ok
13:30:20.0437 4152 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:30:20.0468 4152 MSiSCSI - ok
13:30:20.0484 4152 msiserver - ok
13:30:20.0500 4152 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:30:20.0546 4152 MSKSSRV - ok
13:30:20.0562 4152 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:30:20.0593 4152 MSPCLOCK - ok
13:30:20.0609 4152 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:30:20.0640 4152 MSPQM - ok
13:30:20.0656 4152 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:30:20.0671 4152 MsRPC - ok
13:30:20.0703 4152 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:30:20.0734 4152 mssmbios - ok
13:30:20.0750 4152 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:30:20.0781 4152 MSTEE - ok
13:30:20.0796 4152 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:30:20.0812 4152 MTConfig - ok
13:30:20.0843 4152 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:30:20.0859 4152 Mup - ok
13:30:20.0906 4152 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
13:30:20.0937 4152 napagent - ok
13:30:20.0968 4152 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:30:21.0000 4152 NativeWifiP - ok
13:30:21.0046 4152 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:30:21.0078 4152 NDIS - ok
13:30:21.0109 4152 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:30:21.0140 4152 NdisCap - ok
13:30:21.0171 4152 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:30:21.0203 4152 NdisTapi - ok
13:30:21.0234 4152 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:30:21.0265 4152 Ndisuio - ok
13:30:21.0296 4152 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:30:21.0328 4152 NdisWan - ok
13:30:21.0343 4152 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:30:21.0390 4152 NDProxy - ok
13:30:21.0406 4152 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:30:21.0437 4152 NetBIOS - ok
13:30:21.0468 4152 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:30:21.0500 4152 NetBT - ok
13:30:21.0500 4152 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
13:30:21.0515 4152 Netlogon - ok
13:30:21.0562 4152 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:30:21.0609 4152 Netman - ok
13:30:21.0640 4152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:30:21.0656 4152 NetMsmqActivator - ok
13:30:21.0671 4152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:30:21.0687 4152 NetPipeActivator - ok
13:30:21.0687 4152 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:30:21.0734 4152 netprofm - ok
13:30:21.0734 4152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:30:21.0750 4152 NetTcpActivator - ok
13:30:21.0765 4152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:30:21.0781 4152 NetTcpPortSharing - ok
13:30:21.0796 4152 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:30:21.0828 4152 nfrd960 - ok
13:30:21.0859 4152 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
13:30:21.0890 4152 NlaSvc - ok
13:30:21.0890 4152 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:30:21.0921 4152 Npfs - ok
13:30:21.0953 4152 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:30:21.0984 4152 nsi - ok
13:30:22.0000 4152 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:30:22.0031 4152 nsiproxy - ok
13:30:22.0093 4152 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:30:22.0140 4152 Ntfs - ok
13:30:22.0156 4152 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:30:22.0187 4152 Null - ok
13:30:22.0437 4152 [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:30:22.0718 4152 nvlddmkm - ok
13:30:22.0750 4152 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] Nvleien C:\Windows\system32\drivers\BrFiltLo.sys
13:30:22.0765 4152 Nvleien - ok
13:30:22.0812 4152 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:30:22.0828 4152 nvraid - ok
13:30:22.0843 4152 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:30:22.0875 4152 nvstor - ok
13:30:22.0921 4152 [ 31B8835B003CAA6D31BEAD83DDBF98E5 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:30:22.0953 4152 nvsvc - ok
13:30:23.0031 4152 [ F935E817409F78FA50C5921DB39124B3 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:30:23.0078 4152 nvUpdatusService - ok
13:30:23.0093 4152 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:30:23.0125 4152 nv_agp - ok
13:30:23.0203 4152 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:30:23.0234 4152 odserv - ok
13:30:23.0265 4152 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:30:23.0281 4152 ohci1394 - ok
13:30:23.0312 4152 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:30:23.0328 4152 ose - ok
13:30:23.0375 4152 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:30:23.0406 4152 p2pimsvc - ok
13:30:23.0421 4152 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:30:23.0437 4152 p2psvc - ok
13:30:23.0484 4152 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:30:23.0500 4152 Parport - ok
13:30:23.0531 4152 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:30:23.0546 4152 partmgr - ok
13:30:23.0562 4152 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:30:23.0578 4152 Parvdm - ok
13:30:23.0593 4152 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:30:23.0625 4152 PcaSvc - ok
13:30:23.0656 4152 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
13:30:23.0671 4152 pci - ok
13:30:23.0703 4152 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
13:30:23.0718 4152 pciide - ok
13:30:23.0734 4152 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:30:23.0765 4152 pcmcia - ok
13:30:23.0781 4152 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:30:23.0812 4152 pcw - ok
13:30:24.0015 4152 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
13:30:24.0031 4152 PDFProFiltSrvPP - ok
13:30:24.0078 4152 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:30:24.0125 4152 PEAUTH - ok
13:30:24.0171 4152 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:30:24.0203 4152 PeerDistSvc - ok
13:30:24.0281 4152 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
13:30:24.0328 4152 pla - ok
13:30:24.0375 4152 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:30:24.0390 4152 PlugPlay - ok
13:30:24.0421 4152 [ 13FBE33E8AB8284C6A3C6CE86FA59EA0 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:30:24.0421 4152 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:30:24.0421 4152 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:30:24.0453 4152 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:30:24.0468 4152 PNRPAutoReg - ok
13:30:24.0484 4152 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:30:24.0515 4152 PNRPsvc - ok
13:30:24.0531 4152 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:30:24.0562 4152 PolicyAgent - ok
13:30:24.0578 4152 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
13:30:24.0625 4152 Power - ok
13:30:24.0656 4152 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:30:24.0687 4152 PptpMiniport - ok
13:30:24.0703 4152 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:30:24.0718 4152 Processor - ok
13:30:24.0750 4152 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
13:30:24.0781 4152 ProfSvc - ok
13:30:24.0796 4152 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:30:24.0812 4152 ProtectedStorage - ok
13:30:24.0828 4152 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:30:24.0859 4152 Psched - ok
13:30:24.0906 4152 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
13:30:24.0921 4152 PSI - ok
13:30:24.0968 4152 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
13:30:24.0984 4152 PxHelp20 - ok
13:30:25.0031 4152 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:30:25.0062 4152 ql2300 - ok
13:30:25.0093 4152 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:30:25.0109 4152 ql40xx - ok
13:30:25.0140 4152 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:30:25.0156 4152 QWAVE - ok
13:30:25.0171 4152 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:30:25.0187 4152 QWAVEdrv - ok
13:30:25.0203 4152 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:30:25.0234 4152 RasAcd - ok
13:30:25.0296 4152 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:30:25.0328 4152 RasAgileVpn - ok
13:30:25.0343 4152 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:30:25.0390 4152 RasAuto - ok
13:30:25.0406 4152 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:30:25.0437 4152 Rasl2tp - ok
13:30:25.0468 4152 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
13:30:25.0515 4152 RasMan - ok
13:30:25.0531 4152 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:30:25.0562 4152 RasPppoe - ok
13:30:25.0578 4152 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:30:25.0609 4152 RasSstp - ok
13:30:25.0656 4152 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:30:25.0687 4152 rdbss - ok
13:30:25.0718 4152 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:30:25.0734 4152 rdpbus - ok
13:30:25.0765 4152 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:30:25.0796 4152 RDPCDD - ok
13:30:25.0828 4152 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:30:25.0843 4152 RDPDR - ok
13:30:25.0859 4152 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:30:25.0890 4152 RDPENCDD - ok
13:30:25.0906 4152 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:30:25.0937 4152 RDPREFMP - ok
13:30:25.0968 4152 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:30:25.0984 4152 RDPWD - ok
13:30:26.0015 4152 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:30:26.0046 4152 rdyboost - ok
13:30:26.0078 4152 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:30:26.0109 4152 RemoteAccess - ok
13:30:26.0140 4152 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:30:26.0171 4152 RemoteRegistry - ok
13:30:26.0187 4152 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:30:26.0218 4152 RpcEptMapper - ok
13:30:26.0234 4152 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:30:26.0265 4152 RpcLocator - ok
13:30:26.0281 4152 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
13:30:26.0312 4152 RpcSs - ok
13:30:26.0343 4152 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:30:26.0375 4152 rspndr - ok
13:30:26.0406 4152 [ 4E20765744BFBC16F6D6E5BD5598786B ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
13:30:26.0437 4152 RTL8023xp - ok
13:30:26.0468 4152 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:30:26.0484 4152 s3cap - ok
13:30:26.0500 4152 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
13:30:26.0531 4152 SamSs - ok
13:30:26.0546 4152 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:30:26.0578 4152 sbp2port - ok
13:30:26.0656 4152 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
13:30:26.0703 4152 SBSDWSCService - ok
13:30:26.0718 4152 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:30:26.0765 4152 SCardSvr - ok
13:30:26.0796 4152 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:30:26.0828 4152 scfilter - ok
13:30:26.0875 4152 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
13:30:26.0906 4152 Schedule - ok
13:30:26.0953 4152 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:30:26.0984 4152 SCPolicySvc - ok
13:30:27.0000 4152 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:30:27.0015 4152 SDRSVC - ok
13:30:27.0046 4152 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:30:27.0078 4152 secdrv - ok
13:30:27.0093 4152 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:30:27.0140 4152 seclogon - ok
13:30:27.0187 4152 [ FC4842CECAF2A938BE13A6C534034088 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
13:30:27.0234 4152 Secunia PSI Agent - ok
13:30:27.0265 4152 [ 401C960E9C95D35CFFB17CA57C4406FB ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
13:30:27.0296 4152 Secunia Update Agent - ok
13:30:27.0312 4152 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
13:30:27.0343 4152 SENS - ok
13:30:27.0390 4152 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:30:27.0406 4152 SensrSvc - ok
13:30:27.0421 4152 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:30:27.0453 4152 Serenum - ok
13:30:27.0453 4152 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:30:27.0484 4152 Serial - ok
13:30:27.0500 4152 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:30:27.0531 4152 sermouse - ok
13:30:27.0578 4152 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
13:30:27.0609 4152 SessionEnv - ok
13:30:27.0640 4152 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:30:27.0656 4152 sffdisk - ok
13:30:27.0656 4152 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:30:27.0687 4152 sffp_mmc - ok
13:30:27.0703 4152 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:30:27.0718 4152 sffp_sd - ok
13:30:27.0734 4152 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:30:27.0765 4152 sfloppy - ok
13:30:27.0796 4152 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:30:27.0828 4152 SharedAccess - ok
13:30:27.0859 4152 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:30:27.0890 4152 ShellHWDetection - ok
13:30:27.0921 4152 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:30:27.0937 4152 sisagp - ok
13:30:27.0968 4152 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:30:27.0984 4152 SiSRaid2 - ok
13:30:27.0984 4152 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:30:28.0015 4152 SiSRaid4 - ok
13:30:28.0078 4152 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:30:28.0093 4152 SkypeUpdate - ok
13:30:28.0125 4152 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:30:28.0156 4152 Smb - ok
13:30:28.0187 4152 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:30:28.0218 4152 SNMPTRAP - ok
13:30:28.0234 4152 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:30:28.0250 4152 spldr - ok
13:30:28.0296 4152 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
13:30:28.0312 4152 Spooler - ok
13:30:28.0406 4152 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
13:30:28.0515 4152 sppsvc - ok
13:30:28.0546 4152 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:30:28.0578 4152 sppuinotify - ok
13:30:28.0625 4152 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:30:28.0656 4152 srv - ok
13:30:28.0671 4152 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:30:28.0703 4152 srv2 - ok
13:30:28.0718 4152 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:30:28.0734 4152 srvnet - ok
13:30:28.0781 4152 [ FBA532D4E00ACADB3FB0B6673E185B45 ] SSCBFS3 C:\Windows\system32\DRIVERS\sscbfs3.sys
13:30:28.0796 4152 SSCBFS3 - ok
13:30:28.0828 4152 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:30:28.0875 4152 SSDPSRV - ok
13:30:28.0906 4152 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:30:28.0921 4152 ssmdrv - ok
13:30:28.0984 4152 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
13:30:29.0000 4152 SSPORT ( UnsignedFile.Multi.Generic ) - warning
13:30:29.0000 4152 SSPORT - detected UnsignedFile.Multi.Generic (1)
13:30:29.0015 4152 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:30:29.0046 4152 SstpSvc - ok
13:30:29.0078 4152 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:30:29.0093 4152 stexstor - ok
13:30:29.0140 4152 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
13:30:29.0156 4152 StillCam - ok
13:30:29.0203 4152 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
13:30:29.0234 4152 StiSvc - ok
13:30:29.0265 4152 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:30:29.0296 4152 storflt - ok
13:30:29.0312 4152 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
13:30:29.0343 4152 StorSvc - ok
13:30:29.0390 4152 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:30:29.0406 4152 storvsc - ok
13:30:29.0437 4152 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
13:30:29.0453 4152 swenum - ok
13:30:29.0484 4152 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:30:29.0515 4152 swprv - ok
13:30:29.0578 4152 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
13:30:29.0625 4152 SysMain - ok
13:30:29.0640 4152 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:30:29.0671 4152 TabletInputService - ok
13:30:29.0703 4152 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
13:30:29.0750 4152 TapiSrv - ok
13:30:29.0781 4152 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:30:29.0812 4152 TBS - ok
13:30:29.0875 4152 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:30:29.0921 4152 Tcpip - ok
13:30:29.0953 4152 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:30:29.0984 4152 TCPIP6 - ok
13:30:30.0015 4152 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:30:30.0046 4152 tcpipreg - ok
13:30:30.0078 4152 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:30:30.0093 4152 TDPIPE - ok
13:30:30.0109 4152 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:30:30.0125 4152 TDTCP - ok
13:30:30.0171 4152 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:30:30.0203 4152 tdx - ok
13:30:30.0375 4152 [ 879F46329B7DC4D109345AA96F1AB47F ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
13:30:30.0484 4152 TeamViewer8 - ok
13:30:30.0531 4152 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
13:30:30.0546 4152 teamviewervpn - ok
13:30:30.0578 4152 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:30:30.0609 4152 TermDD - ok
13:30:30.0640 4152 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
13:30:30.0671 4152 TermService - ok
13:30:30.0687 4152 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:30:30.0718 4152 Themes - ok
13:30:30.0718 4152 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:30:30.0750 4152 THREADORDER - ok
13:30:30.0765 4152 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:30:30.0796 4152 TrkWks - ok
13:30:30.0828 4152 [ ACEB4F4F83B895E15C8C1A2F55009783 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
13:30:30.0843 4152 truecrypt - ok
13:30:30.0906 4152 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:30:30.0953 4152 TrustedInstaller - ok
13:30:30.0984 4152 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:30:31.0015 4152 tssecsrv - ok
13:30:31.0046 4152 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:30:31.0062 4152 TsUsbFlt - ok
13:30:31.0109 4152 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:30:31.0140 4152 tunnel - ok
13:30:31.0156 4152 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:30:31.0187 4152 uagp35 - ok
13:30:31.0203 4152 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:30:31.0234 4152 udfs - ok
13:30:31.0265 4152 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:30:31.0281 4152 UI0Detect - ok
13:30:31.0328 4152 [ 0A1822D12CF103633893CAF9CAE4E69D ] UimBus C:\Windows\system32\DRIVERS\UimBus.sys
13:30:31.0343 4152 UimBus - ok
13:30:31.0406 4152 [ 42F7398A76D279E0F63FC600920AB90C ] Uim_IM C:\Windows\system32\Drivers\Uim_IM.sys
13:30:31.0421 4152 Uim_IM - ok
13:30:31.0468 4152 [ 48AD04132FCAC71E0EEC3DE5FB22D66E ] Uim_Vim C:\Windows\system32\Drivers\Uim_Vim.sys
13:30:31.0484 4152 Uim_Vim - ok
13:30:31.0515 4152 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:30:31.0531 4152 uliagpkx - ok
13:30:31.0578 4152 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
13:30:31.0609 4152 umbus - ok
13:30:31.0625 4152 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:30:31.0640 4152 UmPass - ok
13:30:31.0687 4152 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
13:30:31.0703 4152 UmRdpService - ok
13:30:31.0734 4152 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:30:31.0765 4152 upnphost - ok
13:30:31.0812 4152 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:30:31.0828 4152 usbccgp - ok
13:30:31.0843 4152 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:30:31.0875 4152 usbcir - ok
13:30:31.0906 4152 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:30:31.0921 4152 usbehci - ok
13:30:31.0953 4152 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:30:31.0968 4152 usbhub - ok
13:30:32.0000 4152 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:30:32.0015 4152 usbohci - ok
13:30:32.0031 4152 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:30:32.0046 4152 usbprint - ok
13:30:32.0093 4152 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:30:32.0109 4152 usbscan - ok
13:30:32.0140 4152 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:30:32.0156 4152 USBSTOR - ok
13:30:32.0187 4152 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:30:32.0203 4152 usbuhci - ok
13:30:32.0234 4152 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:30:32.0265 4152 UxSms - ok
13:30:32.0281 4152 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
13:30:32.0296 4152 VaultSvc - ok
13:30:32.0343 4152 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:30:32.0359 4152 vdrvroot - ok
13:30:32.0406 4152 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
13:30:32.0453 4152 vds - ok
13:30:32.0468 4152 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:30:32.0484 4152 vga - ok
13:30:32.0515 4152 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:30:32.0546 4152 VgaSave - ok
13:30:32.0562 4152 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:30:32.0578 4152 vhdmp - ok
13:30:32.0593 4152 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:30:32.0609 4152 viaagp - ok
13:30:32.0625 4152 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:30:32.0640 4152 ViaC7 - ok
13:30:32.0671 4152 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
13:30:32.0687 4152 viaide - ok
13:30:32.0734 4152 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:30:32.0750 4152 vmbus - ok
13:30:32.0781 4152 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:30:32.0796 4152 VMBusHID - ok
13:30:32.0828 4152 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:30:32.0843 4152 volmgr - ok
13:30:32.0859 4152 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:30:32.0890 4152 volmgrx - ok
13:30:32.0906 4152 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:30:32.0921 4152 volsnap - ok
13:30:32.0953 4152 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:30:32.0968 4152 vsmraid - ok
13:30:33.0015 4152 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
13:30:33.0062 4152 VSS - ok
13:30:33.0078 4152 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:30:33.0109 4152 vwifibus - ok
13:30:33.0125 4152 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:30:33.0140 4152 vwififlt - ok
13:30:33.0156 4152 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:30:33.0171 4152 vwifimp - ok
13:30:33.0203 4152 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:30:33.0250 4152 W32Time - ok
13:30:33.0296 4152 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:30:33.0312 4152 WacomPen - ok
13:30:33.0359 4152 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:30:33.0390 4152 WANARP - ok
13:30:33.0406 4152 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:30:33.0421 4152 Wanarpv6 - ok
13:30:33.0500 4152 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:30:33.0531 4152 WatAdminSvc - ok
13:30:33.0578 4152 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
13:30:33.0609 4152 wbengine - ok
13:30:33.0625 4152 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:30:33.0656 4152 WbioSrvc - ok
13:30:33.0687 4152 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:30:33.0718 4152 wcncsvc - ok
13:30:33.0734 4152 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:30:33.0750 4152 WcsPlugInService - ok
13:30:33.0765 4152 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:30:33.0781 4152 Wd - ok
13:30:33.0828 4152 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:30:33.0859 4152 Wdf01000 - ok
13:30:33.0875 4152 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:30:33.0890 4152 WdiServiceHost - ok
13:30:33.0890 4152 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:30:33.0921 4152 WdiSystemHost - ok
13:30:33.0953 4152 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
13:30:33.0984 4152 WebClient - ok
13:30:34.0000 4152 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:30:34.0046 4152 Wecsvc - ok
13:30:34.0093 4152 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:30:34.0125 4152 wercplsupport - ok
13:30:34.0218 4152 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:30:34.0265 4152 WerSvc - ok
13:30:34.0281 4152 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:30:34.0312 4152 WfpLwf - ok
13:30:34.0328 4152 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:30:34.0343 4152 WIMMount - ok
13:30:34.0406 4152 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:30:34.0421 4152 WinDefend - ok
13:30:34.0437 4152 WinHttpAutoProxySvc - ok
13:30:34.0484 4152 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:30:34.0515 4152 Winmgmt - ok
13:30:34.0578 4152 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
13:30:34.0625 4152 WinRM - ok
13:30:34.0671 4152 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:30:34.0703 4152 WinUsb - ok
13:30:34.0734 4152 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:30:34.0781 4152 Wlansvc - ok
13:30:34.0796 4152 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:30:34.0828 4152 WmiAcpi - ok
13:30:34.0843 4152 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:30:34.0859 4152 wmiApSrv - ok
13:30:34.0906 4152 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:30:34.0953 4152 WMPNetworkSvc - ok
13:30:34.0968 4152 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:30:34.0984 4152 WPCSvc - ok
13:30:35.0015 4152 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:30:35.0046 4152 WPDBusEnum - ok
13:30:35.0062 4152 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:30:35.0093 4152 ws2ifsl - ok
13:30:35.0109 4152 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
13:30:35.0125 4152 wscsvc - ok
13:30:35.0171 4152 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
13:30:35.0187 4152 WSDPrintDevice - ok
13:30:35.0203 4152 [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
13:30:35.0234 4152 WSDScan - ok
13:30:35.0234 4152 WSearch - ok
13:30:35.0312 4152 [ A583F4BF607EBC5709578433207A76A8 ] WTGService C:\Program Files\Verbindungsassistent\WTGService.exe
13:30:35.0343 4152 WTGService - ok
13:30:35.0406 4152 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:30:35.0453 4152 wuauserv - ok
13:30:35.0484 4152 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:30:35.0500 4152 WudfPf - ok
13:30:35.0531 4152 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:30:35.0546 4152 WUDFRd - ok
13:30:35.0562 4152 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:30:35.0593 4152 wudfsvc - ok
13:30:35.0609 4152 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:30:35.0640 4152 WwanSvc - ok
13:30:35.0671 4152 ================ Scan global ===============================
13:30:35.0703 4152 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:30:35.0734 4152 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:30:35.0750 4152 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:30:35.0765 4152 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:30:35.0781 4152 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:30:35.0796 4152 [Global] - ok
13:30:35.0796 4152 ================ Scan MBR ==================================
13:30:35.0812 4152 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:30:36.0015 4152 \Device\Harddisk0\DR0 - ok
13:30:36.0015 4152 ================ Scan VBR ==================================
13:30:36.0015 4152 [ 49F5217BEC076F42A80FCE5DEB793FB8 ] \Device\Harddisk0\DR0\Partition1
13:30:36.0015 4152 \Device\Harddisk0\DR0\Partition1 - ok
13:30:36.0031 4152 [ 6E10F4652C3886794FEE715010078493 ] \Device\Harddisk0\DR0\Partition2
13:30:36.0031 4152 \Device\Harddisk0\DR0\Partition2 - ok
13:30:36.0062 4152 [ 45869AA57033723132CC4CC3EBCF023F ] \Device\Harddisk0\DR0\Partition3
13:30:36.0062 4152 \Device\Harddisk0\DR0\Partition3 - ok
13:30:36.0078 4152 [ BF0051B35ED056177B1D701FE534DBC7 ] \Device\Harddisk0\DR0\Partition4
13:30:36.0078 4152 \Device\Harddisk0\DR0\Partition4 - ok
13:30:36.0078 4152 ============================================================
13:30:36.0078 4152 Scan finished
13:30:36.0078 4152 ============================================================
13:30:36.0078 3616 Detected object count: 7
13:30:36.0078 3616 Actual detected object count: 7
13:31:07.0968 3616 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:07.0968 3616 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:07.0968 3616 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:07.0968 3616 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:07.0968 3616 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:07.0968 3616 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:07.0984 3616 EuDisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:07.0984 3616 EuDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:07.0984 3616 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:07.0984 3616 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:07.0984 3616 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:07.0984 3616 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:31:07.0984 3616 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
13:31:07.0984 3616 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
Leider musste ich das Ergebnis von GMER aufgrund der Datengröße aufteilen. Beste Grüße tycore edit: Mir ist gerade aufgefallen, dass ich bei GMER den defogger vergessen hatte, da ich für den zweiten Anlauf den pc neu starten musste. Soll ich das nochmal machen? |
|
18.06.2013, 15:32
| #2 |
| /// the machine /// TB-Ausbilder    | System Care Antivirus Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
18.06.2013, 17:15
| #3 |
| | System Care Antivirus So , hier die Logs
__________________ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-06-2013
Ran by Schirmayer at 2013-06-18 18:01:23 Run:
Running from C:\Users\Schirmayer\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 3.7.0.1530)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Recommended Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Extra Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Download Assistant (Version: 1.2.5)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS (Version: CS)
Adobe Photoshop Lightroom 3.6 (Version: 3.6.1)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Ashampoo Burning Studio 6 FREE (Version: 6.7.7)
Avery Wizard 4.0 (Version: 4.0.103)
Avira Free Antivirus (Version: 13.0.0.3640)
CCleaner (Version: 3.02)
CDBurnerXP (Version: 4.5.1.3868)
COMODO Internet Security (Version: 5.10.31649.2253)
Copernic Desktop Search - Home
DHTML Editing Component (Version: 6.02.0001)
Easy DVD Clone
EasyBits GO
ElsterFormular (Version: 11.5.0.4546)
ElsterFormular (Version: 14.1.11318)
GetDataBack for NTFS (Version: 4.00.000)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
KeePass Password Safe 2.19
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Camera Codec Pack (Version: 16.0.0652.0621)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Ultimate 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Grafiktreiber 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Systemsteuerung 307.83 (Version: 307.83)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
PaperPort Image Printer (Version: 1.00.0001)
Paragon Backup & Recovery™ 10.2 Free Edition (Version: 90.00.0003)
Paragon Backup & Recovery™ 2012 Free (Version: 90.00.0003)
PC Inspector File Recovery (Version: 4.0)
PDF Settings (Version: 1.0)
PDF24 Creator 5.4.0
PhotoScape
PVSonyDll (Version: 1.00.0001)
Readiris Pro 10
Recuva (Version: 1.42)
Samsung AnyWeb Print (Version: 2.0.75.0)
Samsung Scan Assistant (Version: 1.04.20.00)
Scansoft PDF Professional
Secunia PSI (2.0.0.4002)
Skype Click to Call (Version: 5.11.9874)
Skype™ 6.3 (Version: 6.3.105)
SmarThru 4
Spybot - Search & Destroy (Version: 1.6.2)
SugarSync (Version: 2.0.18.112077)
TeamViewer 8 (Version: 8.0.18930)
TrueCrypt (Version: 6.3a)
Turbo Lister 2 (Version: 2.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime (Version: 1.0.0)
Verbindungsassistent (Version: 3.1)
Versandhelfer (Version: 1.3)
Wartung Samsung CLX-3180 Series
WinRAR
XnView 1.99 (Version: 1.99)
ZoneAlarm Toolbar
==================== Restore Points =========================
17-06-2013 08:02:46 Geplanter Prüfpunkt
==================== Hosts content: ==========================
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
There are 1000 more lines starting with "127.0.0.1"
==================== Scheduled Tasks (whitelisted) =============
Task: {2C6B0577-9095-4099-993D-6AC0D98C5F06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {3404312E-2D4F-4525-857B-9EF9CB661BC5} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe [2010-11-20] (Microsoft Corporation)
Task: {66C4FE82-27D6-47FF-957A-A05E681E3337} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-09] (Microsoft Corporation)
Task: {75E6A466-C685-4D5B-83E9-3E4DB821AD76} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {786CC1BE-6D73-492B-A5C9-08AB92D517AD} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader => C:\Windows\system32\WSqmCons.exe [2010-11-20] (Microsoft Corporation)
Task: {8CD20CD0-9225-4248-AE7F-DADDB33D9E1D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => C:\Windows\system32\schtasks.exe [2010-11-20] (Microsoft Corporation)
Task: {C4DE9BAF-305E-42D0-94D6-662D26F826DE} - System32\Tasks\Paragon Archive name arc_070412140058195 => C:\Program Files\Paragon Software\Backup and Recovery 10 Free Edition\program\scripts.exe [2010-04-26] (Paragon Software Group)
Task: {CD19AAD7-8FA3-45AC-AA87-4C8BEDE90488} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {D406EAA3-723E-43BA-AC7A-07B450EF0F4D} - System32\Tasks\{3D285892-4195-44F4-8412-7428207605A4} => C:\Program Files\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {E8164C0D-216C-4B6B-9EB8-31BF958B8014} - System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo => C:\Windows\system32\gatherNetworkInfo.vbs [2009-06-10] ()
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: ZoneAlarm Toolbar ISWKL
Description: ZoneAlarm Toolbar ISWKL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ISWKL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/18/2013 04:37:10 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (06/18/2013 03:50:57 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (06/18/2013 01:00:08 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (06/18/2013 09:04:03 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (06/18/2013 07:52:52 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (06/17/2013 00:47:14 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 2.0.0.4002, Zeitstempel: 0x4e327b7b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x7d0
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (06/17/2013 09:58:46 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (06/17/2013 07:56:19 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (06/14/2013 05:18:07 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
Error: (06/13/2013 10:14:28 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
System errors:
=============
Error: (06/18/2013 02:44:38 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{23aaf11f-4b45-11df-9451-806e6f6e6963}" können nicht gelesen werden.
Error: (06/18/2013 02:44:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%3
Error: (06/18/2013 02:44:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (06/18/2013 02:44:25 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (06/18/2013 07:35:41 AM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "\\?\Volume{23aaf11f-4b45-11df-9451-806e6f6e6963}" können nicht gelesen werden.
Error: (06/18/2013 07:35:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%3
Error: (06/18/2013 07:35:40 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (06/18/2013 07:34:48 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (06/17/2013 00:47:18 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2013 10:00:14 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Microsoft Office Sessions:
=========================
Error: (04/24/2013 06:28:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16873 seconds with 3540 seconds of active time. This session ended with a crash.
Error: (02/28/2013 04:14:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/28/2013 08:33:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/07/2013 08:44:32 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 218 seconds with 180 seconds of active time. This session ended with a crash.
Error: (11/30/2012 09:03:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27057 seconds with 720 seconds of active time. This session ended with a crash.
Error: (09/13/2012 03:18:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41174 seconds with 900 seconds of active time. This session ended with a crash.
Error: (08/27/2012 07:18:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16694 seconds with 300 seconds of active time. This session ended with a crash.
Error: (07/19/2012 08:48:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2306 seconds with 480 seconds of active time. This session ended with a crash.
Error: (03/16/2012 00:11:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 56 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/31/2012 10:20:32 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5527 seconds with 720 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2012-03-19 09:18:49.414
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-03-19 09:05:50.805
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-03-19 08:51:16.500
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-03-19 08:15:59.592
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-03-19 07:57:20.390
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-03-16 13:57:53.048
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-03-16 11:16:06.237
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-03-16 11:05:03.305
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-03-16 10:57:40.225
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-03-16 10:46:00.507
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 61%
Total physical RAM: 2047.3 MB
Available physical RAM: 785.44 MB
Total Pagefile: 5347.3 MB
Available Pagefile: 3640.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.22 MB
==================== Drives ================================
Drive b: (Business) (Fixed) (Total:48.83 GB) (Free:27.62 GB) NTFS
Drive c: (Windows) (Fixed) (Total:58.49 GB) (Free:13.42 GB) NTFS
Drive d: (Business) (Fixed) (Total:48.83 GB) (Free:27.62 GB) NTFS
Drive e: (Daten) (Fixed) (Total:122.07 GB) (Free:50.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 0C550C54)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=125 GB) - (Type=OF Extended)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2013
Ran by Schirmayer (administrator) on 18-06-2013 18:00:38
Running from C:\Users\Schirmayer\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Copernic Inc.) C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [688128 2011-07-06] ()
HKLM\...\Run: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [1990144 2011-04-29] ()
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload [1895424 2012-05-01] (Dominik Reichl)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0AMQAyADEAOAA1ADMANgAxADUAMAAtAEIAQQBSADkATwArADEALQBGAEwAKwA5AC0ARgA5AE0ANgArADEALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBYAE8AOQArADEALQBGADkATQAzACsAMQAtAEQARABUACsAMAAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.894 [x]
Winlogon\Notify\klogon:
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray [1692200 2013-01-28] (Copernic Inc.)
MountPoints2: G - G:\.\Autorun.exe AUTORUN=1
MountPoints2: H - H:\.\Autorun.exe AUTORUN=1
MountPoints2: {0c0858de-7233-11e1-b69f-00138ffcd25f} - G:\LaunchU3.exe -a
MountPoints2: {4aa759a5-95bb-11e2-9f6c-00138ffcd25f} - H:\.\Autorun.exe AUTORUN=1
MountPoints2: {4aa759b6-95bb-11e2-9f6c-00138ffcd25f} - H:\.\Autorun.exe AUTORUN=1
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Schirmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk
ShortcutTarget: Versandhelfer.lnk -> C:\Program Files\Versandhelfer\Versandhelfer.exe ()
Startup: C:\Users\Schirmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\virtuelle-laufwerke-mounten.bat ()
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
SearchScopes: HKCU - {5B002001-09FF-4333-A944-63444AE00D7C} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKCU -ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default
FF Homepage: hxxp://www.google.com/calendar/render
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Deutsches Wörterbuch - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: tineye - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: yesscript - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\yesscript@userstyles.org.xpi
FF Extension: No Name - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-09-27] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-04-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-02] (Avira Operations GmbH & Co. KG)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-07-29] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-07-29] (Secunia)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [330696 2010-11-18] ()
S2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2012-03-26] (AVM Berlin)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [273552 2010-11-30] (EldoS Corporation)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.)
S3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [123784 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. )
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40560 2010-04-26] (Paragon Software Group)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
S4 Nvleien; C:\Windows\system32\drivers\BrFiltLo.sys [13568 2009-07-14] (Brother Industries, Ltd.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [295488 2012-10-30] (EldoS Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-01] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-12] (Samsung Electronics)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [45240 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [441608 2011-11-17] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [277576 2011-11-17] (Paragon)
S2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [x]
U3 pgldrpow; \??\C:\Users\SCHIRM~1\AppData\Local\Temp\pgldrpow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-18 18:00 - 2013-06-18 18:00 - 00000000 ____D C:\FRST
2013-06-18 17:59 - 2013-06-18 17:59 - 01365717 ____A (Farbar) C:\Users\Schirmayer\Desktop\FRST.exe
2013-06-18 13:53 - 2013-06-18 13:53 - 00377856 ____A C:\Users\Schirmayer\Desktop\gmer_2.1.19163.exe
2013-06-18 13:51 - 2013-06-18 14:43 - 00072171 ____A C:\Users\Schirmayer\Desktop\Neues Textdokument.txt
2013-06-18 13:46 - 2013-06-18 13:46 - 00602112 ____A (OldTimer Tools) C:\Users\Schirmayer\Desktop\OTL.exe
2013-06-18 13:45 - 2013-06-18 13:45 - 00000482 ____A C:\Users\Schirmayer\Downloads\defogger_disable.log
2013-06-18 13:45 - 2013-06-18 13:45 - 00000000 ____A C:\Users\Schirmayer\defogger_reenable
2013-06-18 13:44 - 2013-06-18 13:44 - 00050477 ____A C:\Users\Schirmayer\Desktop\Defogger.exe
2013-06-18 13:23 - 2013-06-18 13:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Schirmayer\Downloads\tdsskiller.exe
2013-06-14 12:24 - 2013-06-14 12:48 - 00000000 ____D C:\Users\Schirmayer\Desktop\Frau ****
2013-06-11 10:23 - 2013-06-18 12:39 - 00000000 ____D C:\ProgramData\08D6D9468F1EC0A3000008D6D074C5AA
2013-06-11 10:21 - 2013-06-11 10:21 - 00000000 ____D C:\Windows\Sun
2013-06-03 16:59 - 2013-06-03 16:59 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-03 16:59 - 2013-06-03 16:59 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-03 16:59 - 2013-06-03 16:59 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-03 16:59 - 2013-06-03 16:59 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-03 16:59 - 2013-06-03 16:59 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-03 16:59 - 2013-06-03 16:59 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-03 16:58 - 2013-06-03 17:03 - 00009518 ____A C:\Windows\IE10_main.log
2013-05-29 11:15 - 2013-06-17 16:23 - 00000000 ____D C:\Users\Schirmayer\Desktop\29.05.2013
2013-05-28 08:18 - 2013-05-28 08:18 - 00001825 ____A C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-05-28 08:18 - 2013-05-28 08:18 - 00001810 ____A C:\Users\Public\Desktop\PDF24 Fax.lnk
==================== One Month Modified Files and Folders ========
2013-06-18 18:00 - 2013-06-18 18:00 - 00000000 ____D C:\FRST
2013-06-18 17:59 - 2013-06-18 17:59 - 01365717 ____A (Farbar) C:\Users\Schirmayer\Desktop\FRST.exe
2013-06-18 17:18 - 2012-04-10 16:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 14:52 - 2009-07-14 06:34 - 00014496 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 14:52 - 2009-07-14 06:34 - 00014496 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 14:44 - 2013-01-04 15:26 - 00008726 ____A C:\Windows\setupact.log
2013-06-18 14:44 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 14:43 - 2013-06-18 13:51 - 00072171 ____A C:\Users\Schirmayer\Desktop\Neues Textdokument.txt
2013-06-18 13:53 - 2013-06-18 13:53 - 00377856 ____A C:\Users\Schirmayer\Desktop\gmer_2.1.19163.exe
2013-06-18 13:47 - 2012-06-01 07:35 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-06-18 13:46 - 2013-06-18 13:46 - 00602112 ____A (OldTimer Tools) C:\Users\Schirmayer\Desktop\OTL.exe
2013-06-18 13:45 - 2013-06-18 13:45 - 00000482 ____A C:\Users\Schirmayer\Downloads\defogger_disable.log
2013-06-18 13:45 - 2013-06-18 13:45 - 00000000 ____A C:\Users\Schirmayer\defogger_reenable
2013-06-18 13:45 - 2010-04-19 02:04 - 00000000 ____D C:\users\Schirmayer
2013-06-18 13:44 - 2013-06-18 13:44 - 00050477 ____A C:\Users\Schirmayer\Desktop\Defogger.exe
2013-06-18 13:23 - 2013-06-18 13:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Schirmayer\Downloads\tdsskiller.exe
2013-06-18 12:39 - 2013-06-11 10:23 - 00000000 ____D C:\ProgramData\08D6D9468F1EC0A3000008D6D074C5AA
2013-06-18 12:30 - 2012-05-31 09:17 - 00000324 ____A C:\Windows\hpbafd.ini
2013-06-18 08:10 - 2010-04-19 02:06 - 01622012 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-18 07:36 - 2012-03-08 08:31 - 01620992 __ASH C:\Users\Schirmayer\Desktop\Thumbs.db
2013-06-17 16:23 - 2013-05-29 11:15 - 00000000 ____D C:\Users\Schirmayer\Desktop\29.05.2013
2013-06-17 14:57 - 2010-05-23 23:20 - 00000000 ____D C:\ProgramData\Adobe
2013-06-17 14:57 - 2010-04-19 02:20 - 00000000 ____D C:\Users\Schirmayer\AppData\Roaming\Adobe
2013-06-17 07:32 - 2011-01-27 08:36 - 00272172 ____A C:\Windows\PFRO.log
2013-06-14 19:59 - 2010-04-19 01:54 - 01383111 ____A C:\Windows\WindowsUpdate.log
2013-06-14 12:48 - 2013-06-14 12:24 - 00000000 ____D C:\Users\Schirmayer\Desktop\Frau ****
2013-06-13 08:57 - 2013-03-04 13:47 - 00005314 ____A C:\Windows\System32\TeamViewer8_Hooks.log
2013-06-13 08:56 - 2013-01-03 17:58 - 00001055 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-06-12 11:18 - 2012-04-10 16:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 11:18 - 2011-05-31 17:31 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 10:21 - 2013-06-11 10:21 - 00000000 ____D C:\Windows\Sun
2013-06-06 05:17 - 2012-04-07 16:03 - 00000934 ____A C:\Windows\Tasks\Paragon Archive name arc_070412140058195.job
2013-06-05 18:12 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-05 15:36 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-03 17:03 - 2013-06-03 16:58 - 00009518 ____A C:\Windows\IE10_main.log
2013-06-03 16:59 - 2013-06-03 16:59 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-03 16:59 - 2013-06-03 16:59 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-03 16:59 - 2013-06-03 16:59 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-03 16:59 - 2013-06-03 16:59 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-03 16:59 - 2013-06-03 16:59 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-03 16:59 - 2013-06-03 16:59 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-03 12:29 - 2012-06-21 09:55 - 00000000 ____D C:\Users\Schirmayer\AppData\Local\SugarSync
2013-05-29 15:54 - 2013-03-26 16:08 - 00000000 ____D C:\Users\Schirmayer\AppData\Roaming\Verbindungsassistent
2013-05-28 08:18 - 2013-05-28 08:18 - 00001825 ____A C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-05-28 08:18 - 2013-05-28 08:18 - 00001810 ____A C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-05-28 08:18 - 2012-09-25 14:34 - 00000000 ____D C:\Program Files\PDF24
2013-05-27 12:03 - 2012-05-02 14:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-27 09:07 - 2010-08-25 13:02 - 00000000 ____D C:\Users\Schirmayer\AppData\Roaming\KeePass
2013-05-21 07:37 - 2013-05-17 14:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 09:20
==================== End Of Log ============================
--- --- --- |
|
18.06.2013, 18:32
| #4 | |
| /// the machine /// TB-Ausbilder | System Care Antivirus Hi, Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.06.2013, 09:23
| #5 |
| | System Care Antivirus So hier das Combofix Ergebnis, mal gespannt ob du was findest: Code:
ATTFilter ComboFix 13-06-18.02 - Schirmayer 19.06.2013 9:46.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.1016 [GMT 2:00]
ausgeführt von:: c:\users\Schirmayer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Versandhelfer\Versandhelfer.exe
.
Infizierte Kopie von c:\windows\system32\user32.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-19 bis 2013-06-19 ))))))))))))))))))))))))))))))
.
.
2013-06-19 07:55 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{122BB873-6396-4BD6-B430-7460B6EB51E0}\mpengine.dll
2013-06-19 07:53 . 2013-06-19 07:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-19 07:53 . 2013-06-19 07:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-18 16:00 . 2013-06-18 16:00 -------- d-----w- C:\FRST
2013-06-11 08:23 . 2013-06-18 10:39 -------- d-----w- c:\programdata\08D6D9468F1EC0A3000008D6D074C5AA
2013-06-11 08:21 . 2013-06-11 08:21 -------- d-----w- c:\windows\Sun
2013-06-08 01:15 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{146C862E-4310-4DDB-858C-1A304443E998}\mpengine.dll
2013-05-28 06:17 . 2013-05-28 06:17 -------- d-----w- c:\users\Schirmayer\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 09:18 . 2012-04-10 14:52 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 09:18 . 2011-05-31 15:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-06 11:43 . 2013-05-06 11:43 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-04-19 00:19 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-19 06:17 . 2013-04-19 06:17 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 04:45 . 2013-05-15 01:34 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 01:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 19:02 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 01:34 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 01:34 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 01:34 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-02 12:49 . 2013-03-01 10:46 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-02 12:49 . 2013-03-01 10:46 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-02 12:49 . 2013-03-01 10:46 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-26 14:08 . 2013-03-26 14:08 860928 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-03-26 14:08 . 2013-03-26 14:08 27136 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-03-26 14:08 . 2013-03-26 14:08 208896 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2013-03-26 14:08 . 2013-03-26 14:08 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-03-26 14:08 . 2013-03-26 14:08 106880 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-03-26 14:08 . 2013-03-26 14:08 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2010-04-19 00:20 . 2010-04-19 00:20 223440 ----a-w- c:\program files\truecrypt.sys
2010-04-19 00:20 . 2010-04-19 00:20 222160 ----a-w- c:\program files\truecrypt-x64.sys
2010-04-19 00:20 . 2010-04-19 00:20 1562064 ----a-w- c:\program files\TrueCrypt Format.exe
2010-04-19 00:20 . 2010-04-19 00:20 1415632 ----a-w- c:\program files\TrueCrypt.exe
2010-04-19 00:19 . 2010-04-19 00:20 3358880 ----a-w- c:\program files\TrueCrypt Setup.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2012-10-30 16:49 159040 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-04-23 13:48 2099552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-04-23 13:48 2099552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-04-23 13:48 2099552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-04-23 13:48 2099552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-04-23 13:48 2099552 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search - Home\DesktopSearchService.exe" [2013-01-28 1692200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-03-20 162856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0AMQAyADEAOAA1ADMANgAxADUAMAAtAEIAQQBSADkATwArADEALQBGAEwAKwA5AC0ARgA5AE0ANgArADEALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBYAE8AOQArADEALQBGADkATQAzACsAMQAtAEQARABUACsAMAAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA&prod=90&ver=9.0.894" [?]
.
c:\users\Schirmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
virtuelle-laufwerke-mounten.bat [2013-1-3 39]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-7-29 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2012-10-30 159040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2012-10-30 159040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Schirmayer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Schirmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3180 Scan2PC]
2011-04-29 07:58 1990144 ----a-w- c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-03-08 23:37 46368 ----a-w- c:\program files\Nuance\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2009-05-05 15:06 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2012-05-01 10:06 1895424 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-08 23:42 29984 ----a-w- c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-03-05 18:11 62752 ----a-w- c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-03-05 19:11 636192 ----a-w- c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2013-03-20 12:38 162856 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort12reminder]
2010-02-09 12:42 328992 ----a-w- c:\program files\Nuance\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 16:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SugarSync]
2013-04-23 13:54 12491104 ----a-w- c:\program files\SugarSync\SugarSync.exe
.
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1343400]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 Nvleien;Nvleien;c:\windows\system32\drivers\BrFiltLo.sys [2009-07-13 13568]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-04-26 40560]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-02 37352]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-11-30 273552]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 494416]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 36072]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [2011-11-17 277576]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-04-02 86752]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-07-29 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-07-29 399416]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-12 5120]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-07 4150112]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\WTGService.exe [2010-11-18 330696]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2012-03-26 101248]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys [2012-10-30 295488]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-11-28 25088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:18]
.
2013-06-06 c:\windows\Tasks\Paragon Archive name arc_070412140058195.job
- c:\program files\Paragon Software\Backup and Recovery 10 Free Edition\program\scripts.exe [2010-04-26 15:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Mit PDF Viewer Plus öffnen - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
c:\users\Schirmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk - c:\program files\Versandhelfer\Versandhelfer.exe
Notify-klogon - (no file)
MSConfigStartUp-BrStsMon00 - c:\program files\Browny02\Brother\BrStMonW.exe
MSConfigStartUp-ControlCenter4 - c:\program files\ControlCenter4\BrCcBoot.exe
MSConfigStartUp-EPSON BX610FW Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFJU.EXE
MSConfigStartUp-Eraser - c:\progra~1\Eraser\Eraser.exe
MSConfigStartUp-FUFAXSTM - c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe
MSConfigStartUp-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
AddRemove-ElsterFormular 11.5.0.4546 - c:\program files\ElsterFormular\uninstall.exe
AddRemove-ZoneAlarm Toolbar - c:\program files\CheckPoint\ZAForceField\Clean_tool.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\SSCbFsNetRdr3.dll
.
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(5840)
c:\windows\system32\guard32.dll
c:\windows\system32\SSCbFsMntNtf3.dll
c:\program files\Copernic Desktop Search - Home\DeskbandContainer_Win32.dll
c:\program files\Copernic Desktop Search - Home\SearchPlatform-s.dll
c:\windows\system32\SSCbFsNetRdr3.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\TeamViewer\Version8\TeamViewer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TeamViewer\Version8\tv_w32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-19 10:02:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-19 08:02
.
Vor Suchlauf: 11 Verzeichnis(se), 14.539.612.160 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 15.745.761.280 Bytes frei
.
- - End Of File - - 48EB3278C530A8B86454086B357D3469
A36C5E4F47E84449FF07ED3517B43A31
TyCore |
|
19.06.2013, 12:16
| #6 |
| /// the machine /// TB-Ausbilder | System Care Antivirus Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ --> System Care Antivirus |
|
20.06.2013, 17:57
| #7 |
| | System Care Antivirus In dem Log von Junkware steht nichts... nach einem Neustart bekam ich das gleiche Ergebnis. Code:
ATTFilter AdwCleaner v2.303 - Datei am 20/06/2013 um 13:41:16 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Schirmayer - AS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schirmayer\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Schirmayer\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Schirmayer\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1947 octets] - [20/06/2013 13:40:19]
AdwCleaner[S1].txt - [1880 octets] - [20/06/2013 13:41:16]
########## EOF - C:\AdwCleaner[S1].txt - [1940 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x86
Ran by Schirmayer on 20.06.2013 at 18:44:17,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.06.2013 at 18:46:23,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2013
Ran by Schirmayer (administrator) on 20-06-2013 18:47:23
Running from C:\Users\Schirmayer\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Copernic Inc.) C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [688128 2011-07-06] ()
HKLM\...\Run: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [1990144 2011-04-29] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload [1895424 2012-05-01] (Dominik Reichl)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0AMQAyADEAOAA1ADMANgAxADUAMAAtAEIAQQBSADkATwArADEALQBGAEwAKwA5AC0ARgA5AE0ANgArADEALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBYAE8AOQArADEALQBGADkATQAzACsAMQAtAEQARABUACsAMAAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.894 [x]
Winlogon\Notify\klogon:
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray [1692200 2013-01-28] (Copernic Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Schirmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\virtuelle-laufwerke-mounten.bat ()
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
SearchScopes: HKCU - {5B002001-09FF-4333-A944-63444AE00D7C} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKCU -ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default
FF Homepage: hxxp://www.google.com/calendar/render
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Deutsches Wörterbuch - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: tineye - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: yesscript - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\yesscript@userstyles.org.xpi
FF Extension: No Name - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-09-27] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-04-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-02] (Avira Operations GmbH & Co. KG)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-07-29] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-07-29] (Secunia)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [330696 2010-11-18] ()
S2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2012-03-26] (AVM Berlin)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [273552 2010-11-30] (EldoS Corporation)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.)
S3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [123784 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. )
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40560 2010-04-26] (Paragon Software Group)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
S4 Nvleien; C:\Windows\system32\drivers\BrFiltLo.sys [13568 2009-07-14] (Brother Industries, Ltd.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [295488 2012-10-30] (EldoS Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-01] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-12] (Samsung Electronics)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [45240 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [441608 2011-11-17] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [277576 2011-11-17] (Paragon)
S3 catchme; \??\C:\Users\SCHIRM~1\AppData\Local\Temp\catchme.sys [x]
S2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-20 18:46 - 2013-06-20 18:46 - 00000630 ____A C:\Users\Schirmayer\Desktop\JRT.txt
2013-06-20 14:25 - 2013-06-20 14:25 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 13:41 - 2013-06-20 13:42 - 00002009 ____A C:\AdwCleaner[S1].txt
2013-06-20 13:40 - 2013-06-20 13:40 - 00001947 ____A C:\AdwCleaner[R1].txt
2013-06-20 13:39 - 2013-06-20 18:43 - 00000000 ____D C:\JRT
2013-06-20 13:39 - 2013-06-20 13:39 - 00648201 ____A C:\Users\Schirmayer\Downloads\adwcleaner.exe
2013-06-20 13:39 - 2013-06-20 13:39 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Schirmayer\Desktop\JRT.exe
2013-06-20 09:50 - 2013-06-20 16:41 - 00000000 ____D C:\Users\Schirmayer\Desktop\Verschieben auf Sugar wenn Rechner oki
2013-06-20 03:04 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-20 03:04 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-20 03:04 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-20 03:04 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-20 03:04 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-20 03:04 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-20 03:01 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-20 03:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-20 03:01 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-19 11:30 - 2013-06-19 11:33 - 00000000 ____D C:\Users\Schirmayer\Desktop\Neuer Ordner
2013-06-19 10:11 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-19 10:11 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-19 10:11 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-19 10:11 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-19 10:11 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-19 10:11 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-19 10:11 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-19 10:11 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-19 10:11 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-19 10:11 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-19 10:11 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-19 10:11 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-19 10:02 - 2013-06-19 10:02 - 00021241 ____A C:\ComboFix.txt
2013-06-19 09:43 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-19 09:43 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-19 09:43 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-19 09:43 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-19 09:43 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-19 09:43 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-19 09:43 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-19 09:43 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-19 09:42 - 2013-06-19 10:02 - 00000000 ____D C:\Qoobox
2013-06-19 09:41 - 2013-06-19 09:59 - 00000000 ____D C:\Windows\erdnt
2013-06-19 09:39 - 2013-06-19 09:40 - 05081021 ____R (Swearware) C:\Users\Schirmayer\Desktop\ComboFix.exe
2013-06-18 18:01 - 2013-06-18 18:02 - 00023385 ____A C:\Users\Schirmayer\Desktop\Addition.txt
2013-06-18 18:00 - 2013-06-18 18:00 - 00000000 ____D C:\FRST
2013-06-18 17:59 - 2013-06-18 17:59 - 01365717 ____A (Farbar) C:\Users\Schirmayer\Desktop\FRST.exe
2013-06-18 13:53 - 2013-06-18 13:53 - 00377856 ____A C:\Users\Schirmayer\Desktop\gmer_2.1.19163.exe
2013-06-18 13:51 - 2013-06-18 14:43 - 00072171 ____A C:\Users\Schirmayer\Desktop\Neues Textdokument.txt
2013-06-18 13:46 - 2013-06-18 13:46 - 00602112 ____A (OldTimer Tools) C:\Users\Schirmayer\Desktop\OTL.exe
2013-06-18 13:45 - 2013-06-18 13:45 - 00000482 ____A C:\Users\Schirmayer\Downloads\defogger_disable.log
2013-06-18 13:45 - 2013-06-18 13:45 - 00000000 ____A C:\Users\Schirmayer\defogger_reenable
2013-06-18 13:44 - 2013-06-18 13:44 - 00050477 ____A C:\Users\Schirmayer\Desktop\Defogger.exe
2013-06-18 13:23 - 2013-06-18 13:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Schirmayer\Downloads\tdsskiller.exe
2013-06-14 12:24 - 2013-06-14 12:48 - 00000000 ____D C:\Users\Schirmayer\Desktop\Frau ***
2013-06-11 10:23 - 2013-06-18 12:39 - 00000000 ____D C:\ProgramData\08D6D9468F1EC0A3000008D6D074C5AA
2013-06-11 10:21 - 2013-06-11 10:21 - 00000000 ____D C:\Windows\Sun
2013-06-03 16:59 - 2013-06-03 16:59 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-03 16:59 - 2013-06-03 16:59 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-03 16:59 - 2013-06-03 16:59 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-03 16:59 - 2013-06-03 16:59 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-03 16:59 - 2013-06-03 16:59 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-03 16:58 - 2013-06-03 17:03 - 00009518 ____A C:\Windows\IE10_main.log
2013-05-29 11:15 - 2013-06-17 16:23 - 00000000 ____D C:\Users\Schirmayer\Desktop\29.05.2013
2013-05-28 08:18 - 2013-05-28 08:18 - 00001825 ____A C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-05-28 08:18 - 2013-05-28 08:18 - 00001810 ____A C:\Users\Public\Desktop\PDF24 Fax.lnk
==================== One Month Modified Files and Folders ========
2013-06-20 18:46 - 2013-06-20 18:46 - 00000630 ____A C:\Users\Schirmayer\Desktop\JRT.txt
2013-06-20 18:43 - 2013-06-20 13:39 - 00000000 ____D C:\JRT
2013-06-20 18:41 - 2013-01-04 15:26 - 00012244 ____A C:\Windows\setupact.log
2013-06-20 18:41 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 18:40 - 2010-04-19 01:54 - 01905928 ____A C:\Windows\WindowsUpdate.log
2013-06-20 18:18 - 2012-04-10 16:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-20 16:41 - 2013-06-20 09:50 - 00000000 ____D C:\Users\Schirmayer\Desktop\Verschieben auf Sugar wenn Rechner oki
2013-06-20 14:25 - 2013-06-20 14:25 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 13:58 - 2009-07-14 06:34 - 00014496 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 13:58 - 2009-07-14 06:34 - 00014496 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 13:50 - 2011-01-27 08:36 - 00273258 ____A C:\Windows\PFRO.log
2013-06-20 13:42 - 2013-06-20 13:41 - 00002009 ____A C:\AdwCleaner[S1].txt
2013-06-20 13:40 - 2013-06-20 13:40 - 00001947 ____A C:\AdwCleaner[R1].txt
2013-06-20 13:39 - 2013-06-20 13:39 - 00648201 ____A C:\Users\Schirmayer\Downloads\adwcleaner.exe
2013-06-20 13:39 - 2013-06-20 13:39 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Schirmayer\Desktop\JRT.exe
2013-06-20 12:00 - 2010-05-23 23:20 - 00000000 ____D C:\ProgramData\Adobe
2013-06-20 12:00 - 2010-04-19 02:20 - 00000000 ____D C:\Users\Schirmayer\AppData\Roaming\Adobe
2013-06-20 09:54 - 2012-05-31 09:17 - 00000226 ____A C:\Windows\hpbafd.ini
2013-06-20 08:00 - 2013-03-04 13:47 - 00006588 ____A C:\Windows\System32\TeamViewer8_Hooks.log
2013-06-20 07:59 - 2013-01-03 17:58 - 00001055 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-06-20 04:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-20 03:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-20 03:06 - 2010-04-19 02:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-20 03:01 - 2010-07-19 19:10 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-19 16:18 - 2012-04-07 16:03 - 00000934 ____A C:\Windows\Tasks\Paragon Archive name arc_070412140058195.job
2013-06-19 11:33 - 2013-06-19 11:30 - 00000000 ____D C:\Users\Schirmayer\Desktop\Neuer Ordner
2013-06-19 11:30 - 2010-04-19 02:06 - 01622012 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-19 10:02 - 2013-06-19 10:02 - 00021241 ____A C:\ComboFix.txt
2013-06-19 10:02 - 2013-06-19 09:42 - 00000000 ____D C:\Qoobox
2013-06-19 10:02 - 2009-07-14 04:37 - 00000000 __RHD C:\users\Default
2013-06-19 10:02 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-19 09:59 - 2013-06-19 09:41 - 00000000 ____D C:\Windows\erdnt
2013-06-19 09:55 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-19 09:52 - 2012-12-06 08:36 - 00000000 ____D C:\Program Files\Versandhelfer
2013-06-19 09:40 - 2013-06-19 09:39 - 05081021 ____R (Swearware) C:\Users\Schirmayer\Desktop\ComboFix.exe
2013-06-18 18:02 - 2013-06-18 18:01 - 00023385 ____A C:\Users\Schirmayer\Desktop\Addition.txt
2013-06-18 18:00 - 2013-06-18 18:00 - 00000000 ____D C:\FRST
2013-06-18 17:59 - 2013-06-18 17:59 - 01365717 ____A (Farbar) C:\Users\Schirmayer\Desktop\FRST.exe
2013-06-18 14:43 - 2013-06-18 13:51 - 00072171 ____A C:\Users\Schirmayer\Desktop\Neues Textdokument.txt
2013-06-18 13:53 - 2013-06-18 13:53 - 00377856 ____A C:\Users\Schirmayer\Desktop\gmer_2.1.19163.exe
2013-06-18 13:46 - 2013-06-18 13:46 - 00602112 ____A (OldTimer Tools) C:\Users\Schirmayer\Desktop\OTL.exe
2013-06-18 13:45 - 2013-06-18 13:45 - 00000482 ____A C:\Users\Schirmayer\Downloads\defogger_disable.log
2013-06-18 13:45 - 2013-06-18 13:45 - 00000000 ____A C:\Users\Schirmayer\defogger_reenable
2013-06-18 13:45 - 2010-04-19 02:04 - 00000000 ____D C:\users\Schirmayer
2013-06-18 13:44 - 2013-06-18 13:44 - 00050477 ____A C:\Users\Schirmayer\Desktop\Defogger.exe
2013-06-18 13:23 - 2013-06-18 13:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Schirmayer\Downloads\tdsskiller.exe
2013-06-18 12:39 - 2013-06-11 10:23 - 00000000 ____D C:\ProgramData\08D6D9468F1EC0A3000008D6D074C5AA
2013-06-18 07:36 - 2012-03-08 08:31 - 01620992 __ASH C:\Users\Schirmayer\Desktop\Thumbs.db
2013-06-17 16:23 - 2013-05-29 11:15 - 00000000 ____D C:\Users\Schirmayer\Desktop\29.05.2013
2013-06-14 12:48 - 2013-06-14 12:24 - 00000000 ____D C:\Users\Schirmayer\Desktop\Frau ***
2013-06-12 11:18 - 2012-04-10 16:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 11:18 - 2011-05-31 17:31 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 10:21 - 2013-06-11 10:21 - 00000000 ____D C:\Windows\Sun
2013-06-08 13:42 - 2013-06-20 03:04 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-20 03:04 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-20 03:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-20 03:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-20 03:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-20 03:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-03 17:03 - 2013-06-03 16:58 - 00009518 ____A C:\Windows\IE10_main.log
2013-06-03 16:59 - 2013-06-03 16:59 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-03 16:59 - 2013-06-03 16:59 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-03 16:59 - 2013-06-03 16:59 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-03 16:59 - 2013-06-03 16:59 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-03 16:59 - 2013-06-03 16:59 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-03 12:29 - 2012-06-21 09:55 - 00000000 ____D C:\Users\Schirmayer\AppData\Local\SugarSync
2013-05-29 15:54 - 2013-03-26 16:08 - 00000000 ____D C:\Users\Schirmayer\AppData\Roaming\Verbindungsassistent
2013-05-28 08:18 - 2013-05-28 08:18 - 00001825 ____A C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-05-28 08:18 - 2013-05-28 08:18 - 00001810 ____A C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-05-28 08:18 - 2012-09-25 14:34 - 00000000 ____D C:\Program Files\PDF24
2013-05-27 12:03 - 2012-05-02 14:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-27 09:07 - 2010-08-25 13:02 - 00000000 ____D C:\Users\Schirmayer\AppData\Roaming\KeePass
2013-05-21 07:37 - 2013-05-17 14:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 09:20
==================== End Of Log ============================
--- --- --- --- --- --- |
|
20.06.2013, 18:21
| #8 |
| /// the machine /// TB-Ausbilder | System Care AntivirusESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.06.2013, 18:57
| #9 |
| | System Care Antivirus bin jetzt endlich dazu gekommen die logs zu machen:FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-06-2013
Ran by Schirmayer (administrator) on 23-06-2013 19:28:25
Running from C:\Users\Schirmayer\Desktop\FRST
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Copernic Inc.) C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(TeamViewer GmbH) c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [688128 2011-07-06] ()
HKLM\...\Run: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [1990144 2011-04-29] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload [1895424 2012-05-01] (Dominik Reichl)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0AMQAyADEAOAA1ADMANgAxADUAMAAtAEIAQQBSADkATwArADEALQBGAEwAKwA5AC0ARgA5AE0ANgArADEALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBYAE8AOQArADEALQBGADkATQAzACsAMQAtAEQARABUACsAMAAtAEQARAA5ADAARgArADEALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.894 [x]
Winlogon\Notify\klogon:
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray [1692200 2013-01-28] (Copernic Inc.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Schirmayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\virtuelle-laufwerke-mounten.bat ()
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
SearchScopes: HKCU - {5B002001-09FF-4333-A944-63444AE00D7C} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKCU -ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default
FF Homepage: hxxp://www.google.com/calendar/render
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Deutsches Wörterbuch - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: No Name - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\staged
FF Extension: tineye - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: yesscript - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\yesscript@userstyles.org.xpi
FF Extension: No Name - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Schirmayer\AppData\Roaming\Mozilla\Firefox\Profiles\ippsrkm1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com
========================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-09-27] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-04-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-02] (Avira Operations GmbH & Co. KG)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-07-29] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-07-29] (Secunia)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [330696 2010-11-18] ()
S2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2012-03-26] (AVM Berlin)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [273552 2010-11-30] (EldoS Corporation)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.)
S3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [123784 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. )
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [40560 2010-04-26] (Paragon Software Group)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
S4 Nvleien; C:\Windows\system32\drivers\BrFiltLo.sys [13568 2009-07-14] (Brother Industries, Ltd.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [295488 2012-10-30] (EldoS Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-01] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-07-12] (Samsung Electronics)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [45240 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [441608 2011-11-17] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [277576 2011-11-17] (Paragon)
S3 catchme; \??\C:\Users\SCHIRM~1\AppData\Local\Temp\catchme.sys [x]
S2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-23 19:28 - 2013-06-23 19:28 - 00000000 ____D C:\Users\Schirmayer\Desktop\FRST
2013-06-23 19:25 - 2013-06-23 19:25 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-06-23 19:15 - 2013-06-23 19:15 - 00890839 ____A C:\Users\Schirmayer\Downloads\SecurityCheck.exe
2013-06-21 12:20 - 2013-06-21 12:20 - 00000384 ____A C:\Users\Schirmayer\Desktop\ESET.txt
2013-06-21 08:54 - 2013-06-21 08:54 - 02347384 ____A (ESET) C:\Users\Schirmayer\Downloads\esetsmartinstaller_enu.exe
2013-06-20 18:48 - 2013-06-20 18:56 - 00034217 ____A C:\Users\Schirmayer\Desktop\FRST.txt
2013-06-20 18:46 - 2013-06-20 18:46 - 00000630 ____A C:\Users\Schirmayer\Desktop\JRT.txt
2013-06-20 14:25 - 2013-06-20 14:25 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 13:41 - 2013-06-20 13:42 - 00002009 ____A C:\AdwCleaner[S1].txt
2013-06-20 13:40 - 2013-06-20 13:40 - 00001947 ____A C:\AdwCleaner[R1].txt
2013-06-20 13:39 - 2013-06-20 18:43 - 00000000 ____D C:\JRT
2013-06-20 13:39 - 2013-06-20 13:39 - 00648201 ____A C:\Users\Schirmayer\Downloads\adwcleaner.exe
2013-06-20 13:39 - 2013-06-20 13:39 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Schirmayer\Desktop\JRT.exe
2013-06-20 09:50 - 2013-06-21 12:38 - 00000000 ____D C:\Users\Schirmayer\Desktop\Verschieben auf Sugar wenn Rechner oki
2013-06-20 03:04 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-20 03:04 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-20 03:04 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-20 03:04 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-20 03:04 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-20 03:04 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-20 03:01 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-20 03:01 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-20 03:01 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-20 03:01 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-19 11:30 - 2013-06-19 11:33 - 00000000 ____D C:\Users\Schirmayer\Desktop\Neuer Ordner
2013-06-19 10:11 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-19 10:11 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-19 10:11 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-19 10:11 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-19 10:11 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-19 10:11 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-19 10:11 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-19 10:11 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-19 10:11 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-19 10:11 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-19 10:11 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-19 10:11 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-19 10:02 - 2013-06-19 10:02 - 00021241 ____A C:\ComboFix.txt
2013-06-19 09:43 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-19 09:43 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-19 09:43 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-19 09:43 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-19 09:43 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-19 09:43 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-19 09:43 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-19 09:43 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-19 09:42 - 2013-06-19 10:02 - 00000000 ____D C:\Qoobox
2013-06-19 09:41 - 2013-06-19 09:59 - 00000000 ____D C:\Windows\erdnt
2013-06-19 09:39 - 2013-06-19 09:40 - 05081021 ____R (Swearware) C:\Users\Schirmayer\Desktop\ComboFix.exe
2013-06-18 18:01 - 2013-06-18 18:02 - 00023385 ____A C:\Users\Schirmayer\Desktop\Addition.txt
2013-06-18 18:00 - 2013-06-18 18:00 - 00000000 ____D C:\FRST
2013-06-18 13:53 - 2013-06-18 13:53 - 00377856 ____A C:\Users\Schirmayer\Desktop\gmer_2.1.19163.exe
2013-06-18 13:51 - 2013-06-18 14:43 - 00072171 ____A C:\Users\Schirmayer\Desktop\Neues Textdokument.txt
2013-06-18 13:46 - 2013-06-18 13:46 - 00602112 ____A (OldTimer Tools) C:\Users\Schirmayer\Desktop\OTL.exe
2013-06-18 13:45 - 2013-06-18 13:45 - 00000482 ____A C:\Users\Schirmayer\Downloads\defogger_disable.log
2013-06-18 13:45 - 2013-06-18 13:45 - 00000000 ____A C:\Users\Schirmayer\defogger_reenable
2013-06-18 13:44 - 2013-06-18 13:44 - 00050477 ____A C:\Users\Schirmayer\Desktop\Defogger.exe
2013-06-18 13:23 - 2013-06-18 13:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Schirmayer\Downloads\tdsskiller.exe
2013-06-14 12:24 - 2013-06-14 12:48 - 00000000 ____D C:\Users\Schirmayer\Desktop\Frau ***
2013-06-11 10:23 - 2013-06-18 12:39 - 00000000 ____D C:\ProgramData\08D6D9468F1EC0A3000008D6D074C5AA
2013-06-11 10:21 - 2013-06-11 10:21 - 00000000 ____D C:\Windows\Sun
2013-06-03 16:59 - 2013-06-03 16:59 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-03 16:59 - 2013-06-03 16:59 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-03 16:59 - 2013-06-03 16:59 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-03 16:59 - 2013-06-03 16:59 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-03 16:59 - 2013-06-03 16:59 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-03 16:58 - 2013-06-03 17:03 - 00009518 ____A C:\Windows\IE10_main.log
2013-05-29 11:15 - 2013-06-17 16:23 - 00000000 ____D C:\Users\Schirmayer\Desktop\29.05.2013
2013-05-28 08:18 - 2013-05-28 08:18 - 00001825 ____A C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-05-28 08:18 - 2013-05-28 08:18 - 00001810 ____A C:\Users\Public\Desktop\PDF24 Fax.lnk
==================== One Month Modified Files and Folders ========
2013-06-23 19:28 - 2013-06-23 19:28 - 00000000 ____D C:\Users\Schirmayer\Desktop\FRST
2013-06-23 19:26 - 2013-06-23 19:25 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-06-23 19:18 - 2012-04-10 16:52 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-23 19:15 - 2013-06-23 19:15 - 00890839 ____A C:\Users\Schirmayer\Downloads\SecurityCheck.exe
2013-06-23 03:52 - 2010-04-19 01:54 - 01134327 ____A C:\Windows\WindowsUpdate.log
2013-06-21 13:00 - 2012-05-31 09:17 - 00000564 ____A C:\Windows\hpbafd.ini
2013-06-21 12:38 - 2013-06-20 09:50 - 00000000 ____D C:\Users\Schirmayer\Desktop\Verschieben auf Sugar wenn Rechner oki
2013-06-21 12:35 - 2009-07-14 06:34 - 00014496 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-21 12:35 - 2009-07-14 06:34 - 00014496 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-21 12:28 - 2013-01-04 15:26 - 00012356 ____A C:\Windows\setupact.log
2013-06-21 12:28 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-21 12:27 - 2011-01-27 08:36 - 00274398 ____A C:\Windows\PFRO.log
2013-06-21 12:20 - 2013-06-21 12:20 - 00000384 ____A C:\Users\Schirmayer\Desktop\ESET.txt
2013-06-21 08:55 - 2010-04-19 02:06 - 01622012 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-21 08:54 - 2013-06-21 08:54 - 02347384 ____A (ESET) C:\Users\Schirmayer\Downloads\esetsmartinstaller_enu.exe
2013-06-20 18:56 - 2013-06-20 18:48 - 00034217 ____A C:\Users\Schirmayer\Desktop\FRST.txt
2013-06-20 18:46 - 2013-06-20 18:46 - 00000630 ____A C:\Users\Schirmayer\Desktop\JRT.txt
2013-06-20 18:43 - 2013-06-20 13:39 - 00000000 ____D C:\JRT
2013-06-20 14:25 - 2013-06-20 14:25 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 13:42 - 2013-06-20 13:41 - 00002009 ____A C:\AdwCleaner[S1].txt
2013-06-20 13:40 - 2013-06-20 13:40 - 00001947 ____A C:\AdwCleaner[R1].txt
2013-06-20 13:39 - 2013-06-20 13:39 - 00648201 ____A C:\Users\Schirmayer\Downloads\adwcleaner.exe
2013-06-20 13:39 - 2013-06-20 13:39 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Schirmayer\Desktop\JRT.exe
2013-06-20 12:00 - 2010-05-23 23:20 - 00000000 ____D C:\ProgramData\Adobe
2013-06-20 12:00 - 2010-04-19 02:20 - 00000000 ____D C:\Users\Schirmayer\AppData\Roaming\Adobe
2013-06-20 08:00 - 2013-03-04 13:47 - 00006588 ____A C:\Windows\System32\TeamViewer8_Hooks.log
2013-06-20 07:59 - 2013-01-03 17:58 - 00001055 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-06-20 04:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-20 03:21 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-20 03:06 - 2010-04-19 02:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-20 03:01 - 2010-07-19 19:10 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-19 16:18 - 2012-04-07 16:03 - 00000934 ____A C:\Windows\Tasks\Paragon Archive name arc_070412140058195.job
2013-06-19 11:33 - 2013-06-19 11:30 - 00000000 ____D C:\Users\Schirmayer\Desktop\Neuer Ordner
2013-06-19 10:02 - 2013-06-19 10:02 - 00021241 ____A C:\ComboFix.txt
2013-06-19 10:02 - 2013-06-19 09:42 - 00000000 ____D C:\Qoobox
2013-06-19 10:02 - 2009-07-14 04:37 - 00000000 __RHD C:\users\Default
2013-06-19 10:02 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-19 09:59 - 2013-06-19 09:41 - 00000000 ____D C:\Windows\erdnt
2013-06-19 09:55 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-19 09:52 - 2012-12-06 08:36 - 00000000 ____D C:\Program Files\Versandhelfer
2013-06-19 09:40 - 2013-06-19 09:39 - 05081021 ____R (Swearware) C:\Users\Schirmayer\Desktop\ComboFix.exe
2013-06-18 18:02 - 2013-06-18 18:01 - 00023385 ____A C:\Users\Schirmayer\Desktop\Addition.txt
2013-06-18 18:00 - 2013-06-18 18:00 - 00000000 ____D C:\FRST
2013-06-18 14:43 - 2013-06-18 13:51 - 00072171 ____A C:\Users\Schirmayer\Desktop\Neues Textdokument.txt
2013-06-18 13:53 - 2013-06-18 13:53 - 00377856 ____A C:\Users\Schirmayer\Desktop\gmer_2.1.19163.exe
2013-06-18 13:46 - 2013-06-18 13:46 - 00602112 ____A (OldTimer Tools) C:\Users\Schirmayer\Desktop\OTL.exe
2013-06-18 13:45 - 2013-06-18 13:45 - 00000482 ____A C:\Users\Schirmayer\Downloads\defogger_disable.log
2013-06-18 13:45 - 2013-06-18 13:45 - 00000000 ____A C:\Users\Schirmayer\defogger_reenable
2013-06-18 13:45 - 2010-04-19 02:04 - 00000000 ____D C:\users\Schirmayer
2013-06-18 13:44 - 2013-06-18 13:44 - 00050477 ____A C:\Users\Schirmayer\Desktop\Defogger.exe
2013-06-18 13:23 - 2013-06-18 13:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Schirmayer\Downloads\tdsskiller.exe
2013-06-18 12:39 - 2013-06-11 10:23 - 00000000 ____D C:\ProgramData\08D6D9468F1EC0A3000008D6D074C5AA
2013-06-18 07:36 - 2012-03-08 08:31 - 01620992 __ASH C:\Users\Schirmayer\Desktop\Thumbs.db
2013-06-17 16:23 - 2013-05-29 11:15 - 00000000 ____D C:\Users\Schirmayer\Desktop\29.05.2013
2013-06-14 12:48 - 2013-06-14 12:24 - 00000000 ____D C:\Users\Schirmayer\Desktop\Frau ***9
2013-06-12 11:18 - 2012-04-10 16:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 11:18 - 2011-05-31 17:31 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 10:21 - 2013-06-11 10:21 - 00000000 ____D C:\Windows\Sun
2013-06-08 13:42 - 2013-06-20 03:04 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-20 03:04 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-20 03:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-20 03:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-20 03:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-20 03:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-03 17:03 - 2013-06-03 16:58 - 00009518 ____A C:\Windows\IE10_main.log
2013-06-03 16:59 - 2013-06-03 16:59 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-03 16:59 - 2013-06-03 16:59 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-03 16:59 - 2013-06-03 16:59 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-03 16:59 - 2013-06-03 16:59 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-03 16:59 - 2013-06-03 16:59 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-03 16:59 - 2013-06-03 16:59 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-03 16:59 - 2013-06-03 16:59 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-03 12:29 - 2012-06-21 09:55 - 00000000 ____D C:\Users\Schirmayer\AppData\Local\SugarSync
2013-05-29 15:54 - 2013-03-26 16:08 - 00000000 ____D C:\Users\Schirmayer\AppData\Roaming\Verbindungsassistent
2013-05-28 08:18 - 2013-05-28 08:18 - 00001825 ____A C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-05-28 08:18 - 2013-05-28 08:18 - 00001810 ____A C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-05-28 08:18 - 2012-09-25 14:34 - 00000000 ____D C:\Program Files\PDF24
2013-05-27 12:03 - 2012-05-02 14:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-27 09:07 - 2010-08-25 13:02 - 00000000 ____D C:\Users\Schirmayer\AppData\Roaming\KeePass
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 01:00
==================== End Of Log ============================
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d509106a9a678f44b4fb7a6fdd334131
# engine=14121
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-21 10:17:46
# local_time=2013-06-21 12:17:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=1799 16775165 100 97 11949 117580350 9506 0
# compatibility_mode=3074 16777213 100 100 14873885 43533830 0 0
# compatibility_mode=5893 16776573 100 94 63418 123441057 0 0
# scanned=192575
# found=3
# cleaned=0
# scan_time=11665
sh=AC4FFD16AD3D62B69B07B59197B4E60DE6A80C20 ft=1 fh=6c9f8b22d7af8865 vn="a variant of Win32/Kryptik.BDGF trojan" ac=I fn="C:\Users\Schirmayer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6583120b-21fdf2f8"
sh=AC4FFD16AD3D62B69B07B59197B4E60DE6A80C20 ft=1 fh=6c9f8b22d7af8865 vn="a variant of Win32/Kryptik.BDGF trojan" ac=I fn="C:\Users\Schirmayer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\725732ef-4ed174a7"
sh=AC4FFD16AD3D62B69B07B59197B4E60DE6A80C20 ft=1 fh=6c9f8b22d7af8865 vn="a variant of Win32/Kryptik.BDGF trojan" ac=I fn="C:\Users\Schirmayer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\5e40c13a-12a07cff"
Code:
ATTFilter Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Secunia PSI (2.0.0.4002)
CCleaner
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
23.06.2013, 20:43
| #10 |
| /// the machine /// TB-Ausbilder | System Care Antivirus Java und adobe bitte updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu System Care Antivirus |
| adobe, antivirus, avira, bonjour, browser, cdrom, computer, defender, detected, dxgkrnl, fontcache, gelöscht, harddisk, internet, löschen, monitor, nvidia, object, ordner, policyagent, rootkit, scan, secunia psi, security, server, sigcheck, system, system care, trustedinstaller, tunnel, windows, windows media player, wlansvc, wmp, wsearch |
