| |
| |||||||
Log-Analyse und Auswertung: "Maleware Protection" Infektion - NachprüfungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
02.07.2013, 15:37
| #1 |
| |  "Maleware Protection" Infektion - Nachprüfung Hallo liebes Trojanerboard, schon oft habe ich hier Rat gefunden, aber noch nie selbst welchen angefordert. Nun ist es aber wohl Zeit. Wie ihr schon am Titel lesen könnt, wurde das Problemlaptop mit Malware Protection infiziert, während ich im VBA-Forum mit IE8-64bit unter WIN7-64bit gebrowst habe. Es traten vorher garkeine Symptome auf, sondern es tauchte sofort das bekannte Fenster auf, welches vorgab den Rechner zu scannen. Ich bin erstmal nach den angegebenen Schritten im Thread http://www.trojaner-board.de/99655-m...entfernen.html (weiß nicht wie hier intra-linking geht, sorry) vorgegangen. Dabei habe ich folgende Logs erhalten : RKILL : Code:
ATTFilter Rkill 2.5.3 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 07/02/2013 03:46:12 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\***\Desktop\rkill\rkill-07-02-2013-03-46-13.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* ALERT: ZEROACCESS Reparse Point/Junction found!
* C:\Program Files\Windows Defender\de-DE => c:\windows\system32\config\ [Dir]
* C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCommu.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
Checking Windows Service Integrity:
* COM+-Ereignissystem (EventSystem) is not Running.
Startup Type set to: Automatic
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Windows-Firewallautorisierungstreiber (mpsdrv) is not Running.
Startup Type set to: Manual
* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 07/02/2013 03:46:25 PM
Execution time: 0 hours(s), 0 minute(s), and 12 seconds(s)
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.02.05 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 *** :: LAP-*** [Administrator] Schutz: Deaktiviert 02.07.2013 15:49:14 mbam-log-2013-07-02 (15-49-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 386200 Laufzeit: 14 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Trojan.Fakealert) -> Daten: C:\ProgramData\tdefender.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\$Recycle.Bin\S-1-5-18\$c82170576ca8ed728f8f5ecc0f458f9a\U\00000001.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-18\$c82170576ca8ed728f8f5ecc0f458f9a\U\80000000.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-18\$c82170576ca8ed728f8f5ecc0f458f9a\U\800000cb.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-537785611-3490341461-2138311702-1136\$R3ACB8D65 (Trojan.Downloader.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\11372699448023.exe (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\F365.tmp (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\tdefender.exe (Trojan.Fakealert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter 16:06:55.0198 1060 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:06:55.0230 1060 ============================================================
16:06:55.0230 1060 Current date / time: 2013/07/02 16:06:55.0230
16:06:55.0230 1060 SystemInfo:
16:06:55.0230 1060
16:06:55.0230 1060 OS Version: 6.1.7601 ServicePack: 1.0
16:06:55.0230 1060 Product type: Workstation
16:06:55.0230 1060 ComputerName: LAP-***
16:06:55.0230 1060 UserName: ***
16:06:55.0230 1060 Windows directory: C:\Windows
16:06:55.0230 1060 System windows directory: C:\Windows
16:06:55.0230 1060 Running under WOW64
16:06:55.0230 1060 Processor architecture: Intel x64
16:06:55.0230 1060 Number of processors: 8
16:06:55.0230 1060 Page size: 0x1000
16:06:55.0230 1060 Boot type: Safe boot with network
16:06:55.0230 1060 ============================================================
16:06:55.0448 1060 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:06:55.0448 1060 ============================================================
16:06:55.0448 1060 \Device\Harddisk0\DR0:
16:06:55.0448 1060 MBR partitions:
16:06:55.0448 1060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33800, BlocksNum 0x2710000
16:06:55.0448 1060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2743800, BlocksNum 0xC738800
16:06:55.0448 1060 ============================================================
16:06:55.0448 1060 C: <-> \Device\Harddisk0\DR0\Partition2
16:06:55.0448 1060 ============================================================
16:06:55.0448 1060 Initialize success
16:06:55.0448 1060 ============================================================
16:06:56.0540 1168 ============================================================
16:06:56.0540 1168 Scan started
16:06:56.0540 1168 Mode: Manual;
16:06:56.0540 1168 ============================================================
16:06:56.0571 1168 ================ Scan system memory ========================
16:06:56.0571 1168 System memory - ok
16:06:56.0571 1168 ================ Scan services =============================
16:06:56.0602 1168 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:06:56.0602 1168 1394ohci - ok
16:06:56.0602 1168 [ AEDB94A49236F5FF060C90E09E70281F ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
16:06:56.0602 1168 Acceler - ok
16:06:56.0618 1168 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:06:56.0618 1168 ACPI - ok
16:06:56.0618 1168 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:06:56.0618 1168 AcpiPmi - ok
16:06:56.0618 1168 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:06:56.0618 1168 AdobeARMservice - ok
16:06:56.0649 1168 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:06:56.0649 1168 AdobeFlashPlayerUpdateSvc - ok
16:06:56.0665 1168 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:06:56.0665 1168 adp94xx - ok
16:06:56.0680 1168 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:06:56.0680 1168 adpahci - ok
16:06:56.0696 1168 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:06:56.0696 1168 adpu320 - ok
16:06:56.0712 1168 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:06:56.0712 1168 AeLookupSvc - ok
16:06:56.0743 1168 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:06:56.0743 1168 AERTFilters - ok
16:06:56.0758 1168 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:06:56.0758 1168 AFD - ok
16:06:56.0774 1168 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:06:56.0774 1168 agp440 - ok
16:06:56.0774 1168 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:06:56.0774 1168 ALG - ok
16:06:56.0774 1168 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:06:56.0774 1168 aliide - ok
16:06:56.0774 1168 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:06:56.0790 1168 amdide - ok
16:06:56.0790 1168 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:06:56.0790 1168 AmdK8 - ok
16:06:56.0805 1168 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:06:56.0805 1168 AmdPPM - ok
16:06:56.0821 1168 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:06:56.0821 1168 amdsata - ok
16:06:56.0821 1168 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:06:56.0821 1168 amdsbs - ok
16:06:56.0836 1168 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:06:56.0836 1168 amdxata - ok
16:06:56.0836 1168 [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
16:06:56.0836 1168 AntiVirMailService - ok
16:06:56.0836 1168 [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:06:56.0852 1168 AntiVirSchedulerService - ok
16:06:56.0852 1168 [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:06:56.0852 1168 AntiVirService - ok
16:06:56.0868 1168 [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:06:56.0868 1168 AntiVirWebService - ok
16:06:56.0868 1168 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
16:06:56.0883 1168 ApfiltrService - ok
16:06:56.0883 1168 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:06:56.0883 1168 AppID - ok
16:06:56.0883 1168 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:06:56.0883 1168 AppIDSvc - ok
16:06:56.0883 1168 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
16:06:56.0883 1168 Appinfo - ok
16:06:56.0899 1168 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:06:56.0899 1168 AppMgmt - ok
16:06:56.0899 1168 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:06:56.0899 1168 arc - ok
16:06:56.0899 1168 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:06:56.0899 1168 arcsas - ok
16:06:56.0914 1168 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:06:56.0930 1168 aspnet_state - ok
16:06:56.0946 1168 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:06:56.0946 1168 AsyncMac - ok
16:06:56.0946 1168 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:06:56.0946 1168 atapi - ok
16:06:56.0961 1168 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:06:56.0977 1168 AudioEndpointBuilder - ok
16:06:56.0977 1168 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:06:56.0992 1168 AudioSrv - ok
16:06:56.0992 1168 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:06:56.0992 1168 avgntflt - ok
16:06:57.0024 1168 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:06:57.0024 1168 avipbb - ok
16:06:57.0039 1168 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:06:57.0039 1168 avkmgr - ok
16:06:57.0039 1168 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:06:57.0039 1168 AxInstSV - ok
16:06:57.0055 1168 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:06:57.0055 1168 b06bdrv - ok
16:06:57.0070 1168 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:06:57.0070 1168 b57nd60a - ok
16:06:57.0086 1168 [ 801CE1CDF383492B927821C05CB6E8D5 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
16:06:57.0086 1168 BCM42RLY - ok
16:06:57.0133 1168 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
16:06:57.0148 1168 BCM43XX - ok
16:06:57.0164 1168 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:06:57.0164 1168 BDESVC - ok
16:06:57.0180 1168 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:06:57.0195 1168 Beep - ok
16:06:57.0195 1168 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:06:57.0211 1168 BITS - ok
16:06:57.0211 1168 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:06:57.0226 1168 blbdrive - ok
16:06:57.0226 1168 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:06:57.0226 1168 bowser - ok
16:06:57.0242 1168 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:06:57.0242 1168 BrFiltLo - ok
16:06:57.0258 1168 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:06:57.0258 1168 BrFiltUp - ok
16:06:57.0273 1168 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:06:57.0273 1168 Browser - ok
16:06:57.0289 1168 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:06:57.0304 1168 Brserid - ok
16:06:57.0320 1168 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:06:57.0320 1168 BrSerWdm - ok
16:06:57.0336 1168 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:06:57.0336 1168 BrUsbMdm - ok
16:06:57.0351 1168 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:06:57.0351 1168 BrUsbSer - ok
16:06:57.0367 1168 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:06:57.0367 1168 BthEnum - ok
16:06:57.0382 1168 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:06:57.0382 1168 BTHMODEM - ok
16:06:57.0398 1168 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:06:57.0398 1168 BthPan - ok
16:06:57.0398 1168 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:06:57.0414 1168 BTHPORT - ok
16:06:57.0414 1168 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:06:57.0414 1168 bthserv - ok
16:06:57.0429 1168 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:06:57.0429 1168 BTHUSB - ok
16:06:57.0460 1168 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
16:06:57.0460 1168 BTWAMPFL - ok
16:06:57.0476 1168 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:06:57.0476 1168 btwaudio - ok
16:06:57.0492 1168 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
16:06:57.0492 1168 btwavdt - ok
16:06:57.0507 1168 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:06:57.0507 1168 btwdins - ok
16:06:57.0507 1168 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:06:57.0523 1168 btwl2cap - ok
16:06:57.0538 1168 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:06:57.0538 1168 btwrchid - ok
16:06:57.0538 1168 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:06:57.0538 1168 cdfs - ok
16:06:57.0554 1168 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:06:57.0554 1168 cdrom - ok
16:06:57.0570 1168 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:06:57.0570 1168 CertPropSvc - ok
16:06:57.0585 1168 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:06:57.0585 1168 circlass - ok
16:06:57.0616 1168 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:06:57.0616 1168 CLFS - ok
16:06:57.0632 1168 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:06:57.0632 1168 clr_optimization_v2.0.50727_32 - ok
16:06:57.0648 1168 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:06:57.0648 1168 clr_optimization_v2.0.50727_64 - ok
16:06:57.0663 1168 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:06:57.0663 1168 clr_optimization_v4.0.30319_32 - ok
16:06:57.0679 1168 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:06:57.0679 1168 clr_optimization_v4.0.30319_64 - ok
16:06:57.0679 1168 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:06:57.0679 1168 CmBatt - ok
16:06:57.0694 1168 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:06:57.0694 1168 cmdide - ok
16:06:57.0710 1168 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:06:57.0710 1168 CNG - ok
16:06:57.0710 1168 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:06:57.0710 1168 Compbatt - ok
16:06:57.0726 1168 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:06:57.0741 1168 CompositeBus - ok
16:06:57.0757 1168 COMSysApp - ok
16:06:57.0788 1168 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:06:57.0788 1168 cphs - ok
16:06:57.0788 1168 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:06:57.0788 1168 crcdisk - ok
16:06:57.0819 1168 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:06:57.0819 1168 CryptSvc - ok
16:06:57.0835 1168 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:06:57.0835 1168 CSC - ok
16:06:57.0850 1168 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:06:57.0866 1168 CscService - ok
16:06:57.0882 1168 [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:06:57.0882 1168 CtClsFlt - ok
16:06:57.0913 1168 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:06:57.0913 1168 DcomLaunch - ok
16:06:57.0913 1168 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:06:57.0928 1168 defragsvc - ok
16:06:57.0928 1168 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:06:57.0928 1168 DfsC - ok
16:06:57.0944 1168 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:06:57.0960 1168 Dhcp - ok
16:06:57.0960 1168 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:06:57.0960 1168 discache - ok
16:06:57.0975 1168 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:06:57.0975 1168 Disk - ok
16:06:57.0991 1168 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:06:57.0991 1168 dmvsc - ok
16:06:58.0006 1168 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:06:58.0006 1168 Dnscache - ok
16:06:58.0022 1168 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:06:58.0022 1168 dot3svc - ok
16:06:58.0038 1168 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:06:58.0038 1168 DPS - ok
16:06:58.0053 1168 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:06:58.0053 1168 drmkaud - ok
16:06:58.0069 1168 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:06:58.0084 1168 DXGKrnl - ok
16:06:58.0084 1168 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:06:58.0084 1168 EapHost - ok
16:06:58.0116 1168 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:06:58.0131 1168 ebdrv - ok
16:06:58.0147 1168 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:06:58.0147 1168 EFS - ok
16:06:58.0147 1168 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:06:58.0162 1168 ehRecvr - ok
16:06:58.0162 1168 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:06:58.0162 1168 ehSched - ok
16:06:58.0162 1168 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
16:06:58.0162 1168 ElbyCDIO - ok
16:06:58.0194 1168 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:06:58.0194 1168 elxstor - ok
16:06:58.0194 1168 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:06:58.0194 1168 ErrDev - ok
16:06:58.0209 1168 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:06:58.0209 1168 EventSystem - ok
16:06:58.0209 1168 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:06:58.0225 1168 exfat - ok
16:06:58.0225 1168 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:06:58.0225 1168 fastfat - ok
16:06:58.0240 1168 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:06:58.0240 1168 Fax - ok
16:06:58.0256 1168 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:06:58.0256 1168 fdc - ok
16:06:58.0256 1168 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:06:58.0256 1168 fdPHost - ok
16:06:58.0256 1168 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:06:58.0256 1168 FDResPub - ok
16:06:58.0256 1168 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:06:58.0256 1168 FileInfo - ok
16:06:58.0256 1168 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:06:58.0256 1168 Filetrace - ok
16:06:58.0256 1168 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:06:58.0256 1168 flpydisk - ok
16:06:58.0272 1168 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:06:58.0272 1168 FltMgr - ok
16:06:58.0272 1168 [ F910874E4789DC95F37D2CF6285A85FA ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
16:06:58.0272 1168 FLxHCIc - ok
16:06:58.0272 1168 [ B957F9A14F696DBC0DC65497AAFD0CA4 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
16:06:58.0287 1168 FLxHCIh - ok
16:06:58.0287 1168 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
16:06:58.0303 1168 FontCache - ok
16:06:58.0303 1168 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:06:58.0303 1168 FontCache3.0.0.0 - ok
16:06:58.0303 1168 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:06:58.0303 1168 FsDepends - ok
16:06:58.0318 1168 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:06:58.0318 1168 Fs_Rec - ok
16:06:58.0318 1168 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:06:58.0318 1168 fvevol - ok
16:06:58.0318 1168 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:06:58.0318 1168 gagp30kx - ok
16:06:58.0334 1168 [ B8BF5309C3ECAE7727CDE3B4778C8DCF ] GatewayAgentService C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe
16:06:58.0334 1168 GatewayAgentService - ok
16:06:58.0334 1168 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:06:58.0334 1168 GEARAspiWDM - ok
16:06:58.0334 1168 [ 9BA50351AF95C9DF28C8BCD382427D11 ] GenericMount C:\Windows\system32\DRIVERS\GenericMount.sys
16:06:58.0350 1168 GenericMount - ok
16:06:58.0365 1168 [ 9573DC01B6BAA0371ED4AFBAEBEE4DCC ] GenericMount Helper Service C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe
16:06:58.0396 1168 GenericMount Helper Service - ok
16:06:58.0396 1168 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:06:58.0412 1168 gpsvc - ok
16:06:58.0412 1168 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:06:58.0412 1168 hcw85cir - ok
16:06:58.0412 1168 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:06:58.0412 1168 HDAudBus - ok
16:06:58.0428 1168 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:06:58.0443 1168 HidBatt - ok
16:06:58.0459 1168 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:06:58.0459 1168 HidBth - ok
16:06:58.0474 1168 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:06:58.0474 1168 HidIr - ok
16:06:58.0490 1168 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:06:58.0490 1168 hidserv - ok
16:06:58.0506 1168 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:06:58.0506 1168 HidUsb - ok
16:06:58.0521 1168 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:06:58.0521 1168 hkmsvc - ok
16:06:58.0537 1168 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:06:58.0537 1168 HomeGroupListener - ok
16:06:58.0552 1168 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:06:58.0552 1168 HomeGroupProvider - ok
16:06:58.0568 1168 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:06:58.0568 1168 HpSAMD - ok
16:06:58.0599 1168 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:06:58.0599 1168 HTTP - ok
16:06:58.0599 1168 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:06:58.0599 1168 hwpolicy - ok
16:06:58.0615 1168 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:06:58.0615 1168 i8042prt - ok
16:06:58.0630 1168 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:06:58.0630 1168 iaStor - ok
16:06:58.0646 1168 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:06:58.0646 1168 IAStorDataMgrSvc - ok
16:06:58.0662 1168 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:06:58.0662 1168 iaStorV - ok
16:06:58.0693 1168 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:06:58.0693 1168 idsvc - ok
16:06:58.0802 1168 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:06:58.0911 1168 igfx - ok
16:06:58.0911 1168 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:06:58.0911 1168 iirsp - ok
16:06:58.0927 1168 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:06:58.0927 1168 IKEEXT - ok
16:06:58.0927 1168 Scan interrupted by user!
16:06:58.0927 1168 ================ Scan global ===============================
16:06:58.0927 1168 Scan interrupted by user!
16:06:58.0927 1168 ================ Scan MBR ==================================
16:06:58.0927 1168 Scan interrupted by user!
16:06:58.0927 1168 ================ Scan VBR ==================================
16:06:58.0927 1168 Scan interrupted by user!
16:06:58.0927 1168 ============================================================
16:06:58.0927 1168 Scan finished
16:06:58.0927 1168 ============================================================
16:06:58.0942 1092 Detected object count: 0
16:06:58.0942 1092 Actual detected object count: 0
16:07:04.0059 1272 ============================================================
16:07:04.0059 1272 Scan started
16:07:04.0059 1272 Mode: Manual; SigCheck; TDLFS;
16:07:04.0059 1272 ============================================================
16:07:04.0059 1272 ================ Scan system memory ========================
16:07:04.0059 1272 System memory - ok
16:07:04.0059 1272 ================ Scan services =============================
16:07:04.0090 1272 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:07:04.0761 1272 1394ohci - ok
16:07:04.0761 1272 [ AEDB94A49236F5FF060C90E09E70281F ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
16:07:04.0777 1272 Acceler - ok
16:07:04.0792 1272 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:07:04.0808 1272 ACPI - ok
16:07:04.0808 1272 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:07:04.0824 1272 AcpiPmi - ok
16:07:04.0839 1272 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:07:04.0839 1272 AdobeARMservice - ok
16:07:04.0855 1272 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:07:04.0870 1272 AdobeFlashPlayerUpdateSvc - ok
16:07:04.0870 1272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:07:04.0886 1272 adp94xx - ok
16:07:04.0902 1272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:07:04.0917 1272 adpahci - ok
16:07:04.0933 1272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:07:04.0948 1272 adpu320 - ok
16:07:04.0948 1272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:07:04.0995 1272 AeLookupSvc - ok
16:07:04.0995 1272 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:07:05.0011 1272 AERTFilters - ok
16:07:05.0011 1272 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:07:05.0026 1272 AFD - ok
16:07:05.0026 1272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:07:05.0042 1272 agp440 - ok
16:07:05.0042 1272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:07:05.0058 1272 ALG - ok
16:07:05.0058 1272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:07:05.0073 1272 aliide - ok
16:07:05.0073 1272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:07:05.0089 1272 amdide - ok
16:07:05.0089 1272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:07:05.0104 1272 AmdK8 - ok
16:07:05.0120 1272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:07:05.0136 1272 AmdPPM - ok
16:07:05.0136 1272 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:07:05.0136 1272 amdsata - ok
16:07:05.0151 1272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:07:05.0167 1272 amdsbs - ok
16:07:05.0167 1272 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:07:05.0182 1272 amdxata - ok
16:07:05.0198 1272 [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
16:07:05.0198 1272 AntiVirMailService - ok
16:07:05.0214 1272 [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:07:05.0214 1272 AntiVirSchedulerService - ok
16:07:05.0214 1272 [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:07:05.0229 1272 AntiVirService - ok
16:07:05.0245 1272 [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:07:05.0260 1272 AntiVirWebService - ok
16:07:05.0260 1272 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
16:07:05.0276 1272 ApfiltrService - ok
16:07:05.0276 1272 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:07:05.0338 1272 AppID - ok
16:07:05.0338 1272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:07:05.0370 1272 AppIDSvc - ok
16:07:05.0370 1272 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
16:07:05.0385 1272 Appinfo - ok
16:07:05.0385 1272 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:07:05.0401 1272 AppMgmt - ok
16:07:05.0416 1272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:07:05.0416 1272 arc - ok
16:07:05.0416 1272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:07:05.0432 1272 arcsas - ok
16:07:05.0448 1272 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:07:05.0448 1272 aspnet_state - ok
16:07:05.0448 1272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:07:05.0479 1272 AsyncMac - ok
16:07:05.0494 1272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:07:05.0510 1272 atapi - ok
16:07:05.0526 1272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:07:05.0557 1272 AudioEndpointBuilder - ok
16:07:05.0572 1272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:07:05.0604 1272 AudioSrv - ok
16:07:05.0604 1272 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:07:05.0619 1272 avgntflt - ok
16:07:05.0619 1272 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:07:05.0635 1272 avipbb - ok
16:07:05.0635 1272 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:07:05.0650 1272 avkmgr - ok
16:07:05.0650 1272 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:07:05.0666 1272 AxInstSV - ok
16:07:05.0682 1272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:07:05.0697 1272 b06bdrv - ok
16:07:05.0697 1272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:07:05.0713 1272 b57nd60a - ok
16:07:05.0713 1272 [ 801CE1CDF383492B927821C05CB6E8D5 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
16:07:05.0728 1272 BCM42RLY - ok
16:07:05.0775 1272 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
16:07:05.0853 1272 BCM43XX - ok
16:07:05.0853 1272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:07:05.0869 1272 BDESVC - ok
16:07:05.0869 1272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:07:05.0900 1272 Beep - ok
16:07:05.0916 1272 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:07:05.0947 1272 BITS - ok
16:07:05.0947 1272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:07:05.0962 1272 blbdrive - ok
16:07:05.0962 1272 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:07:05.0978 1272 bowser - ok
16:07:05.0978 1272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:07:05.0994 1272 BrFiltLo - ok
16:07:05.0994 1272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:07:06.0009 1272 BrFiltUp - ok
16:07:06.0025 1272 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:07:06.0040 1272 Browser - ok
16:07:06.0040 1272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:07:06.0056 1272 Brserid - ok
16:07:06.0056 1272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:07:06.0072 1272 BrSerWdm - ok
16:07:06.0072 1272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:07:06.0087 1272 BrUsbMdm - ok
16:07:06.0087 1272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:07:06.0103 1272 BrUsbSer - ok
16:07:06.0103 1272 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:07:06.0118 1272 BthEnum - ok
16:07:06.0118 1272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:07:06.0134 1272 BTHMODEM - ok
16:07:06.0150 1272 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:07:06.0165 1272 BthPan - ok
16:07:06.0165 1272 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:07:06.0181 1272 BTHPORT - ok
16:07:06.0181 1272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:07:06.0212 1272 bthserv - ok
16:07:06.0228 1272 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:07:06.0228 1272 BTHUSB - ok
16:07:06.0243 1272 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
16:07:06.0243 1272 BTWAMPFL - ok
16:07:06.0259 1272 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:07:06.0259 1272 btwaudio - ok
16:07:06.0259 1272 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
16:07:06.0274 1272 btwavdt - ok
16:07:06.0290 1272 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:07:06.0306 1272 btwdins - ok
16:07:06.0306 1272 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:07:06.0321 1272 btwl2cap - ok
16:07:06.0321 1272 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:07:06.0321 1272 btwrchid - ok
16:07:06.0337 1272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:07:06.0368 1272 cdfs - ok
16:07:06.0368 1272 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:07:06.0384 1272 cdrom - ok
16:07:06.0384 1272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:07:06.0415 1272 CertPropSvc - ok
16:07:06.0415 1272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:07:06.0430 1272 circlass - ok
16:07:06.0430 1272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:07:06.0446 1272 CLFS - ok
16:07:06.0462 1272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:07:06.0462 1272 clr_optimization_v2.0.50727_32 - ok
16:07:06.0462 1272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:07:06.0477 1272 clr_optimization_v2.0.50727_64 - ok
16:07:06.0477 1272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:07:06.0493 1272 clr_optimization_v4.0.30319_32 - ok
16:07:06.0493 1272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:07:06.0508 1272 clr_optimization_v4.0.30319_64 - ok
16:07:06.0508 1272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:07:06.0508 1272 CmBatt - ok
16:07:06.0524 1272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:07:06.0540 1272 cmdide - ok
16:07:06.0540 1272 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:07:06.0571 1272 CNG - ok
16:07:06.0571 1272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:07:06.0571 1272 Compbatt - ok
16:07:06.0571 1272 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:07:06.0586 1272 CompositeBus - ok
16:07:06.0586 1272 COMSysApp - ok
16:07:06.0618 1272 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:07:06.0618 1272 cphs - ok
16:07:06.0633 1272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:07:06.0633 1272 crcdisk - ok
16:07:06.0633 1272 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:07:06.0649 1272 CryptSvc - ok
16:07:06.0664 1272 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:07:06.0680 1272 CSC - ok
16:07:06.0680 1272 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:07:06.0696 1272 CscService - ok
16:07:06.0711 1272 [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:07:06.0711 1272 CtClsFlt - ok
16:07:06.0727 1272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:07:06.0758 1272 DcomLaunch - ok
16:07:06.0758 1272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:07:06.0805 1272 defragsvc - ok
16:07:06.0805 1272 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:07:06.0836 1272 DfsC - ok
16:07:06.0836 1272 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:07:06.0852 1272 Dhcp - ok
16:07:06.0867 1272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:07:06.0898 1272 discache - ok
16:07:06.0898 1272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:07:06.0914 1272 Disk - ok
16:07:06.0914 1272 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:07:06.0930 1272 dmvsc - ok
16:07:06.0930 1272 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:07:06.0945 1272 Dnscache - ok
16:07:06.0961 1272 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:07:06.0992 1272 dot3svc - ok
16:07:06.0992 1272 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:07:07.0023 1272 DPS - ok
16:07:07.0039 1272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:07:07.0039 1272 drmkaud - ok
16:07:07.0054 1272 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:07:07.0086 1272 DXGKrnl - ok
16:07:07.0086 1272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:07:07.0117 1272 EapHost - ok
16:07:07.0148 1272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:07:07.0195 1272 ebdrv - ok
16:07:07.0195 1272 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:07:07.0210 1272 EFS - ok
16:07:07.0226 1272 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:07:07.0242 1272 ehRecvr - ok
16:07:07.0242 1272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:07:07.0257 1272 ehSched - ok
16:07:07.0257 1272 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
16:07:07.0273 1272 ElbyCDIO - ok
16:07:07.0288 1272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:07:07.0304 1272 elxstor - ok
16:07:07.0320 1272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:07:07.0320 1272 ErrDev - ok
16:07:07.0335 1272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:07:07.0382 1272 EventSystem - ok
16:07:07.0382 1272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:07:07.0413 1272 exfat - ok
16:07:07.0429 1272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:07:07.0460 1272 fastfat - ok
16:07:07.0460 1272 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:07:07.0476 1272 Fax - ok
16:07:07.0491 1272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:07:07.0491 1272 fdc - ok
16:07:07.0491 1272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:07:07.0538 1272 fdPHost - ok
16:07:07.0538 1272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:07:07.0569 1272 FDResPub - ok
16:07:07.0585 1272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:07:07.0585 1272 FileInfo - ok
16:07:07.0600 1272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:07:07.0632 1272 Filetrace - ok
16:07:07.0632 1272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:07:07.0632 1272 flpydisk - ok
16:07:07.0647 1272 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:07:07.0663 1272 FltMgr - ok
16:07:07.0663 1272 [ F910874E4789DC95F37D2CF6285A85FA ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
16:07:07.0663 1272 FLxHCIc - ok
16:07:07.0678 1272 [ B957F9A14F696DBC0DC65497AAFD0CA4 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
16:07:07.0678 1272 FLxHCIh - ok
16:07:07.0694 1272 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
16:07:07.0710 1272 FontCache - ok
16:07:07.0725 1272 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:07:07.0725 1272 FontCache3.0.0.0 - ok
16:07:07.0725 1272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:07:07.0741 1272 FsDepends - ok
16:07:07.0741 1272 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:07:07.0756 1272 Fs_Rec - ok
16:07:07.0756 1272 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:07:07.0772 1272 fvevol - ok
16:07:07.0772 1272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:07:07.0788 1272 gagp30kx - ok
16:07:07.0788 1272 [ B8BF5309C3ECAE7727CDE3B4778C8DCF ] GatewayAgentService C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe
16:07:07.0803 1272 GatewayAgentService - ok
16:07:07.0803 1272 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:07:07.0819 1272 GEARAspiWDM - ok
16:07:07.0834 1272 [ 9BA50351AF95C9DF28C8BCD382427D11 ] GenericMount C:\Windows\system32\DRIVERS\GenericMount.sys
16:07:07.0834 1272 GenericMount - ok
16:07:07.0866 1272 [ 9573DC01B6BAA0371ED4AFBAEBEE4DCC ] GenericMount Helper Service C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe
16:07:07.0897 1272 GenericMount Helper Service - ok
16:07:07.0912 1272 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:07:07.0944 1272 gpsvc - ok
16:07:07.0944 1272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:07:07.0959 1272 hcw85cir - ok
16:07:07.0959 1272 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:07:07.0975 1272 HDAudBus - ok
16:07:07.0975 1272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:07:07.0990 1272 HidBatt - ok
16:07:07.0990 1272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:07:08.0006 1272 HidBth - ok
16:07:08.0006 1272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:07:08.0022 1272 HidIr - ok
16:07:08.0022 1272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:07:08.0053 1272 hidserv - ok
16:07:08.0068 1272 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:07:08.0068 1272 HidUsb - ok
16:07:08.0068 1272 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:07:08.0100 1272 hkmsvc - ok
16:07:08.0115 1272 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:07:08.0131 1272 HomeGroupListener - ok
16:07:08.0146 1272 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:07:08.0162 1272 HomeGroupProvider - ok
16:07:08.0162 1272 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:07:08.0162 1272 HpSAMD - ok
16:07:08.0178 1272 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:07:08.0209 1272 HTTP - ok
16:07:08.0224 1272 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:07:08.0224 1272 hwpolicy - ok
16:07:08.0224 1272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:07:08.0240 1272 i8042prt - ok
16:07:08.0256 1272 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:07:08.0271 1272 iaStor - ok
16:07:08.0271 1272 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:07:08.0287 1272 IAStorDataMgrSvc - ok
16:07:08.0318 1272 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:07:08.0334 1272 iaStorV - ok
16:07:08.0349 1272 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:07:08.0365 1272 idsvc - ok
16:07:08.0474 1272 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:07:08.0646 1272 igfx - ok
16:07:08.0661 1272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:07:08.0661 1272 iirsp - ok
16:07:08.0677 1272 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:07:08.0708 1272 IKEEXT - ok
16:07:08.0724 1272 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
16:07:08.0724 1272 Impcd - ok
16:07:08.0755 1272 [ 1B491F385EE96F9D9EE4CB430C8CD29E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:07:08.0817 1272 IntcAzAudAddService - ok
16:07:08.0817 1272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:07:08.0817 1272 intelide - ok
16:07:08.0833 1272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:07:08.0833 1272 intelppm - ok
16:07:08.0833 1272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:07:08.0880 1272 IPBusEnum - ok
16:07:08.0880 1272 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:07:08.0911 1272 IpFilterDriver - ok
16:07:08.0911 1272 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:07:08.0926 1272 IPMIDRV - ok
16:07:08.0942 1272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:07:08.0973 1272 IPNAT - ok
16:07:08.0973 1272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:07:08.0989 1272 IRENUM - ok
16:07:08.0989 1272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:07:09.0004 1272 isapnp - ok
16:07:09.0004 1272 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:07:09.0020 1272 iScsiPrt - ok
16:07:09.0020 1272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:07:09.0036 1272 kbdclass - ok
16:07:09.0036 1272 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:07:09.0051 1272 kbdhid - ok
16:07:09.0051 1272 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:07:09.0051 1272 KeyIso - ok
16:07:09.0067 1272 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:07:09.0067 1272 KSecDD - ok
16:07:09.0082 1272 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:07:09.0082 1272 KSecPkg - ok
16:07:09.0098 1272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:07:09.0129 1272 ksthunk - ok
16:07:09.0129 1272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:07:09.0160 1272 KtmRm - ok
16:07:09.0176 1272 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:07:09.0207 1272 LanmanServer - ok
16:07:09.0207 1272 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:07:09.0238 1272 LanmanWorkstation - ok
16:07:09.0254 1272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:07:09.0285 1272 lltdio - ok
16:07:09.0285 1272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:07:09.0316 1272 lltdsvc - ok
16:07:09.0332 1272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:07:09.0363 1272 lmhosts - ok
16:07:09.0379 1272 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:07:09.0394 1272 LMS - ok
16:07:09.0394 1272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:07:09.0410 1272 LSI_FC - ok
16:07:09.0410 1272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:07:09.0426 1272 LSI_SAS - ok
16:07:09.0426 1272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:07:09.0441 1272 LSI_SAS2 - ok
16:07:09.0441 1272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:07:09.0457 1272 LSI_SCSI - ok
16:07:09.0457 1272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:07:09.0488 1272 luafv - ok
16:07:09.0504 1272 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:07:09.0504 1272 MBAMProtector - ok
16:07:09.0519 1272 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:07:09.0535 1272 MBAMScheduler - ok
16:07:09.0535 1272 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:07:09.0566 1272 MBAMService - ok
16:07:09.0566 1272 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:07:09.0582 1272 Mcx2Svc - ok
16:07:09.0582 1272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:07:09.0597 1272 megasas - ok
16:07:09.0597 1272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:07:09.0613 1272 MegaSR - ok
16:07:09.0613 1272 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:07:09.0628 1272 MEIx64 - ok
16:07:09.0628 1272 Microsoft SharePoint Workspace Audit Service - ok
16:07:09.0628 1272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:07:09.0660 1272 MMCSS - ok
16:07:09.0675 1272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:07:09.0706 1272 Modem - ok
16:07:09.0706 1272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:07:09.0722 1272 monitor - ok
16:07:09.0722 1272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:07:09.0738 1272 mouclass - ok
16:07:09.0738 1272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:07:09.0753 1272 mouhid - ok
16:07:09.0753 1272 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:07:09.0753 1272 mountmgr - ok
16:07:09.0769 1272 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:07:09.0784 1272 mpio - ok
16:07:09.0784 1272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:07:09.0816 1272 mpsdrv - ok
16:07:09.0831 1272 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:07:09.0847 1272 MRxDAV - ok
16:07:09.0847 1272 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:07:09.0862 1272 mrxsmb - ok
16:07:09.0862 1272 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:07:09.0878 1272 mrxsmb10 - ok
16:07:09.0878 1272 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:07:09.0894 1272 mrxsmb20 - ok
16:07:09.0894 1272 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:07:09.0909 1272 msahci - ok
16:07:09.0909 1272 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:07:09.0925 1272 msdsm - ok
16:07:09.0925 1272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:07:09.0940 1272 MSDTC - ok
16:07:09.0940 1272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:07:09.0972 1272 Msfs - ok
16:07:09.0972 1272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:07:10.0003 1272 mshidkmdf - ok
16:07:10.0018 1272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:07:10.0034 1272 msisadrv - ok
16:07:10.0050 1272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:07:10.0081 1272 MSiSCSI - ok
16:07:10.0081 1272 msiserver - ok
16:07:10.0081 1272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:07:10.0112 1272 MSKSSRV - ok
16:07:10.0128 1272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:07:10.0159 1272 MSPCLOCK - ok
16:07:10.0159 1272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:07:10.0190 1272 MSPQM - ok
16:07:10.0190 1272 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:07:10.0206 1272 MsRPC - ok
16:07:10.0206 1272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:07:10.0221 1272 mssmbios - ok
16:07:10.0221 1272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:07:10.0252 1272 MSTEE - ok
16:07:10.0252 1272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:07:10.0268 1272 MTConfig - ok
16:07:10.0268 1272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:07:10.0284 1272 Mup - ok
16:07:10.0284 1272 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:07:10.0330 1272 napagent - ok
16:07:10.0330 1272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:07:10.0362 1272 NativeWifiP - ok
16:07:10.0362 1272 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:07:10.0393 1272 NDIS - ok
16:07:10.0393 1272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:07:10.0424 1272 NdisCap - ok
16:07:10.0424 1272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:07:10.0471 1272 NdisTapi - ok
16:07:10.0471 1272 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:07:10.0502 1272 Ndisuio - ok
16:07:10.0502 1272 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:07:10.0533 1272 NdisWan - ok
16:07:10.0533 1272 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:07:10.0564 1272 NDProxy - ok
16:07:10.0564 1272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:07:10.0611 1272 NetBIOS - ok
16:07:10.0611 1272 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:07:10.0642 1272 NetBT - ok
16:07:10.0642 1272 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:07:10.0658 1272 Netlogon - ok
16:07:10.0658 1272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:07:10.0705 1272 Netman - ok
16:07:10.0705 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:10.0720 1272 NetMsmqActivator - ok
16:07:10.0720 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:10.0720 1272 NetPipeActivator - ok
16:07:10.0736 1272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:07:10.0767 1272 netprofm - ok
16:07:10.0767 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:10.0783 1272 NetTcpActivator - ok
16:07:10.0783 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:10.0798 1272 NetTcpPortSharing - ok
16:07:10.0798 1272 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
16:07:10.0814 1272 netvsc - ok
16:07:10.0814 1272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:07:10.0830 1272 nfrd960 - ok
16:07:10.0830 1272 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:07:10.0845 1272 NlaSvc - ok
16:07:10.0861 1272 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
16:07:10.0876 1272 nmwcd - ok
16:07:10.0876 1272 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
16:07:10.0892 1272 nmwcdc - ok
16:07:10.0939 1272 [ A1787754952A0B700E386DC7C5FA5726 ] Norton Ghost C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
16:07:11.0017 1272 Norton Ghost - ok
16:07:11.0017 1272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:07:11.0048 1272 Npfs - ok
16:07:11.0064 1272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:07:11.0095 1272 nsi - ok
16:07:11.0095 1272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:07:11.0126 1272 nsiproxy - ok
16:07:11.0142 1272 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:07:11.0173 1272 Ntfs - ok
16:07:11.0173 1272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:07:11.0220 1272 Null - ok
16:07:11.0220 1272 [ D584ABB6A308933A5F72B46C9E5A783F ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
16:07:11.0220 1272 nusb3hub - ok
16:07:11.0235 1272 [ 345B9C04E2036DA4346E3249A5BDFD06 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
16:07:11.0235 1272 nusb3xhc - ok
16:07:11.0251 1272 [ 555DDBAF3D306154C553ACBD6780FD1E ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
16:07:11.0251 1272 nvkflt - ok
16:07:11.0376 1272 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:07:11.0594 1272 nvlddmkm - ok
16:07:11.0610 1272 [ 3629B8C7257C6231A3CFB44359C68B1D ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
16:07:11.0610 1272 nvpciflt - ok
16:07:11.0610 1272 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:07:11.0625 1272 nvraid - ok
16:07:11.0625 1272 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:07:11.0641 1272 nvstor - ok
16:07:11.0641 1272 [ 4DC87CDA61D7B185E79618581F46B85A ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
16:07:11.0656 1272 NvStUSB - ok
16:07:11.0672 1272 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:07:11.0688 1272 nvsvc - ok
16:07:11.0719 1272 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:07:11.0766 1272 nvUpdatusService - ok
16:07:11.0781 1272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:07:11.0781 1272 nv_agp - ok
16:07:11.0781 1272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:07:11.0797 1272 ohci1394 - ok
16:07:11.0844 1272 [ C5D74311311E1B0EBADC86E1C59A29BE ] OO DiskImage C:\Program Files\OO Software\DiskImage\oodiag.exe
16:07:11.0922 1272 OO DiskImage - ok
16:07:11.0922 1272 [ BB9D5B3BE12230ED6DACE2CF32A89C43 ] oodisr C:\Windows\system32\DRIVERS\oodisr.sys
16:07:11.0937 1272 oodisr - ok
16:07:11.0937 1272 [ 62B3AD126DA7FAD3A5849087C96ACA3C ] oodisrh C:\Windows\system32\DRIVERS\oodisrh.sys
16:07:11.0953 1272 oodisrh - ok
16:07:11.0953 1272 [ B0BEBAB1C468A9C5869474AC64A8C520 ] oodivd C:\Windows\system32\DRIVERS\oodivd.sys
16:07:11.0968 1272 oodivd - ok
16:07:11.0968 1272 [ 0A9CBFFD3854C0FEC0A39638F0AA69AD ] oodivdh C:\Windows\system32\DRIVERS\oodivdh.sys
16:07:11.0984 1272 oodivdh - ok
16:07:11.0984 1272 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:07:12.0000 1272 ose - ok
16:07:12.0031 1272 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:07:12.0124 1272 osppsvc - ok
16:07:12.0140 1272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:07:12.0140 1272 p2pimsvc - ok
16:07:12.0156 1272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:07:12.0171 1272 p2psvc - ok
16:07:12.0171 1272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:07:12.0187 1272 Parport - ok
16:07:12.0187 1272 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:07:12.0202 1272 partmgr - ok
16:07:12.0202 1272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:07:12.0218 1272 PcaSvc - ok
16:07:12.0234 1272 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:07:12.0234 1272 pccsmcfd - ok
16:07:12.0234 1272 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:07:12.0249 1272 pci - ok
16:07:12.0249 1272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:07:12.0265 1272 pciide - ok
16:07:12.0265 1272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:07:12.0280 1272 pcmcia - ok
16:07:12.0280 1272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:07:12.0296 1272 pcw - ok
16:07:12.0296 1272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:07:12.0343 1272 PEAUTH - ok
16:07:12.0358 1272 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:07:12.0390 1272 PeerDistSvc - ok
16:07:12.0405 1272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:07:12.0421 1272 PerfHost - ok
16:07:12.0436 1272 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:07:12.0483 1272 pla - ok
16:07:12.0499 1272 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:07:12.0514 1272 PlugPlay - ok
16:07:12.0514 1272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:07:12.0530 1272 PNRPAutoReg - ok
16:07:12.0530 1272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:07:12.0546 1272 PNRPsvc - ok
16:07:12.0546 1272 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:07:12.0592 1272 PolicyAgent - ok
16:07:12.0592 1272 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
16:07:12.0608 1272 Power - ok
16:07:12.0608 1272 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:07:12.0639 1272 PptpMiniport - ok
16:07:12.0655 1272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:07:12.0655 1272 Processor - ok
16:07:12.0670 1272 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:07:12.0686 1272 ProfSvc - ok
16:07:12.0686 1272 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:07:12.0686 1272 ProtectedStorage - ok
16:07:12.0702 1272 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:07:12.0733 1272 Psched - ok
16:07:12.0733 1272 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:07:12.0733 1272 PxHlpa64 - ok
16:07:12.0748 1272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:07:12.0780 1272 ql2300 - ok
16:07:12.0795 1272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:07:12.0795 1272 ql40xx - ok
16:07:12.0811 1272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:07:12.0826 1272 QWAVE - ok
16:07:12.0826 1272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:07:12.0842 1272 QWAVEdrv - ok
16:07:12.0842 1272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:07:12.0873 1272 RasAcd - ok
16:07:12.0889 1272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:07:12.0920 1272 RasAgileVpn - ok
16:07:12.0920 1272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:07:12.0967 1272 RasAuto - ok
16:07:12.0967 1272 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:07:12.0998 1272 Rasl2tp - ok
16:07:12.0998 1272 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:07:13.0045 1272 RasMan - ok
16:07:13.0045 1272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:07:13.0076 1272 RasPppoe - ok
16:07:13.0076 1272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:07:13.0107 1272 RasSstp - ok
16:07:13.0123 1272 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:07:13.0154 1272 rdbss - ok
16:07:13.0154 1272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:07:13.0170 1272 rdpbus - ok
16:07:13.0170 1272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:07:13.0201 1272 RDPCDD - ok
16:07:13.0201 1272 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:07:13.0216 1272 RDPDR - ok
16:07:13.0216 1272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:07:13.0248 1272 RDPENCDD - ok
16:07:13.0263 1272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:07:13.0294 1272 RDPREFMP - ok
16:07:13.0294 1272 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:07:13.0310 1272 RdpVideoMiniport - ok
16:07:13.0310 1272 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:07:13.0326 1272 RDPWD - ok
16:07:13.0326 1272 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:07:13.0341 1272 rdyboost - ok
16:07:13.0341 1272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:07:13.0388 1272 RemoteAccess - ok
16:07:13.0388 1272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:07:13.0435 1272 RemoteRegistry - ok
16:07:13.0435 1272 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:07:13.0450 1272 RFCOMM - ok
16:07:13.0466 1272 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
16:07:13.0497 1272 RoxMediaDB12OEM - ok
16:07:13.0513 1272 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
16:07:13.0528 1272 RoxWatch12 - ok
16:07:13.0528 1272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:07:13.0560 1272 RpcEptMapper - ok
16:07:13.0560 1272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:07:13.0575 1272 RpcLocator - ok
16:07:13.0591 1272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:07:13.0622 1272 RpcSs - ok
16:07:13.0622 1272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:07:13.0653 1272 rspndr - ok
16:07:13.0669 1272 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:07:13.0669 1272 RSUSBSTOR - ok
16:07:13.0684 1272 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:07:13.0700 1272 RTL8167 - ok
16:07:13.0700 1272 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:07:13.0716 1272 s3cap - ok
16:07:13.0716 1272 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:07:13.0731 1272 SamSs - ok
16:07:13.0731 1272 [ 2C31378A5695526E99ADAB928157B992 ] Samsung UPD Service2 C:\Windows\System32\SUPDSvc2.exe
16:07:13.0747 1272 Samsung UPD Service2 - ok
16:07:13.0747 1272 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:07:13.0747 1272 sbp2port - ok
16:07:13.0762 1272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:07:13.0809 1272 SCardSvr - ok
16:07:13.0809 1272 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:07:13.0840 1272 scfilter - ok
16:07:13.0856 1272 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:07:13.0887 1272 Schedule - ok
16:07:13.0903 1272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:07:13.0934 1272 SCPolicySvc - ok
16:07:13.0934 1272 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:07:13.0950 1272 SDRSVC - ok
16:07:13.0950 1272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:07:13.0981 1272 secdrv - ok
16:07:13.0981 1272 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:07:14.0028 1272 seclogon - ok
16:07:14.0028 1272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:07:14.0059 1272 SENS - ok
16:07:14.0059 1272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:07:14.0074 1272 SensrSvc - ok
16:07:14.0074 1272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:07:14.0090 1272 Serenum - ok
16:07:14.0090 1272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:07:14.0106 1272 Serial - ok
16:07:14.0106 1272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:07:14.0121 1272 sermouse - ok
16:07:14.0121 1272 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
16:07:14.0152 1272 ServiceLayer - ok
16:07:14.0152 1272 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:07:14.0184 1272 SessionEnv - ok
16:07:14.0199 1272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:07:14.0199 1272 sffdisk - ok
16:07:14.0215 1272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:07:14.0215 1272 sffp_mmc - ok
16:07:14.0215 1272 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:07:14.0230 1272 sffp_sd - ok
16:07:14.0230 1272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:07:14.0246 1272 sfloppy - ok
16:07:14.0262 1272 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:07:14.0293 1272 ShellHWDetection - ok
16:07:14.0293 1272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:07:14.0308 1272 SiSRaid2 - ok
16:07:14.0308 1272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:07:14.0324 1272 SiSRaid4 - ok
16:07:14.0324 1272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:07:14.0355 1272 Smb - ok
16:07:14.0371 1272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:07:14.0371 1272 SNMPTRAP - ok
16:07:14.0386 1272 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
16:07:14.0402 1272 speedfan - ok
16:07:14.0402 1272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:07:14.0418 1272 spldr - ok
16:07:14.0433 1272 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:07:14.0449 1272 Spooler - ok
16:07:14.0480 1272 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:07:14.0558 1272 sppsvc - ok
16:07:14.0558 1272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:07:14.0589 1272 sppuinotify - ok
16:07:14.0605 1272 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:07:14.0620 1272 srv - ok
16:07:14.0620 1272 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:07:14.0636 1272 srv2 - ok
16:07:14.0636 1272 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:07:14.0652 1272 srvnet - ok
16:07:14.0652 1272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:07:14.0698 1272 SSDPSRV - ok
16:07:14.0698 1272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:07:14.0730 1272 SstpSvc - ok
16:07:14.0745 1272 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
16:07:14.0745 1272 stdcfltn - ok
16:07:14.0761 1272 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:07:14.0761 1272 Stereo Service - ok
16:07:14.0776 1272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:07:14.0776 1272 stexstor - ok
16:07:14.0792 1272 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:07:14.0808 1272 stisvc - ok
16:07:14.0808 1272 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:07:14.0823 1272 stllssvr - ok
16:07:14.0823 1272 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:07:14.0839 1272 StorSvc - ok
16:07:14.0839 1272 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:07:14.0854 1272 storvsc - ok
16:07:14.0870 1272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:07:14.0870 1272 swenum - ok
16:07:14.0886 1272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:07:14.0917 1272 swprv - ok
16:07:14.0917 1272 Symantec SymSnap VSS Provider - ok
16:07:14.0932 1272 [ 2D9B2746F7DEA46D1572B84A06311566 ] symsnap C:\Windows\system32\DRIVERS\symsnap.sys
16:07:14.0932 1272 symsnap - ok
16:07:14.0964 1272 [ EA1A479651CA2E0409C29D586C91901D ] SymSnapService C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
16:07:15.0026 1272 SymSnapService - ok
16:07:15.0026 1272 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
16:07:15.0026 1272 SynthVid - ok
16:07:15.0042 1272 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:07:15.0088 1272 SysMain - ok
16:07:15.0088 1272 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:07:15.0104 1272 TabletInputService - ok
16:07:15.0104 1272 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:07:15.0151 1272 TapiSrv - ok
16:07:15.0151 1272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:07:15.0182 1272 TBS - ok
16:07:15.0198 1272 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:07:15.0244 1272 Tcpip - ok
16:07:15.0260 1272 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:07:15.0291 1272 TCPIP6 - ok
16:07:15.0291 1272 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:07:15.0307 1272 tcpipreg - ok
16:07:15.0307 1272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:07:15.0322 1272 TDPIPE - ok
16:07:15.0322 1272 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:07:15.0338 1272 TDTCP - ok
16:07:15.0338 1272 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:07:15.0369 1272 tdx - ok
16:07:15.0369 1272 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:07:15.0385 1272 TermDD - ok
16:07:15.0400 1272 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:07:15.0432 1272 TermService - ok
16:07:15.0432 1272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:07:15.0447 1272 Themes - ok
16:07:15.0463 1272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:07:15.0494 1272 THREADORDER - ok
16:07:15.0494 1272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:07:15.0525 1272 TrkWks - ok
16:07:15.0525 1272 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:07:15.0572 1272 TrustedInstaller - ok
16:07:15.0572 1272 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:07:15.0603 1272 tssecsrv - ok
16:07:15.0603 1272 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:07:15.0619 1272 TsUsbFlt - ok
16:07:15.0619 1272 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:07:15.0634 1272 TsUsbGD - ok
16:07:15.0634 1272 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:07:15.0666 1272 tunnel - ok
16:07:15.0681 1272 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
16:07:15.0681 1272 TurboB - ok
16:07:15.0697 1272 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:07:15.0712 1272 TurboBoost - ok
16:07:15.0712 1272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:07:15.0712 1272 uagp35 - ok
16:07:15.0728 1272 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:07:15.0759 1272 udfs - ok
16:07:15.0759 1272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:07:15.0775 1272 UI0Detect - ok
16:07:15.0775 1272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:07:15.0790 1272 uliagpkx - ok
16:07:15.0790 1272 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:07:15.0806 1272 umbus - ok
16:07:15.0806 1272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:07:15.0822 1272 UmPass - ok
16:07:15.0822 1272 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:07:15.0837 1272 UmRdpService - ok
16:07:15.0868 1272 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:07:15.0915 1272 UNS - ok
16:07:15.0915 1272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:07:15.0962 1272 upnphost - ok
16:07:15.0962 1272 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
16:07:15.0978 1272 upperdev - ok
16:07:15.0993 1272 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:07:15.0993 1272 usbccgp - ok
16:07:15.0993 1272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:07:16.0009 1272 usbcir - ok
16:07:16.0009 1272 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:07:16.0024 1272 usbehci - ok
16:07:16.0040 1272 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:07:16.0040 1272 usbhub - ok
16:07:16.0056 1272 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:07:16.0056 1272 usbohci - ok
16:07:16.0056 1272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:07:16.0071 1272 usbprint - ok
16:07:16.0071 1272 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
16:07:16.0087 1272 usbser - ok
16:07:16.0087 1272 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
16:07:16.0102 1272 UsbserFilt - ok
16:07:16.0118 1272 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:07:16.0118 1272 USBSTOR - ok
16:07:16.0134 1272 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:07:16.0134 1272 usbuhci - ok
16:07:16.0134 1272 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:07:16.0149 1272 usbvideo - ok
16:07:16.0165 1272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:07:16.0196 1272 UxSms - ok
16:07:16.0196 1272 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:07:16.0212 1272 VaultSvc - ok
16:07:16.0212 1272 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
16:07:16.0227 1272 VClone - ok
16:07:16.0243 1272 [ 20BF96C13DB4BA085D98F4700F3B05FE ] vcsFPService C:\Windows\system32\vcsFPService.exe
16:07:16.0305 1272 vcsFPService - ok
16:07:16.0305 1272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:07:16.0321 1272 vdrvroot - ok
16:07:16.0336 1272 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:07:16.0368 1272 vds - ok
16:07:16.0368 1272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:07:16.0383 1272 vga - ok
16:07:16.0383 1272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:07:16.0414 1272 VgaSave - ok
16:07:16.0430 1272 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:07:16.0430 1272 vhdmp - ok
16:07:16.0446 1272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:07:16.0446 1272 viaide - ok
16:07:16.0446 1272 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:07:16.0461 1272 VMBusHID - ok
16:07:16.0461 1272 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:07:16.0477 1272 volmgr - ok
16:07:16.0477 1272 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:07:16.0492 1272 volmgrx - ok
16:07:16.0492 1272 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:07:16.0508 1272 volsnap - ok
16:07:16.0524 1272 [ 8B7454930230DB4BC4BA35A467BE09AA ] VProEventMonitor C:\Windows\system32\DRIVERS\vproeventmonitor.sys
16:07:16.0524 1272 VProEventMonitor - ok
16:07:16.0524 1272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:07:16.0539 1272 vsmraid - ok
16:07:16.0555 1272 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:07:16.0602 1272 VSS - ok
16:07:16.0617 1272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:07:16.0617 1272 vwifibus - ok
16:07:16.0633 1272 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:07:16.0633 1272 vwififlt - ok
16:07:16.0648 1272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:07:16.0680 1272 W32Time - ok
16:07:16.0695 1272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:07:16.0695 1272 WacomPen - ok
16:07:16.0695 1272 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:07:16.0726 1272 WANARP - ok
16:07:16.0742 1272 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:07:16.0773 1272 Wanarpv6 - ok
16:07:16.0789 1272 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:07:16.0804 1272 wbengine - ok
16:07:16.0820 1272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:07:16.0836 1272 WbioSrvc - ok
16:07:16.0851 1272 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:07:16.0867 1272 wcncsvc - ok
16:07:16.0867 1272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:07:16.0882 1272 WcsPlugInService - ok
16:07:16.0882 1272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:07:16.0898 1272 Wd - ok
16:07:16.0898 1272 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:07:16.0929 1272 Wdf01000 - ok
16:07:16.0929 1272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:07:16.0960 1272 WdiServiceHost - ok
16:07:16.0960 1272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:07:16.0976 1272 WdiSystemHost - ok
16:07:16.0976 1272 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:07:16.0992 1272 WebClient - ok
16:07:17.0007 1272 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:07:17.0023 1272 Wecsvc - ok
16:07:17.0023 1272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:07:17.0054 1272 wercplsupport - ok
16:07:17.0054 1272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:07:17.0085 1272 WerSvc - ok
16:07:17.0085 1272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:07:17.0116 1272 WfpLwf - ok
16:07:17.0132 1272 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:07:17.0148 1272 WimFltr - ok
16:07:17.0148 1272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:07:17.0163 1272 WIMMount - ok
16:07:17.0163 1272 WinHttpAutoProxySvc - ok
16:07:17.0179 1272 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:07:17.0194 1272 Winmgmt - ok
16:07:17.0226 1272 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
16:07:17.0272 1272 WinRM - ok
16:07:17.0272 1272 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
16:07:17.0288 1272 WinUSB - ok
16:07:17.0288 1272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:07:17.0319 1272 Wlansvc - ok
16:07:17.0319 1272 [ 6F253B09280462D1F7E794DCC02DB9A1 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
16:07:17.0335 1272 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
16:07:17.0335 1272 wltrysvc - detected UnsignedFile.Multi.Generic (1)
16:07:17.0335 1272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:07:17.0335 1272 WmiAcpi - ok
16:07:17.0350 1272 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:07:17.0366 1272 wmiApSrv - ok
16:07:17.0366 1272 WMPNetworkSvc - ok
16:07:17.0366 1272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:07:17.0382 1272 WPCSvc - ok
16:07:17.0382 1272 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:07:17.0397 1272 WPDBusEnum - ok
16:07:17.0397 1272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:07:17.0428 1272 ws2ifsl - ok
16:07:17.0444 1272 WSearch - ok
16:07:17.0475 1272 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:07:17.0522 1272 wuauserv - ok
16:07:17.0522 1272 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:07:17.0538 1272 WudfPf - ok
16:07:17.0538 1272 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:07:17.0553 1272 WUDFRd - ok
16:07:17.0553 1272 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:07:17.0569 1272 wudfsvc - ok
16:07:17.0569 1272 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:07:17.0584 1272 WwanSvc - ok
16:07:17.0600 1272 ================ Scan global ===============================
16:07:17.0600 1272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:07:17.0600 1272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:07:17.0600 1272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:07:17.0616 1272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:07:17.0616 1272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:07:17.0616 1272 [Global] - ok
16:07:17.0616 1272 ================ Scan MBR ==================================
16:07:17.0616 1272 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:07:17.0725 1272 \Device\Harddisk0\DR0 - ok
16:07:17.0725 1272 ================ Scan VBR ==================================
16:07:17.0725 1272 [ ED1C2CFF5C839ADF0D62A71797910A35 ] \Device\Harddisk0\DR0\Partition1
16:07:17.0725 1272 \Device\Harddisk0\DR0\Partition1 - ok
16:07:17.0725 1272 [ BD0A67AC37E141E73C806792AD124BF0 ] \Device\Harddisk0\DR0\Partition2
16:07:17.0725 1272 \Device\Harddisk0\DR0\Partition2 - ok
16:07:17.0725 1272 ============================================================
16:07:17.0725 1272 Scan finished
16:07:17.0725 1272 ============================================================
16:07:17.0725 1288 Detected object count: 1
16:07:17.0725 1288 Actual detected object count: 1
16:07:36.0289 1288 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:07:36.0289 1288 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
Abschließend habe ich einen MBAM-Quickscan und einen OTL-Scan gemacht. Ersterer hat nichts zu Tage gefördert, den Zweiten habe ich bereits anonymisiert. Wenn die noch jemand brauchen sollte, poste ich sie noch. Meine Frage: Gibt es noch etwas dass ich tun sollte? Eine genaue Einschätzung kann man ohne das OTL wahrscheinlich nicht machen, aber falls das gar nicht nötig ist wollte ich den Thread nicht weiter belasten. Dies sind erstmal alle Logs mit Funden. Das Laptop gehört technisch nicht mir sondern einer Person aus meiner Familie und ich bin nicht der Hauptbenutzer. Es hatte bereits eine Neuinstallation wegen einer anderen Infektion hinter sich. Vielen Dank im voraus für eure Hilfe und rückwirkend für all die Male die ich schon anonym die Threads hier gelesen habe  .Mit freundlichen Grüßen KFAF |
|
02.07.2013, 15:40
| #2 |
| /// the machine /// TB-Ausbilder    |  "Maleware Protection" Infektion - Nachprüfung Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
02.07.2013, 16:33
| #3 |
| | "Maleware Protection" Infektion - Nachprüfung Hallo nochmal,
__________________da muss man sich ja echt entschuldigen für die verspätete Antwort... Also hier die beiden Logfiles : FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by *** (administrator) on 02-07-2013 17:27:54
Running from C:\Users\***\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(O&O Software GmbH) C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Users\***\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6629480 2011-04-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7464448 2011-07-13] (Dell Inc.)
HKLM\...\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe [159744 2012-04-01] (IvoSoft)
HKLM\...\Run: [OODITRAY.EXE] C:\Program Files\OO Software\DiskImage\OODITRAY.EXE [3086672 2012-02-17] (O&O Software GmbH)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$c82170576ca8ed728f8f5ecc0f458f9a\o. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [x]
HKCU\...\Run: [AmazonMP3DownloaderHelper] C:\Users\***\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-05-02] ()
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-537785611-3490341461-2138311702-1136\$c82170576ca8ed728f8f5ecc0f458f9a\o. ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [SetVisualStyle]
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe" [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Administrator\...\Policies\system: [SetVisualStyle]
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [260416 2012-03-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-01] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\taskmgr.exe.lnk
ShortcutTarget: taskmgr.exe.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
ProxyServer: http=192.168.222.1:3128;https=192.168.222.1:3128;ftp=192.168.222.1:3128;socks=192.168.222.1:1080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2200667B-2899-4DEB-A021-C918C6413D8D} URL =
SearchScopes: HKCU - {396B5DD8-F016-4478-B676-BEF3D9D1C445} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.4.1
==================== Services (Whitelisted) =================
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-16] (Avira Operations GmbH & Co. KG)
R2 GatewayAgentService; C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [316744 2011-03-11] (O&O Software GmbH)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4738384 2012-02-17] (O&O Software GmbH)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [165456 2011-12-02] (Samsung Electronics)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-16] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-16] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69184 2011-09-05] (Fresco Logic)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-03-01] (NVIDIA Corporation)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [118000 2012-02-17] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [40688 2012-02-17] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [259312 2012-02-17] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44272 2012-02-17] (O&O Software GmbH)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
U2 V2iMount;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-02 17:27 - 2013-07-02 17:27 - 01933556 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-02 17:27 - 2013-07-02 17:27 - 00000000 ____D C:\FRST
2013-07-02 16:23 - 2013-07-02 16:23 - 00136522 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-02 16:23 - 2013-07-02 16:23 - 00098352 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-02 16:08 - 2013-07-02 16:12 - 00171154 ____A C:\Users\***\Desktop\TDSSKiller.txt
2013-07-02 16:08 - 2013-07-02 16:08 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-02 15:46 - 2013-07-02 15:46 - 00005630 ____A C:\Users\***\Desktop\Rkill.txt
2013-07-02 15:46 - 2013-07-02 15:46 - 00000000 ____D C:\Users\***\Desktop\rkill
2013-06-29 10:32 - 2013-06-29 10:32 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-29 10:32 - 2013-06-29 10:32 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-29 10:31 - 2013-06-29 10:32 - 10886214 ____A C:\Users\***\Desktop\Samsung_Magician_Setup_v41.zip
2013-06-21 19:19 - 2013-06-21 19:19 - 00000000 ____D C:\Users\***\AppData\Roaming\Mael
2013-06-21 18:20 - 2013-06-21 18:20 - 00000000 ____D C:\Program Files (x86)\HxD
2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____D C:\Users\***\AppData\Roaming\.StarMade
2013-06-14 18:37 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 18:34 - 2013-05-17 08:14 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 18:34 - 2013-05-17 08:13 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 18:34 - 2013-05-17 08:13 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-14 18:34 - 2013-05-17 08:10 - 09061376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 18:34 - 2013-05-17 08:10 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 18:34 - 2013-05-17 08:10 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-14 18:34 - 2013-05-17 08:09 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 18:34 - 2013-05-17 08:09 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 18:34 - 2013-05-17 08:09 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 18:34 - 2013-05-17 08:09 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 18:34 - 2013-05-16 20:21 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 18:34 - 2013-05-16 20:21 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 18:34 - 2013-05-16 20:21 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-14 18:34 - 2013-05-16 20:18 - 06034432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 18:34 - 2013-05-16 20:18 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 18:34 - 2013-05-16 20:18 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-14 18:34 - 2013-05-16 20:17 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 18:34 - 2013-05-16 20:17 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 18:34 - 2013-05-16 20:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-14 18:34 - 2013-05-16 20:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-14 18:34 - 2013-05-16 19:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 18:34 - 2013-05-16 18:44 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 18:34 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-14 18:34 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-14 18:34 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 18:34 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-14 18:34 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-14 18:34 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-14 18:33 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 18:33 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 18:33 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 18:33 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-14 18:33 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-14 18:33 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-14 18:33 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-14 18:33 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 18:33 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-14 18:33 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-14 18:33 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-14 18:33 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-13 18:04 - 2012-11-21 19:03 - 00000000 ____D C:\Users\***\AppData\Roaming\ftblauncher
2013-06-13 17:50 - 2013-06-13 18:00 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-06-13 17:49 - 2013-06-13 17:49 - 00000000 ____D C:\Program Files (x86)\FTBLauncher
2013-06-09 22:30 - 2013-06-09 22:30 - 00000000 ____D C:\Program Files\TortoiseSVN
2013-06-09 22:30 - 2013-06-09 22:30 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
==================== One Month Modified Files and Folders =======
2013-07-02 17:27 - 2013-07-02 17:27 - 01933556 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-02 17:27 - 2013-07-02 17:27 - 00000000 ____D C:\FRST
2013-07-02 17:26 - 2013-05-12 21:41 - 00000000 ____D C:\INSTALL
2013-07-02 17:24 - 2012-03-21 03:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 17:24 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 17:24 - 2009-07-14 06:51 - 00091046 ____A C:\Windows\setupact.log
2013-07-02 16:43 - 2012-08-09 20:58 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-07-02 16:43 - 2012-03-21 03:43 - 02032552 ____A C:\Windows\WindowsUpdate.log
2013-07-02 16:43 - 2009-07-14 06:45 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 16:43 - 2009-07-14 06:45 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 16:41 - 2012-03-21 10:36 - 00000000 ____D C:\ProgramData\Sonic
2013-07-02 16:40 - 2012-08-05 17:20 - 00000000 ____D C:\Users\***\AppData\Local\TSVNCache
2013-07-02 16:29 - 2012-08-02 21:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 16:23 - 2013-07-02 16:23 - 00136522 ____A C:\Users\***\Desktop\Extras.Txt
2013-07-02 16:23 - 2013-07-02 16:23 - 00098352 ____A C:\Users\***\Desktop\OTL.Txt
2013-07-02 16:19 - 2010-11-21 08:50 - 05266950 ____A C:\Windows\System32\perfh007.dat
2013-07-02 16:19 - 2010-11-21 08:50 - 01611018 ____A C:\Windows\System32\perfc007.dat
2013-07-02 16:19 - 2009-07-14 07:13 - 00006500 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 16:12 - 2013-07-02 16:08 - 00171154 ____A C:\Users\***\Desktop\TDSSKiller.txt
2013-07-02 16:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2013-07-02 16:08 - 2013-07-02 16:08 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-02 16:04 - 2010-11-21 05:47 - 00104010 ____A C:\Windows\PFRO.log
2013-07-02 15:47 - 2012-07-15 20:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 15:46 - 2013-07-02 15:46 - 00005630 ____A C:\Users\***\Desktop\Rkill.txt
2013-07-02 15:46 - 2013-07-02 15:46 - 00000000 ____D C:\Users\***\Desktop\rkill
2013-06-30 18:42 - 2012-04-08 21:26 - 00000250 ___SH C:\Users\***\ntuser.ini
2013-06-30 18:39 - 2012-04-08 21:16 - 00000136 ____A C:\Windows\System32\config\netlogon.ftl
2013-06-30 18:08 - 2012-04-08 21:26 - 00000000 ____D C:\users\***
2013-06-30 14:39 - 2012-12-26 01:30 - 00000000 ____D C:\Program Files (x86)\CCDev
2013-06-29 10:32 - 2013-06-29 10:32 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-29 10:32 - 2013-06-29 10:32 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-29 10:32 - 2013-06-29 10:31 - 10886214 ____A C:\Users\***\Desktop\Samsung_Magician_Setup_v41.zip
2013-06-29 10:32 - 2012-04-08 23:55 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-29 10:32 - 2012-03-21 10:08 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-29 08:07 - 2012-08-09 20:58 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-06-25 23:55 - 2012-04-15 17:17 - 00000072 ____A C:\Users\Public\LMDebug.log
2013-06-21 19:19 - 2013-06-21 19:19 - 00000000 ____D C:\Users\***\AppData\Roaming\Mael
2013-06-21 18:20 - 2013-06-21 18:20 - 00000000 ____D C:\Program Files (x86)\HxD
2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____D C:\Users\***\AppData\Roaming\.StarMade
2013-06-15 12:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-14 18:36 - 2012-04-09 01:33 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 18:00 - 2013-06-13 17:50 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-06-13 17:49 - 2013-06-13 17:49 - 00000000 ____D C:\Program Files (x86)\FTBLauncher
2013-06-11 20:29 - 2012-05-12 15:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:29 - 2012-03-21 09:51 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 22:30 - 2013-06-09 22:30 - 00000000 ____D C:\Program Files\TortoiseSVN
2013-06-09 22:30 - 2013-06-09 22:30 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2013-06-08 20:57 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-05 14:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-537785611-3490341461-2138311702-1136\$c82170576ca8ed728f8f5ecc0f458f9a
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$c82170576ca8ed728f8f5ecc0f458f9a
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-06-25 22:12
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2013 Ran by *** at 2013-07-02 17:28:11 Running from C:\Users\***\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) AccelerometerP11 (x32 Version: 2.00.11.17) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7) Advanced Audio FX Engine (x32 Version: 1.12.05) Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18) Avira Antivirus Premium 2012 (x32 Version: 12.1.9.1255) Cisco EAP-FAST Module (x32 Version: 2.2.14) Cisco LEAP Module (x32 Version: 1.0.19) Cisco PEAP Module (x32 Version: 1.1.6) Classic Shell (Version: 3.5.0) CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4822) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dell Backup and Recovery Manager (Version: 1.3.1) Dell Edoc Viewer (Version: 1.0.0) Dell Support Center (Version: 3.1.5907.39) Dell Touchpad (Version: 7.1209.101.204) Dell Webcam Central (x32 Version: 2.00.46) DirectX 9 Runtime (x32 Version: 1.00.0000) DVBViewer Pro (x32 Version: 4.9.6.0) DW WLAN Card Utility (Version: 5.100.82.96) ElsterFormular (x32 Version: 14.1.20130301) HxD Hex Editor Version 1.7.7.0 (x32 Version: 1.7.7.0) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) Processor Graphics (x32 Version: 8.15.10.2656) Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java(TM) 7 Update 3 (64-bit) (Version: 7.0.30) JavaFX 2.1.1 (x32 Version: 2.1.1) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Money 99 (x32) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (x32 Version: 4.1.10329.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1) Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1) MSVC80_x64_v2 (Version: 1.0.3.0) MSVC80_x86_v2 (x32 Version: 1.0.3.0) MSVC90_x64 (Version: 1.0.1.2) MSVC90_x86 (x32 Version: 1.0.1.2) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Nokia Connectivity Cable Driver (x32 Version: 7.1.78.0) Norton Ghost (x32 Version: 15.0.1.36526) Notepad++ (x32 Version: 6.0) NVIDIA 3D Vision Treiber 296.10 (Version: 296.10) NVIDIA Grafiktreiber 296.10 (Version: 296.10) NVIDIA HD-Audiotreiber 1.3.12.0 (Version: 1.3.12.0) NVIDIA Install Application (Version: 2.1002.62.312) NVIDIA Optimus 1.7.11 (Version: 1.7.11) NVIDIA PhysX (x32 Version: 9.12.0213) NVIDIA PhysX-Systemsoftware 9.12.0213 (Version: 9.12.0213) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9610) NVIDIA Systemsteuerung 296.10 (Version: 296.10) NVIDIA Update Components (Version: 1.7.11) O&O DiskImage Workstation (Version: 6.0.473) O&O PartitionManager Professional (Version: 3.0.199) PC Connectivity Solution (x32 Version: 12.0.32.0) PDF-Viewer (Version: 2.5.210.0) PhotoShowExpress (x32 Version: 2.0.063) Quickset64 (Version: 11.0.15) RBVirtualFolder64Inst (Version: 1.00.0000) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6353) Roxio Activation Module (x32 Version: 1.0) Roxio BackOnTrack (x32 Version: 1.3.3) Roxio Burn (x32 Version: 1.8) Roxio Creator Starter (x32 Version: 1.0.439) Roxio Creator Starter (x32 Version: 12.1.77.0) Roxio Creator Starter (x32 Version: 5.0.0) Roxio Express Labeler 3 (x32 Version: 3.2.2) Roxio File Backup (Version: 1.3.2) Samsung SSD Magician (x32 Version: 3.2) Samsung Universal Print Driver PCL 6 (x32 Version: 2.03.01.00:36) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0) SpeedFan (remove only) (x32) TortoiseSVN 1.7.13.24257 (64 bit) (Version: 1.7.24257) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553092) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Validity Sensors DDK (Version: 4.3.33.0) VirtualCloneDrive (x32) VLC media player 2.0.1 (x32 Version: 2.0.1) WIDCOMM Bluetooth Software (Version: 6.3.0.7600) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0) ==================== Restore Points ========================= ==================== Scheduled Tasks (whitelisted) ============= Task: {2BB22D00-D017-4B7D-BEC9-E8C0EDF7BBF9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] () Task: {2EA92B46-B069-4228-A25A-C518BA817572} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-05-22] (PC-Doctor, Inc.) Task: {596B8E91-1BCE-44AC-882D-66D0A26E20AB} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-05-22] (PC-Doctor, Inc.) Task: {9D8EBA45-4DD5-4DEB-A6E6-067220B3024C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-05-22] (PC-Doctor, Inc.) Task: {AFC5D566-4634-4EC0-8CAB-03C7EB424B71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {B881572B-EDED-4F76-A6DA-EBC48E78FFD9} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2008-06-27] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe ==================== Faulty Device Manager Devices ============= Name: Dell Wireless 1701 Bluetooth v3.0+HS Description: Dell Wireless 1701 Bluetooth v3.0+HS Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/02/2013 05:25:54 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (07/02/2013 05:24:52 PM) (Source: Microsoft-Windows-User Profiles Service) (User: FRIEBELNET) Description: Die Serverkopie des servergespeicherten Profils wurde nicht gefunden. Sie werden mit einem lokalen Benutzerprofil angemeldet. Änderungen an dem Profil werden nach der Abmeldung nicht auf den Server kopiert. Mögliche Fehlerursachen sind Netzwerkprobleme oder nicht ausreichende Sicherheitsrechte. Details - Der Netzwerkpfad wurde nicht gefunden. Error: (07/02/2013 04:41:07 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (07/02/2013 04:40:05 PM) (Source: Microsoft-Windows-User Profiles Service) (User: FRIEBELNET) Description: Die Serverkopie des servergespeicherten Profils wurde nicht gefunden. Sie werden mit einem lokalen Benutzerprofil angemeldet. Änderungen an dem Profil werden nach der Abmeldung nicht auf den Server kopiert. Mögliche Fehlerursachen sind Netzwerkprobleme oder nicht ausreichende Sicherheitsrechte. Details - Der Netzwerkpfad wurde nicht gefunden. Error: (07/02/2013 04:19:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (07/02/2013 04:19:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/02/2013 04:19:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/02/2013 04:15:28 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (07/02/2013 04:14:32 PM) (Source: Microsoft-Windows-User Profiles Service) (User: FRIEBELNET) Description: Die Serverkopie des servergespeicherten Profils wurde nicht gefunden. Sie werden mit einem lokalen Benutzerprofil angemeldet. Änderungen an dem Profil werden nach der Abmeldung nicht auf den Server kopiert. Mögliche Fehlerursachen sind Netzwerkprobleme oder nicht ausreichende Sicherheitsrechte. Details - Der Netzwerkpfad wurde nicht gefunden. Error: (07/02/2013 04:11:05 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. System errors: ============= Error: (07/02/2013 05:26:44 PM) (Source: TermService) (User: ) Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden. . Error: (07/02/2013 05:24:54 PM) (Source: Microsoft-Windows-GroupPolicy) (User: FRIEBELNET) Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error: (07/02/2013 05:24:08 PM) (Source: VDS Basic Provider) (User: ) Description: Unerwarteter Fehler. Fehlercode: 490@01010004 Error: (07/02/2013 05:24:06 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT) Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error: (07/02/2013 05:24:06 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error: (07/02/2013 05:24:05 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error: (07/02/2013 05:24:05 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (07/02/2013 05:24:05 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Error: (07/02/2013 05:24:05 PM) (Source: NETLOGON) (User: ) Description: Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne FRIEBELNET aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error: (07/02/2013 04:41:56 PM) (Source: TermService) (User: ) Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden. . Microsoft Office Sessions: ========================= Error: (07/02/2013 05:25:54 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/02/2013 05:24:52 PM) (Source: Microsoft-Windows-User Profiles Service)(User: FRIEBELNET) Description: Der Netzwerkpfad wurde nicht gefunden. Error: (07/02/2013 04:41:07 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/02/2013 04:40:05 PM) (Source: Microsoft-Windows-User Profiles Service)(User: FRIEBELNET) Description: Der Netzwerkpfad wurde nicht gefunden. Error: (07/02/2013 04:19:29 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/02/2013 04:19:29 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/02/2013 04:19:29 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/02/2013 04:15:28 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/02/2013 04:14:32 PM) (Source: Microsoft-Windows-User Profiles Service)(User: FRIEBELNET) Description: Der Netzwerkpfad wurde nicht gefunden. Error: (07/02/2013 04:11:05 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 8086.14 MB Available physical RAM: 6174.57 MB Total Pagefile: 8596.32 MB Available Pagefile: 6505.64 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (SYSTEM) (Fixed) (Total:99.61 GB) (Free:47.24 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119 GB) (Disk ID: 2805A167) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Vielen Dank für die schnelle Antwort. |
|
02.07.2013, 16:56
| #4 | |
| /// the machine /// TB-Ausbilder | "Maleware Protection" Infektion - Nachprüfung Sauber ist anders  Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.07.2013, 17:31
| #5 |
| | "Maleware Protection" Infektion - Nachprüfung Combofix : Code:
ATTFilter Combofix Logfile: |
|
02.07.2013, 18:30
| #6 |
| /// the machine /// TB-Ausbilder | "Maleware Protection" Infektion - Nachprüfung Bitte Combofix nochmal laufen lassen. Alle Tools müssen vom Desktop, mit Adminrechten, und im normalen Modus laufen. Avira einfach Rechtsklick auf den Schirm, deaktivieren.
__________________ --> "Maleware Protection" Infektion - Nachprüfung |
|
02.07.2013, 18:49
| #7 |
| | "Maleware Protection" Infektion - Nachprüfung Combofix Logfile: Code:
ATTFilter ComboFix 13-07-02.03 - *** 02.07.2013 19:36:38.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8086.6555 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\rnaph.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-02 bis 2013-07-02 ))))))))))))))))))))))))))))))
.
.
2013-07-02 17:39 . 2013-07-02 17:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-02 17:39 . 2013-07-02 17:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-02 17:39 . 2013-07-02 17:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-07-02 15:27 . 2013-07-02 15:27 -------- d-----w- C:\FRST
2013-07-02 14:08 . 2013-07-02 14:08 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-29 08:32 . 2013-06-29 08:32 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-29 08:32 . 2013-06-29 08:32 -------- d-----w- c:\program files (x86)\Java
2013-06-29 04:19 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E84E36E9-7FDD-46CD-9A99-BE1C4B987102}\mpengine.dll
2013-06-21 17:19 . 2013-06-21 17:19 -------- d-----w- c:\users\***\AppData\Roaming\Mael
2013-06-21 16:20 . 2013-06-21 16:20 -------- d-----w- c:\program files (x86)\HxD
2013-06-20 12:29 . 2013-06-20 12:29 -------- d-----w- c:\users\***\AppData\Roaming\.StarMade
2013-06-14 16:37 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-14 16:33 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-14 16:33 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-14 16:33 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-14 16:33 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-14 16:33 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-14 16:33 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-14 16:33 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-14 16:33 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-14 16:33 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-14 16:33 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-14 16:33 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-14 16:33 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-13 16:04 . 2012-11-21 17:03 -------- d-----w- c:\users\***\AppData\Roaming\ftblauncher
2013-06-13 15:50 . 2013-06-13 16:00 -------- d-----w- c:\users\***\AppData\Roaming\.minecraft
2013-06-13 15:49 . 2013-06-13 15:49 -------- d-----w- c:\program files (x86)\FTBLauncher
2013-06-09 20:30 . 2013-06-09 20:30 -------- d-----w- c:\program files\TortoiseSVN
2013-06-09 20:30 . 2013-06-09 20:30 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2013-06-09 20:30 . 2013-06-09 20:30 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-29 08:32 . 2012-04-08 21:55 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-29 08:32 . 2012-03-21 08:08 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-14 16:36 . 2012-04-08 23:33 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 18:29 . 2012-05-12 13:55 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 18:29 . 2012-03-21 07:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 16:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 16:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 16:43 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 16:43 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 16:43 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 16:43 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 17:08 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 16:44 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 16:44 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 16:42 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2012-07-15 18:36 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-15 11:24 . 2012-12-15 11:24 1011200 ----a-w- c:\program files (x86)\forestfire.scr
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-04-01 07:12 608768 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-03 2598760]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe /AUTOHIDE [2012-12-8 1507328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"LogonType"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTaskGrouping"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys;c:\windows\SYSNATIVE\DRIVERS\oodisr.sys [x]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys;c:\windows\SYSNATIVE\DRIVERS\oodisrh.sys [x]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys;c:\windows\SYSNATIVE\DRIVERS\oodivd.sys [x]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys;c:\windows\SYSNATIVE\DRIVERS\oodivdh.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 GatewayAgentService;O&O Gateway Agent Service;c:\program files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe;c:\program files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe;c:\program files\OO Software\DiskImage\oodiag.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 18:29]
.
2013-06-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
2013-07-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2012-02-17 04:47 130384 ----a-w- c:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-04-01 07:12 739328 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-04-14 6629480]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-07-13 7464448]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2012-04-01 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"OODITRAY.EXE"="c:\program files\OO Software\DiskImage\OODITRAY.EXE" [2012-02-17 3086672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://companyweb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=192.168.222.1:3128;https=192.168.222.1:3128;ftp=192.168.222.1:3128;socks=192.168.222.1:1080
uInternet Settings,ProxyOverride = localhost;192.168.*;*.friebelnet.local;<local>
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: feed-the-beast.com
Trusted Zone: no-ip.org\kfafsp
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.4.1
.
.
------- Dateityp-Verknüpfung -------
.
.txt=Notepad++_file
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="5EE4ADCE84AB655CB2D3D4E55D730E72871AEE851021428898D9AFCEF679AAA5A8A2C689B9EC47E790DC3514209BD2CE57F0428C713236D2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A6A0AC4980AC7933A2D97226D213B5559D7EB5A9531F0D7084891C9BDE4E97EE10386D16894E2E9A321277811EA882F31B7BC520AD1EEBA5CDE38DC2F305599CD1C63048C76CD7F7E77C4575A016AB4658DCC01D25C0F60F4DAA978C52C0EDB0B7DA84572AE39C8D531FD464782F408929C9C7DC23E72D52ACFBFC550EE4C47F67A8EED98E3FFAFDB26389C16D45EE4E0282404E75478E0CBB0BC2289D2D51D028F8B71C355DF85D67478CB2A77A6E947C585397CFE822CAEC20B4C7DD2589E1E4A6E79A41F01DB4F3DB4895B3C7F5D3D7336D1048A871915895DEA90CB1E7612EA35088BB02F18082466E7805F7C274740BC0C5D8B889D7B65A15F5CC06EA7438F2834D126989B261BE729FEFAB96D659EF41F7609CFB07E7F1ED8CA82D17325AADD7021357F4B0FE140D022E55B3CAB083299BA0ACDF0070F4C17D88847026910069F5744ECD527127B9CADC3EE397477C745840174C16748D308E3E3E0451FB29972CCC242FE3F2EC39D9FC8274F60F24E58CC9DBE18D41FA1AB97BDE5E28DE7F055A1B053829DE6F1043F50F36161F5A8047AB5040244491A6ABD7C11312226919EA3EEE8DD435CA854E0E2B7C19AF8F8F4E381D0D8710B64046CF94396A50E3FD7D79B455111DB026F674EC21149F4B9F18A6BEF25C5DE6149E42586B829B7FA463F77DBB7B5E6641EABB3F7F91F1A681D28F059EB785311400F1E1479D55603E2344C3F1A2E5466C8F566379904BD14A5FF316C325883977E5075DF07377BDC3F74FD52A0E44BC7E7C9FECF381748DD250B2EA15A4083638838CC60DB19DE5EF506DD79B352FCA15FA55C3564BDD313970954FCD274C72143D72F1C876863741CED63F83077E858F0D98230E489726DDBBC4E32C96BECD8DAC0B02505616A6FA4A2957A06130179166EC9A8BC458EA66E0509F714B6F3CE91F8EF0D759553C244C623F361CE43C03EBBE0E4306F911BB46A948619690C4B497990F96FB7095099368680D00E0C6923B59B52EBEF9C00B04A77CC8B9FA82BB4AA87C452EB561B692831C6F498E9AAC23EE9DC81BF932C56704ACF2EB26A390A021AEA4549A6582F0E0722EA87833092894259338C035206F5D1D335933ED88394AEFF4C5B67803080F5B1C43519B9D01C38014A7382B9451B6E75DA06536BF64CEDDFECD45869266841A9133ED76A6985A3652F06D0B5FF475F7CBD322E893283FEA0CADA59150CF9844E88446F8258E19A25A0D93DD0278E48F5D7BF504A5BE8E5BEB99DCAC21B907468338"
"OODEFRAG14.00.00.01PROFESSIONAL"="57FC13711E910C0A406E037F4EFA2D223F53075D07C1653C03622FAC5744F8634838B1B5382D9A71B9B83AE7F6BE023C5CC45034AC709893913D47B8BC5CB596A0D942B4727862515C4D42D428A53CAD4936D049F78EDA35E0E92A3007CCC8206102064A5AEC95342A47E5083DB768F827617962B8CD2DB7555D137C9796D0C8CE83A22401798A3767F7D2961AEEB4AF5DB22497C1D73941164321DDD1AF0E6F7065A1487901390E9DE21D68A33BF279154C8B5869C94B0F8E7A5BE69CFE64031363F00E5E58C1FE1BC1393AC27F1C113D03CE6509B0D171EB14A8FDE3E45E0B456E60A0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A6A0AC4980AC7933A2D97226D213B555099CA1DF40FB7489947F9238DF3E00481A6A9C7B20C7D041E9551A5F27561139E70F2DC6DF6CF26D526AC053C7E4725595380EC64DD3A5A13599B834C0C1229C4394F97E4CA9EACDE207DAA78C50F875E3DE7F7524EB48D1E32CFD5FF28F7F3B8AF4CECFCEFB1C89C9EA41B3572A3C4D3AE00B5A4D32EADC7C9ADD28880304A3356C98187164ACD10F1E7907934CCA55D0B16ED9B580A21E89EAEF690F1071B5BF2A66C6849423AFBD9EAA49F04616D865BD0CEF0FE2EAC596906D12D9E0E72926D2ECDF9971EC7CE55D23B1665C7277B6E169AACD9A22DAB57935277E52F0076CFE047C081859E69ABED41029069A258BEFB02CAB1B0AB4FE824CBD567676AD99B928C8EB569EF2741DD1C2B56EAAA82C2FB02B258E49008800D6020192C94E3883F605A42DD2768F44D5BFCD75A49EE3D859717C50EABD733922B25F211DEE56503604D354F49B89F43B1274AEED77849B41DCB5705C43DDE71C2518CE07680688CEB062B7636207E58555F1E05176E118A3DF1BB370B7F0BBD63E15FC84695F88C9857972E21E31BED73CD2087932D565DB813993DE1A54D78A7B05C174F37C1E59910AD99C72B01CFB0A6654F8983B8EEEDBE03C3FB935D39169D9661ADDFB8FCF7C46739CDD3810DD99C1A8C6E7748E011C280D13BB46B9EAACC9E71D4F8014A6FC267A53AD799F8FD63C9BB934665ADA86E69CB919BD89B97DCEF788483058F8DD645C15042CC3C44572FA11E47756EC6FBB327C9ED33544A5A6FCCB19B6FB06017F3C1A580D6957F745C4ED3796DD474206C9036D47A4750654103A68411233DABBEFFE755B714319572CD33A33BD21FCEC955EF8D8B1DC901DFE8B2F842487F21F8345F95AB0AA6611192FD042B8D2B1D8787F8ACE2DACCC0CC9DB3B36ADAE65F534CE5951EF51B09F28CBB33C83DB86F58BBCBF73D8BD55EEA7A8AF101EF8E34E7465D80E6DA05D7328DA6E1E4ADC36361BCF09136C875BD782D60152D95A31FB6CB614DC5926E4"
"OODI06.00.00.01PRO"="32E2E23D454787E9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452FEBC9E127BECC74C5D575E7D6A3B98086122F30EF15F692C7CD95400EF3620EA7541D353A714ADA28F6934EBE0C34FD89B4BC98B9A7E4215AC276415C5ADFECB60B049961A06F019B28C3CAE6BE755C4681A1EBE2091919DFE9313662E292F203DF53F55A48E5A71404411EFD0FDF0A7260B9D3A6A082E5E4546851BCCD253A36F8675EDCF33702F4CF02EDF9C8AB46ABD0D9CA3A102D2C6D55B0BEF100A6D6B5E4A5250E731A2AAEF6AAEC59AC71848970212B7B5D61F970CE390352560675DF59E5E02FB76428E48FAD67B5BA0F3D4204218C5588E16E645E22C4FFE9B0DB42555469CE127835B74DD0CEE35B68672CA186DB0FEE6201EE4CF933556B88E7FE0B2DACD311C02E49948562440DCF3DA0D43F5EF645188FBD29825F4A5E280A020EF9055C3DE3853E05EE5AE5A1DC11A5FF5B70E86747F91F79ADF2F2B00DB4FDD3901893DAF0AA1773B8C3B2433D892C0575E2BA7A81644432D67156A24FB161AB1E85500833B9F0D6CBE0783908A77B282B77A4D7CC4CEA71503F12C9B2254596C293334FE7671D6731764A1590753B887B743C2B0E6BE9C119FA1F863F13BA2F346B44600C88E8CC6D339EA65E4015FE774E0153ABD749B4FCC13A2AE75D38143EA016615A3C3EBD0568011429FB1331BAA41984369A723F43ECB3A6417F606CC61CF8882DBAFB56F254808AF15EAC50DB66ADF2A73E0B7984C63979E2954C2F69BEEE4BE2B46ADF4E8330B2287052C9B9CF0C77F47FEDCC87286562CDD6E5117AF4077F5AE509CA6F0F615C21DAD009A8402ED883433218251F5558F4F9C4C7DD538018768684FBE2F5E69EDE1E3E0D0B7DAB3BFEB82103CAB84B7FEF98852EA696085873D7E97EA38C60BB3C1FD6EF8A4D0405108C83D5CE91B64643CB109126D55CCBC76D6C74EC723455A9023CE42DF4AFD2183313FBF98B78660DCEA961E064A63A24308BA7E39F9245784522CD09F4299C1BC3F32B666E60EC2035B272B7A829869327FCC8411657859B85A33B9BEC8857FF6C83284A8D0AC15BB7DE94BBA5881743BFC5C60F2925841A9E097093B01F8D55BF56461D62CDA8EF69F9382D5B775DAB51351022B461CA1BBDE0C3DB9A1ED77F3C66DF80B44D3A009645AC9812412E8E0291250A55461C43421CCCA80F521C9B10BF86C08FA166CAA437B0E95B0361DDB7D0CA575A788273E4816177ADE96656569355030C3E4C8F7073631100806ABAE1DAFCFCEBFB7F7E7482B7EB5CC1318485C552A8B27C63F714E4D871267E97C41ED72900EADD89C22EA4F4FE548A1E475AF1077C54088107C0C895BDE9F0F2A61A64B1FAF9796AD464C4D4C61ED907FEC08"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-02 19:46:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-02 17:46
ComboFix2.txt 2013-07-02 16:28
.
Vor Suchlauf: 19 Verzeichnis(se), 51.430.768.640 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 51.313.082.368 Bytes frei
.
- - End Of File - - 74CD7AEC6DD0E18D19957578CFF41CDC
D41D8CD98F00B204E9800998ECF8427E Ich habe auch beim letzten mal den Guard deaktiviert, jedoch hat Combofix sich gemeldet. Deshalb habe ich es unter komplettem Auchluss des Virenschutzes versucht. |
|
02.07.2013, 18:53
| #8 |
| /// the machine /// TB-Ausbilder | "Maleware Protection" Infektion - Nachprüfung Hi, Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.07.2013, 22:03
| #9 |
| | "Maleware Protection" Infektion - Nachprüfung ADW Cleaner : AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 02/07/2013 um 19:59:19 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - LAP-PATRICIA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [697 octets] - [02/07/2013 19:59:19]
########## EOF - C:\AdwCleaner[S1].txt - [756 octets] ##########
JRT : Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by *** on 02.07.2013 at 20:04:21,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{396B5DD8-F016-4478-B676-BEF3D9D1C445}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.07.2013 at 20:12:58,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8d6185f03ce23e42a717c6daf33de5a7
# engine=14241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-02 08:51:44
# local_time=2013-07-02 10:51:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1800 16775165 100 96 23580 238225157 16366 0
# compatibility_mode=5893 16776573 100 94 10289 124428154 0 0
# scanned=136131
# found=0
# cleaned=0
# scan_time=7677
Läuft nicht : UNSUPPORTED OPERATING SYSTEM! FRST : FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by *** (administrator) on 02-07-2013 23:00:29
Running from C:\Users\***\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(O&O Software GmbH) C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(O&O Software GmbH) C:\Program Files\OO Software\DiskImage\oodiag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6629480 2011-04-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7464448 2011-07-13] (Dell Inc.)
HKLM\...\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe [159744 2012-04-01] (IvoSoft)
HKLM\...\Run: [OODITRAY.EXE] C:\Program Files\OO Software\DiskImage\OODITRAY.EXE [3086672 2012-02-17] (O&O Software GmbH)
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe" [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKU\Administrator\...\Policies\system: [SetVisualStyle]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [260416 2012-03-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-01] (NVIDIA Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
ProxyServer: http=192.168.222.1:3128;https=192.168.222.1:3128;ftp=192.168.222.1:3128;socks=192.168.222.1:1080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2200667B-2899-4DEB-A021-C918C6413D8D} URL =
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.4.1
==================== Services (Whitelisted) =================
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [375760 2012-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-16] (Avira Operations GmbH & Co. KG)
R2 GatewayAgentService; C:\Program Files (x86)\OO Software\Shared\GatewayAgent\ooemcgats.exe [316744 2011-03-11] (O&O Software GmbH)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 OO DiskImage; C:\Program Files\OO Software\DiskImage\oodiag.exe [4738384 2012-02-17] (O&O Software GmbH)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [165456 2011-12-02] (Samsung Electronics)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-16] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-16] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69184 2011-09-05] (Fresco Logic)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-03-01] (NVIDIA Corporation)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [118000 2012-02-17] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [40688 2012-02-17] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [259312 2012-02-17] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44272 2012-02-17] (O&O Software GmbH)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 V2iMount;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-02 22:57 - 2013-07-02 22:57 - 00890988 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-07-02 22:57 - 2013-07-02 22:57 - 00000719 ____A C:\Users\***\Desktop\ESET.txt
2013-07-02 20:43 - 2013-07-02 20:44 - 00000000 ____D C:\Users\***\Desktop\erledigt
2013-07-02 20:42 - 2013-07-02 20:42 - 00000824 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-02 20:40 - 2013-07-02 20:41 - 02347384 ____A (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-07-02 20:12 - 2013-07-02 20:43 - 00000770 ____A C:\Users\***\Desktop\JRT.txt
2013-07-02 20:04 - 2013-07-02 20:04 - 00000000 ____D C:\Windows\ERUNT
2013-07-02 20:04 - 2013-07-02 20:04 - 00000000 ____D C:\JRT
2013-07-02 20:03 - 2013-07-02 20:03 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-02 19:59 - 2013-07-02 19:59 - 00648201 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-02 19:59 - 2013-07-02 19:59 - 00000824 ____A C:\AdwCleaner[S1].txt
2013-07-02 19:46 - 2013-07-02 19:46 - 00037508 ____A C:\ComboFix.txt
2013-07-02 18:07 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-02 18:07 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-02 18:07 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-02 18:07 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-02 18:07 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-02 18:07 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-02 18:07 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-02 18:07 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-02 18:04 - 2013-07-02 19:46 - 00000000 ____D C:\Qoobox
2013-07-02 18:03 - 2013-07-02 19:39 - 00000000 ____D C:\Windows\erdnt
2013-07-02 17:27 - 2013-07-02 17:27 - 01933556 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-02 17:27 - 2013-07-02 17:27 - 00000000 ____D C:\FRST
2013-07-02 16:08 - 2013-07-02 16:08 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-29 10:32 - 2013-06-29 10:32 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-29 10:32 - 2013-06-29 10:32 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-29 10:31 - 2013-06-29 10:32 - 10886214 ____A C:\Users\***\Desktop\Samsung_Magician_Setup_v41.zip
2013-06-21 19:19 - 2013-06-21 19:19 - 00000000 ____D C:\Users\***\AppData\Roaming\Mael
2013-06-21 18:20 - 2013-06-21 18:20 - 00000000 ____D C:\Program Files (x86)\HxD
2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____D C:\Users\***\AppData\Roaming\.StarMade
2013-06-14 18:37 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 18:34 - 2013-05-17 08:14 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 18:34 - 2013-05-17 08:13 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 18:34 - 2013-05-17 08:13 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-14 18:34 - 2013-05-17 08:10 - 09061376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 18:34 - 2013-05-17 08:10 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 18:34 - 2013-05-17 08:10 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-14 18:34 - 2013-05-17 08:09 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 18:34 - 2013-05-17 08:09 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 18:34 - 2013-05-17 08:09 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 18:34 - 2013-05-17 08:09 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 18:34 - 2013-05-16 20:21 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 18:34 - 2013-05-16 20:21 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 18:34 - 2013-05-16 20:21 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-14 18:34 - 2013-05-16 20:18 - 06034432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 18:34 - 2013-05-16 20:18 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 18:34 - 2013-05-16 20:18 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-14 18:34 - 2013-05-16 20:17 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 18:34 - 2013-05-16 20:17 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 18:34 - 2013-05-16 20:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-14 18:34 - 2013-05-16 20:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-14 18:34 - 2013-05-16 19:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 18:34 - 2013-05-16 18:44 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 18:34 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-14 18:34 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-14 18:34 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 18:34 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-14 18:34 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-14 18:34 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-14 18:33 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 18:33 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 18:33 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 18:33 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-14 18:33 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-14 18:33 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-14 18:33 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-14 18:33 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 18:33 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-14 18:33 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-14 18:33 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-14 18:33 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-13 18:04 - 2012-11-21 19:03 - 00000000 ____D C:\Users\***\AppData\Roaming\ftblauncher
2013-06-13 17:50 - 2013-06-13 18:00 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-06-13 17:49 - 2013-06-13 17:49 - 00000000 ____D C:\Program Files (x86)\FTBLauncher
2013-06-09 22:30 - 2013-06-09 22:30 - 00000000 ____D C:\Program Files\TortoiseSVN
2013-06-09 22:30 - 2013-06-09 22:30 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
==================== One Month Modified Files and Folders =======
2013-07-02 22:57 - 2013-07-02 22:57 - 00890988 ____A C:\Users\***\Desktop\SecurityCheck.exe
2013-07-02 22:57 - 2013-07-02 22:57 - 00000719 ____A C:\Users\***\Desktop\ESET.txt
2013-07-02 22:29 - 2012-08-02 21:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 21:39 - 2012-03-21 03:43 - 02096842 ____A C:\Windows\WindowsUpdate.log
2013-07-02 20:44 - 2013-07-02 20:43 - 00000000 ____D C:\Users\***\Desktop\erledigt
2013-07-02 20:43 - 2013-07-02 20:12 - 00000770 ____A C:\Users\***\Desktop\JRT.txt
2013-07-02 20:42 - 2013-07-02 20:42 - 00000824 ____A C:\Users\***\Desktop\AdwCleaner[S1].txt
2013-07-02 20:41 - 2013-07-02 20:40 - 02347384 ____A (ESET) C:\Users\***\Desktop\esetsmartinstaller_enu.exe
2013-07-02 20:08 - 2009-07-14 06:45 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 20:08 - 2009-07-14 06:45 - 00021088 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 20:06 - 2010-11-21 08:50 - 05311326 ____A C:\Windows\System32\perfh007.dat
2013-07-02 20:06 - 2010-11-21 08:50 - 01625226 ____A C:\Windows\System32\perfc007.dat
2013-07-02 20:06 - 2009-07-14 07:13 - 00006500 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 20:04 - 2013-07-02 20:04 - 00000000 ____D C:\Windows\ERUNT
2013-07-02 20:04 - 2013-07-02 20:04 - 00000000 ____D C:\JRT
2013-07-02 20:03 - 2013-07-02 20:03 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\***\Desktop\JRT.exe
2013-07-02 20:00 - 2012-08-09 20:58 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-07-02 20:00 - 2012-03-21 03:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 20:00 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 20:00 - 2009-07-14 06:51 - 00091382 ____A C:\Windows\setupact.log
2013-07-02 19:59 - 2013-07-02 19:59 - 00648201 ____A C:\Users\***\Desktop\adwcleaner.exe
2013-07-02 19:59 - 2013-07-02 19:59 - 00000824 ____A C:\AdwCleaner[S1].txt
2013-07-02 19:46 - 2013-07-02 19:46 - 00037508 ____A C:\ComboFix.txt
2013-07-02 19:46 - 2013-07-02 18:04 - 00000000 ____D C:\Qoobox
2013-07-02 19:41 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-02 19:39 - 2013-07-02 18:03 - 00000000 ____D C:\Windows\erdnt
2013-07-02 19:39 - 2010-11-21 05:47 - 00105102 ____A C:\Windows\PFRO.log
2013-07-02 18:12 - 2012-08-05 17:20 - 00000000 ____D C:\Users\***\AppData\Local\TSVNCache
2013-07-02 17:27 - 2013-07-02 17:27 - 01933556 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-07-02 17:27 - 2013-07-02 17:27 - 00000000 ____D C:\FRST
2013-07-02 17:26 - 2013-05-12 21:41 - 00000000 ____D C:\INSTALL
2013-07-02 16:41 - 2012-03-21 10:36 - 00000000 ____D C:\ProgramData\Sonic
2013-07-02 16:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2013-07-02 16:08 - 2013-07-02 16:08 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-02 15:47 - 2012-07-15 20:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 18:42 - 2012-04-08 21:26 - 00000250 ___SH C:\Users\***\ntuser.ini
2013-06-30 18:39 - 2012-04-08 21:16 - 00000136 ____A C:\Windows\System32\config\netlogon.ftl
2013-06-30 18:08 - 2012-04-08 21:26 - 00000000 ____D C:\users\***
2013-06-30 14:39 - 2012-12-26 01:30 - 00000000 ____D C:\Program Files (x86)\CCDev
2013-06-29 10:32 - 2013-06-29 10:32 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-29 10:32 - 2013-06-29 10:32 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-29 10:32 - 2013-06-29 10:32 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-29 10:32 - 2013-06-29 10:31 - 10886214 ____A C:\Users\***\Desktop\Samsung_Magician_Setup_v41.zip
2013-06-29 10:32 - 2012-04-08 23:55 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-29 10:32 - 2012-03-21 10:08 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-29 08:07 - 2012-08-09 20:58 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-06-25 23:55 - 2012-04-15 17:17 - 00000072 ____A C:\Users\Public\LMDebug.log
2013-06-21 19:19 - 2013-06-21 19:19 - 00000000 ____D C:\Users\***\AppData\Roaming\Mael
2013-06-21 18:20 - 2013-06-21 18:20 - 00000000 ____D C:\Program Files (x86)\HxD
2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____D C:\Users\***\AppData\Roaming\.StarMade
2013-06-15 12:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-14 18:36 - 2012-04-09 01:33 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 18:00 - 2013-06-13 17:50 - 00000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2013-06-13 17:49 - 2013-06-13 17:49 - 00000000 ____D C:\Program Files (x86)\FTBLauncher
2013-06-11 20:29 - 2012-05-12 15:55 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:29 - 2012-03-21 09:51 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 22:30 - 2013-06-09 22:30 - 00000000 ____D C:\Program Files\TortoiseSVN
2013-06-09 22:30 - 2013-06-09 22:30 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2013-06-08 20:57 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-05 14:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-25 22:12
==================== End Of Log ============================
Der Scan hat etwas gedauert. |
|
03.07.2013, 08:12
| #10 |
| /// the machine /// TB-Ausbilder | "Maleware Protection" Infektion - Nachprüfung Wenn Du keine Probleme mehr hast sind wir fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.07.2013, 14:07
| #11 |
| | "Maleware Protection" Infektion - Nachprüfung Hallo nochmal, zum letzten mal, ich habe das Laptop wieder and den Hauptbenutzer abgegeben. Offensichtlich sind keine bleibenden Schäden übrig geblieben und sämtliche Tools haben sich selbst bereinigt. Vielen Dank nocheinmal für die sehr schnelle Hilfe bei diesem Problem. Da ist wohl mal echt eine Spende an das Board fällig  .Wie dem auch sei, die Surftipps werde ich *** nochmal einbläuen müssen (sollte klar sein, wen ich da meine). Hätte auch lieber einen Mozilla installiert, soll aber nicht so sein. Wenn *** das Laptop mehr im internen Netzwerk benutzen würde, wäre wenigstens noch zusätzlicher Schutz durch den Proxy da. Vielen Dank schrauber! Mit freundlichen Grüßen KFAF |
|
03.07.2013, 14:12
| #12 |
| /// the machine /// TB-Ausbilder | "Maleware Protection" Infektion - Nachprüfung Gern Geschehn
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu "Maleware Protection" Infektion - Nachprüfung |
| administrator, alert, avira, browser, defender, dxgkrnl, explorer, fontcache, maleware, maleware protection, malware, malware protection, monitor, neustart, policyagent, realtek, registry, rootkit, server, sigcheck, software, symantec, system, temp, trojan.0access, trojan.agent.ed, trojan.downloader.ed, trojan.fakealert, trustedinstaller, tunnel, win7-64bit, wlansvc, wsearch |
Linear-Darstellung
