| |
| |||||||
Log-Analyse und Auswertung: Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
28.12.2011, 23:08
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.12.2011, 23:39
| #17 |
 | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Hey,
__________________here you go: Code:
ATTFilter OTL logfile created on: 12/28/2011 11:20:37 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Blubb\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.87 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 64.62% Memory free 11.73 Gb Paging File | 9.64 Gb Available in Paging File | 82.15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917.55 Gb Total Space | 724.29 Gb Free Space | 78.94% Space Free | Partition Type: NTFS Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS Drive E: | 677.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe PRC - [2011/12/10 12:53:44 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2011/10/13 08:06:52 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll MOD - [2011/10/13 08:01:38 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll MOD - [2011/10/13 08:01:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011/10/13 08:01:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011/10/13 08:01:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011/10/13 08:01:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011/10/13 08:00:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011/10/13 08:00:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011/10/13 08:00:55 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011/10/13 08:00:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/04/06 04:54:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2011/05/19 05:37:01 | 000,409,672 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/03/24 11:43:38 | 002,299,656 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV) SRV:64bit: - [2010/03/12 15:42:40 | 000,393,728 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV:64bit: - [2009/10/19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. hxxp://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/04/24 13:13:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2010/06/19 02:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/10/28 19:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2011/05/19 05:37:12 | 000,089,680 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/06/22 02:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/02/22 13:57:54 | 000,347,336 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2010/01/29 13:47:04 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM) DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Blubb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) O1 HOSTS File: ([2011/05/29 13:38:12 | 000,434,670 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14957 more lines... O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [Facebook Update] C:\Users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-FDPDN.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863EC08-5BA9-4F6F-A3E8-A201DB2FFA90}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED421C8-E781-4DF8-8530-40B09201897C}: DhcpNameServer = 10.111.81.129 10.129.32.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/22 16:17:27 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/12/28 19:55:38 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com [2011/12/28 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011/12/28 19:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/12/28 19:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/12/28 16:25:39 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011/12/28 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011/12/28 16:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011/12/27 02:18:45 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\WMTools Downloaded Files [2011/12/27 01:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011/12/27 01:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2011/12/27 01:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2011/12/27 01:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011/12/27 01:39:43 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011/12/27 00:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6 [2011/12/27 00:47:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011/12/26 23:11:00 | 000,000,000 | ---D | C] -- C:\Windows\de [2011/12/26 23:09:54 | 000,000,000 | ---D | C] -- C:\Windows\en [2011/12/26 23:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2011/12/26 23:03:33 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\Windows Live [2011/12/23 20:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/12/23 15:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/23 15:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/12/23 03:23:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe [2011/12/12 17:15:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2011/12/12 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Canon [2011/12/08 21:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011/12/08 21:31:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2011/12/08 21:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/28 22:32:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job [2011/12/28 22:32:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job [2011/12/28 21:05:01 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/28 21:05:01 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/28 20:56:30 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/12/28 20:56:30 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/12/28 20:56:30 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/12/28 20:56:30 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/12/28 20:56:30 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/12/28 20:53:35 | 000,709,968 | ---- | M] () -- C:\Windows\is-FDPDN.exe [2011/12/28 20:53:35 | 000,012,782 | ---- | M] () -- C:\Windows\is-FDPDN.msg [2011/12/28 20:53:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011/12/28 20:53:35 | 000,000,459 | ---- | M] () -- C:\Windows\is-FDPDN.lst [2011/12/28 20:50:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/28 20:50:31 | 429,191,167 | -HS- | M] () -- C:\hiberfil.sys [2011/12/28 20:50:05 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv [2011/12/28 19:55:21 | 000,001,810 | ---- | M] () -- C:\Users\Blubb\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/12/28 16:28:52 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011/12/28 16:28:51 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2011/12/28 16:25:40 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011/12/27 14:08:34 | 002,350,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/12/27 02:10:39 | 000,003,584 | ---- | M] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/27 00:50:11 | 000,003,029 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk [2011/12/27 00:50:08 | 000,003,231 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk [2011/12/23 12:53:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlubb.job [2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe [2011/12/23 03:11:49 | 000,000,000 | ---- | M] () -- C:\Users\Blubb\defogger_reenable [2011/12/20 13:29:13 | 002,008,352 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/12/08 21:31:28 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011/12/08 10:57:08 | 154,528,034 | ---- | M] () -- C:\Users\Blubb\Desktop\Oberstdorf-11-2011.wmv [2011/12/06 02:04:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLUBB-NEU$.job [2011/12/02 23:20:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/28 20:53:35 | 000,709,968 | ---- | C] () -- C:\Windows\is-FDPDN.exe [2011/12/28 20:53:35 | 000,012,782 | ---- | C] () -- C:\Windows\is-FDPDN.msg [2011/12/28 20:53:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011/12/28 20:53:35 | 000,000,459 | ---- | C] () -- C:\Windows\is-FDPDN.lst [2011/12/28 19:55:21 | 000,001,810 | ---- | C] () -- C:\Users\Blubb\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/12/28 19:04:05 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2011/12/28 16:25:40 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011/12/27 02:10:39 | 000,003,584 | ---- | C] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/27 00:51:13 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk [2011/12/27 00:50:11 | 000,003,029 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk [2011/12/27 00:50:08 | 000,003,231 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk [2011/12/26 23:01:36 | 154,528,034 | ---- | C] () -- C:\Users\Blubb\Desktop\Oberstdorf-11-2011.wmv [2011/12/23 03:11:49 | 000,000,000 | ---- | C] () -- C:\Users\Blubb\defogger_reenable [2011/12/20 13:30:58 | 002,008,352 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG [2011/12/08 21:31:28 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011/12/02 23:20:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [2011/08/17 17:21:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011/08/17 17:21:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011/07/08 20:28:06 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2011/06/10 14:25:13 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\AppData\Roaming\GhostObjGAFix.xml [2011/05/29 03:43:33 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/05/29 03:43:33 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/04/22 16:27:42 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/04/21 16:42:01 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI [2011/04/21 15:57:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/04/06 04:32:35 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010/09/21 18:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon [2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender [2011/12/12 17:27:40 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon [2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox [2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP [2011/12/28 23:20:01 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ [2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin [2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover [2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak [2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch [2011/12/28 22:32:01 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job [2011/12/28 22:32:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job [2011/12/05 21:24:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/09/30 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Adobe [2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon [2011/07/25 21:35:33 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Apple Computer [2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender [2011/08/17 17:22:56 | 000,000,000 | R--D | M] -- C:\Users\Blubb\AppData\Roaming\Brother [2011/12/12 17:27:40 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon [2011/12/07 19:11:43 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Corel [2011/05/14 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\CyberLink [2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox [2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP [2011/10/21 13:57:31 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Hewlett-Packard [2011/12/23 12:08:46 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HP Support Assistant [2011/10/21 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\hpqLog [2011/12/23 12:08:46 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HpUpdate [2011/12/28 23:20:01 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ [2011/04/21 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Identities [2011/08/17 17:21:00 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\InstallShield [2011/04/21 16:05:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Intel Corporation [2011/04/06 04:37:02 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Macromedia [2011/05/30 02:30:16 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Malwarebytes [2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Media Center Programs [2011/12/23 11:12:28 | 000,000,000 | --SD | M] -- C:\Users\Blubb\AppData\Roaming\Microsoft [2011/05/27 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Mozilla [2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin [2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover [2011/12/22 01:03:06 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Skype [2011/12/28 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com [2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak [2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch [2011/04/22 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011/09/30 13:22:08 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Blubb\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011/04/21 18:14:13 | 000,010,134 | R--- | M] () -- C:\Users\Blubb\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009/06/25 15:06:52 | 000,001,024 | ---- | M] () MD5=231CD46A29C26A58BDE1C7146B702399 -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll [2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\DRV\Storage\Intel\RST\9.6\x64\iaStor.sys [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/04/06 05:08:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2011/04/06 05:08:57 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/04/06 05:08:57 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/04/06 05:08:57 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
29.12.2011, 00:26
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/22 16:17:27 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe -- [2010/03/12 07:05:38 | 001,377,656 | R--- | M] (Microsoft Corporation)
[2011/12/28 20:53:35 | 000,709,968 | ---- | C] () -- C:\Windows\is-FDPDN.exe
[2011/12/28 20:53:35 | 000,012,782 | ---- | C] () -- C:\Windows\is-FDPDN.msg
[2011/12/28 20:53:35 | 000,000,459 | ---- | C] () -- C:\Windows\is-FDPDN.lst
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
29.12.2011, 01:40
| #19 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtCode:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
File move failed. E:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
File move failed. E:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d32e8ecf-600d-11e0-99ba-806e6f6e6963}\ not found.
File move failed. E:\setup.exe scheduled to be moved on reboot.
File C:\Windows\is-FDPDN.exe not found.
File C:\Windows\is-FDPDN.msg not found.
File C:\Windows\is-FDPDN.lst not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Blubb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3016849692 bytes
->Java cache emptied: 756126 bytes
->Apple Safari cache emptied: 14491648 bytes
->Flash cache emptied: 58891 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 709968 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29605 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 7646970 bytes
Total Files Cleaned = 2,900.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 12292011_013307
Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\setup.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Geändert von interaktion (29.12.2011 um 01:47 Uhr) |
|
29.12.2011, 01:50
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.12.2011, 14:31
| #21 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtCode:
ATTFilter 14:29:04.0565 3280 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:29:05.0181 3280 ============================================================
14:29:05.0181 3280 Current date / time: 2011/12/29 14:29:05.0181
14:29:05.0181 3280 SystemInfo:
14:29:05.0181 3280
14:29:05.0181 3280 OS Version: 6.1.7601 ServicePack: 1.0
14:29:05.0181 3280 Product type: Workstation
14:29:05.0182 3280 ComputerName: BLUBB-NEU
14:29:05.0182 3280 UserName: Blubb
14:29:05.0182 3280 Windows directory: C:\Windows
14:29:05.0182 3280 System windows directory: C:\Windows
14:29:05.0182 3280 Running under WOW64
14:29:05.0182 3280 Processor architecture: Intel x64
14:29:05.0182 3280 Number of processors: 4
14:29:05.0182 3280 Page size: 0x1000
14:29:05.0182 3280 Boot type: Normal boot
14:29:05.0182 3280 ============================================================
14:29:05.0490 3280 Initialize success
14:29:27.0536 5200 ============================================================
14:29:27.0536 5200 Scan started
14:29:27.0536 5200 Mode: Manual; SigCheck; TDLFS;
14:29:27.0537 5200 ============================================================
14:29:29.0012 5200 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:29:29.0121 5200 1394ohci - ok
14:29:29.0169 5200 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:29:29.0197 5200 ACPI - ok
14:29:29.0214 5200 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:29:29.0245 5200 AcpiPmi - ok
14:29:29.0337 5200 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:29:29.0373 5200 adp94xx - ok
14:29:29.0397 5200 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:29:29.0418 5200 adpahci - ok
14:29:29.0448 5200 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:29:29.0465 5200 adpu320 - ok
14:29:29.0526 5200 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:29:29.0577 5200 AFD - ok
14:29:29.0601 5200 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:29:29.0622 5200 agp440 - ok
14:29:29.0649 5200 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:29:29.0668 5200 aliide - ok
14:29:29.0697 5200 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:29:29.0710 5200 amdide - ok
14:29:29.0729 5200 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:29:29.0755 5200 AmdK8 - ok
14:29:29.0771 5200 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:29:29.0811 5200 AmdPPM - ok
14:29:29.0840 5200 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:29:29.0858 5200 amdsata - ok
14:29:29.0886 5200 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:29:29.0908 5200 amdsbs - ok
14:29:29.0934 5200 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:29:29.0942 5200 amdxata - ok
14:29:29.0986 5200 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:29:30.0053 5200 AppID - ok
14:29:30.0103 5200 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:29:30.0127 5200 arc - ok
14:29:30.0141 5200 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:29:30.0169 5200 arcsas - ok
14:29:30.0253 5200 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:29:30.0320 5200 AsyncMac - ok
14:29:30.0344 5200 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:29:30.0356 5200 atapi - ok
14:29:30.0388 5200 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:29:30.0426 5200 b06bdrv - ok
14:29:30.0472 5200 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:29:30.0523 5200 b57nd60a - ok
14:29:30.0573 5200 BDFM (f050e487a787239c182c279ca97e8cf4) C:\Windows\system32\DRIVERS\bdfm.sys
14:29:30.0610 5200 BDFM - ok
14:29:30.0628 5200 bdfsfltr (abd97bfb299713a51fe36aaab71f73a2) C:\Windows\system32\DRIVERS\bdfsfltr.sys
14:29:30.0643 5200 bdfsfltr - ok
14:29:30.0706 5200 bdfwfpf (1d634cdb4f742ac282d5265d46829ff6) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
14:29:30.0726 5200 bdfwfpf - ok
14:29:30.0753 5200 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:29:30.0828 5200 Beep - ok
14:29:30.0879 5200 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:29:30.0909 5200 blbdrive - ok
14:29:30.0973 5200 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:29:31.0007 5200 bowser - ok
14:29:31.0023 5200 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:29:31.0055 5200 BrFiltLo - ok
14:29:31.0076 5200 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:29:31.0093 5200 BrFiltUp - ok
14:29:31.0110 5200 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:29:31.0149 5200 Brserid - ok
14:29:31.0165 5200 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:29:31.0187 5200 BrSerWdm - ok
14:29:31.0206 5200 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:29:31.0241 5200 BrUsbMdm - ok
14:29:31.0258 5200 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:29:31.0286 5200 BrUsbSer - ok
14:29:31.0309 5200 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:29:31.0346 5200 BTHMODEM - ok
14:29:31.0366 5200 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:29:31.0402 5200 cdfs - ok
14:29:31.0440 5200 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:29:31.0507 5200 cdrom - ok
14:29:31.0551 5200 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:29:31.0604 5200 circlass - ok
14:29:31.0637 5200 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:29:31.0660 5200 CLFS - ok
14:29:31.0688 5200 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:29:31.0717 5200 CmBatt - ok
14:29:31.0749 5200 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:29:31.0770 5200 cmdide - ok
14:29:31.0808 5200 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:29:31.0842 5200 CNG - ok
14:29:31.0861 5200 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:29:31.0873 5200 Compbatt - ok
14:29:31.0902 5200 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:29:31.0945 5200 CompositeBus - ok
14:29:31.0978 5200 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:29:31.0993 5200 crcdisk - ok
14:29:32.0032 5200 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:29:32.0088 5200 DfsC - ok
14:29:32.0111 5200 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:29:32.0143 5200 discache - ok
14:29:32.0157 5200 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:29:32.0166 5200 Disk - ok
14:29:32.0188 5200 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:29:32.0204 5200 drmkaud - ok
14:29:32.0247 5200 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:29:32.0272 5200 DXGKrnl - ok
14:29:32.0348 5200 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:29:32.0470 5200 ebdrv - ok
14:29:32.0517 5200 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:29:32.0544 5200 elxstor - ok
14:29:32.0558 5200 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:29:32.0579 5200 ErrDev - ok
14:29:32.0600 5200 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:29:32.0641 5200 exfat - ok
14:29:32.0665 5200 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:29:32.0724 5200 fastfat - ok
14:29:32.0756 5200 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:29:32.0794 5200 fdc - ok
14:29:32.0818 5200 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:29:32.0829 5200 FileInfo - ok
14:29:32.0844 5200 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:29:32.0886 5200 Filetrace - ok
14:29:32.0905 5200 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:29:32.0919 5200 flpydisk - ok
14:29:32.0949 5200 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:29:32.0966 5200 FltMgr - ok
14:29:32.0980 5200 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:29:32.0992 5200 FsDepends - ok
14:29:33.0010 5200 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:29:33.0021 5200 Fs_Rec - ok
14:29:33.0058 5200 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:29:33.0075 5200 fvevol - ok
14:29:33.0097 5200 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:29:33.0112 5200 gagp30kx - ok
14:29:33.0145 5200 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:29:33.0151 5200 GEARAspiWDM - ok
14:29:33.0171 5200 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:29:33.0183 5200 hcw85cir - ok
14:29:33.0222 5200 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:29:33.0262 5200 HdAudAddService - ok
14:29:33.0284 5200 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:29:33.0327 5200 HDAudBus - ok
14:29:33.0364 5200 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:29:33.0383 5200 HECIx64 - ok
14:29:33.0402 5200 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:29:33.0430 5200 HidBatt - ok
14:29:33.0445 5200 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:29:33.0484 5200 HidBth - ok
14:29:33.0505 5200 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:29:33.0543 5200 HidIr - ok
14:29:33.0583 5200 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:29:33.0621 5200 HidUsb - ok
14:29:33.0677 5200 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:29:33.0693 5200 HpSAMD - ok
14:29:33.0726 5200 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:29:33.0781 5200 HTTP - ok
14:29:33.0807 5200 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:29:33.0817 5200 hwpolicy - ok
14:29:33.0863 5200 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:29:33.0880 5200 i8042prt - ok
14:29:33.0918 5200 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:29:33.0935 5200 iaStor - ok
14:29:33.0959 5200 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:29:33.0983 5200 iaStorV - ok
14:29:33.0997 5200 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:29:34.0008 5200 iirsp - ok
14:29:34.0084 5200 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
14:29:34.0157 5200 IntcAzAudAddService - ok
14:29:34.0183 5200 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:29:34.0204 5200 intelide - ok
14:29:34.0219 5200 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:29:34.0246 5200 intelppm - ok
14:29:34.0285 5200 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:29:34.0338 5200 IpFilterDriver - ok
14:29:34.0358 5200 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:29:34.0382 5200 IPMIDRV - ok
14:29:34.0403 5200 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:29:34.0459 5200 IPNAT - ok
14:29:34.0513 5200 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:29:34.0561 5200 IRENUM - ok
14:29:34.0580 5200 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:29:34.0592 5200 isapnp - ok
14:29:34.0615 5200 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:29:34.0635 5200 iScsiPrt - ok
14:29:34.0649 5200 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:29:34.0660 5200 kbdclass - ok
14:29:34.0685 5200 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:29:34.0713 5200 kbdhid - ok
14:29:34.0748 5200 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:29:34.0769 5200 KSecDD - ok
14:29:34.0801 5200 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:29:34.0817 5200 KSecPkg - ok
14:29:34.0833 5200 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:29:34.0889 5200 ksthunk - ok
14:29:34.0959 5200 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
14:29:34.0978 5200 Lbd - ok
14:29:35.0023 5200 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:29:35.0107 5200 lltdio - ok
14:29:35.0141 5200 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:29:35.0153 5200 LSI_FC - ok
14:29:35.0171 5200 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:29:35.0184 5200 LSI_SAS - ok
14:29:35.0205 5200 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:29:35.0217 5200 LSI_SAS2 - ok
14:29:35.0226 5200 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:29:35.0240 5200 LSI_SCSI - ok
14:29:35.0263 5200 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:29:35.0330 5200 luafv - ok
14:29:35.0360 5200 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:29:35.0370 5200 MBAMProtector - ok
14:29:35.0388 5200 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:29:35.0403 5200 megasas - ok
14:29:35.0433 5200 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:29:35.0465 5200 MegaSR - ok
14:29:35.0484 5200 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:29:35.0523 5200 Modem - ok
14:29:35.0536 5200 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:29:35.0583 5200 monitor - ok
14:29:35.0646 5200 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:29:35.0666 5200 mouclass - ok
14:29:35.0693 5200 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:29:35.0724 5200 mouhid - ok
14:29:35.0756 5200 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:29:35.0772 5200 mountmgr - ok
14:29:35.0795 5200 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:29:35.0814 5200 mpio - ok
14:29:35.0823 5200 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:29:35.0865 5200 mpsdrv - ok
14:29:35.0898 5200 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:29:35.0931 5200 MRxDAV - ok
14:29:35.0963 5200 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:29:35.0995 5200 mrxsmb - ok
14:29:36.0029 5200 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:29:36.0059 5200 mrxsmb10 - ok
14:29:36.0077 5200 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:29:36.0096 5200 mrxsmb20 - ok
14:29:36.0123 5200 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:29:36.0139 5200 msahci - ok
14:29:36.0160 5200 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:29:36.0178 5200 msdsm - ok
14:29:36.0199 5200 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:29:36.0236 5200 Msfs - ok
14:29:36.0262 5200 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:29:36.0314 5200 mshidkmdf - ok
14:29:36.0330 5200 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:29:36.0339 5200 msisadrv - ok
14:29:36.0365 5200 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:29:36.0408 5200 MSKSSRV - ok
14:29:36.0434 5200 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:29:36.0469 5200 MSPCLOCK - ok
14:29:36.0479 5200 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:29:36.0560 5200 MSPQM - ok
14:29:36.0587 5200 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:29:36.0603 5200 MsRPC - ok
14:29:36.0619 5200 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:29:36.0627 5200 mssmbios - ok
14:29:36.0640 5200 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:29:36.0683 5200 MSTEE - ok
14:29:36.0705 5200 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:29:36.0740 5200 MTConfig - ok
14:29:36.0758 5200 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:29:36.0769 5200 Mup - ok
14:29:36.0805 5200 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:29:36.0843 5200 NativeWifiP - ok
14:29:36.0905 5200 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:29:36.0946 5200 NDIS - ok
14:29:36.0977 5200 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:29:37.0018 5200 NdisCap - ok
14:29:37.0041 5200 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:29:37.0079 5200 NdisTapi - ok
14:29:37.0105 5200 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:29:37.0144 5200 Ndisuio - ok
14:29:37.0175 5200 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:29:37.0244 5200 NdisWan - ok
14:29:37.0281 5200 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:29:37.0330 5200 NDProxy - ok
14:29:37.0380 5200 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
14:29:37.0399 5200 Netaapl - ok
14:29:37.0415 5200 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:29:37.0473 5200 NetBIOS - ok
14:29:37.0498 5200 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:29:37.0548 5200 NetBT - ok
14:29:37.0584 5200 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:29:37.0596 5200 nfrd960 - ok
14:29:37.0625 5200 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:29:37.0662 5200 Npfs - ok
14:29:37.0675 5200 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:29:37.0720 5200 nsiproxy - ok
14:29:37.0767 5200 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:29:37.0819 5200 Ntfs - ok
14:29:37.0833 5200 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:29:37.0893 5200 Null - ok
14:29:37.0931 5200 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
14:29:37.0953 5200 NVHDA - ok
14:29:38.0132 5200 nvlddmkm (2f1bc5c1320b07a7480240c4ca6f6387) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:29:38.0291 5200 nvlddmkm - ok
14:29:38.0331 5200 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:29:38.0344 5200 nvraid - ok
14:29:38.0358 5200 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:29:38.0372 5200 nvstor - ok
14:29:38.0399 5200 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:29:38.0414 5200 nv_agp - ok
14:29:38.0433 5200 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:29:38.0451 5200 ohci1394 - ok
14:29:38.0502 5200 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:29:38.0520 5200 Parport - ok
14:29:38.0547 5200 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:29:38.0559 5200 partmgr - ok
14:29:38.0597 5200 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:29:38.0611 5200 pci - ok
14:29:38.0632 5200 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:29:38.0646 5200 pciide - ok
14:29:38.0661 5200 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:29:38.0696 5200 pcmcia - ok
14:29:38.0726 5200 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:29:38.0737 5200 pcw - ok
14:29:38.0761 5200 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:29:38.0816 5200 PEAUTH - ok
14:29:38.0861 5200 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:29:38.0897 5200 PptpMiniport - ok
14:29:38.0916 5200 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:29:38.0943 5200 Processor - ok
14:29:38.0973 5200 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:29:39.0022 5200 Psched - ok
14:29:39.0050 5200 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:29:39.0102 5200 ql2300 - ok
14:29:39.0119 5200 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:29:39.0133 5200 ql40xx - ok
14:29:39.0150 5200 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:29:39.0186 5200 QWAVEdrv - ok
14:29:39.0206 5200 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:29:39.0259 5200 RasAcd - ok
14:29:39.0294 5200 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:29:39.0333 5200 RasAgileVpn - ok
14:29:39.0370 5200 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:29:39.0442 5200 Rasl2tp - ok
14:29:39.0463 5200 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:29:39.0519 5200 RasPppoe - ok
14:29:39.0546 5200 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:29:39.0588 5200 RasSstp - ok
14:29:39.0619 5200 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:29:39.0660 5200 rdbss - ok
14:29:39.0689 5200 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:29:39.0718 5200 rdpbus - ok
14:29:39.0739 5200 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:29:39.0777 5200 RDPCDD - ok
14:29:39.0800 5200 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:29:39.0879 5200 RDPENCDD - ok
14:29:39.0902 5200 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:29:39.0937 5200 RDPREFMP - ok
14:29:39.0970 5200 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:29:40.0027 5200 RDPWD - ok
14:29:40.0062 5200 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:29:40.0090 5200 rdyboost - ok
14:29:40.0136 5200 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:29:40.0211 5200 rspndr - ok
14:29:40.0252 5200 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:29:40.0267 5200 RTL8167 - ok
14:29:40.0345 5200 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:29:40.0361 5200 SASDIFSV - ok
14:29:40.0374 5200 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:29:40.0388 5200 SASKUTIL - ok
14:29:40.0413 5200 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:29:40.0435 5200 sbp2port - ok
14:29:40.0464 5200 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:29:40.0502 5200 scfilter - ok
14:29:40.0526 5200 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:29:40.0568 5200 secdrv - ok
14:29:40.0588 5200 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:29:40.0602 5200 Serenum - ok
14:29:40.0620 5200 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:29:40.0635 5200 Serial - ok
14:29:40.0652 5200 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:29:40.0675 5200 sermouse - ok
14:29:40.0701 5200 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:29:40.0727 5200 sffdisk - ok
14:29:40.0759 5200 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:29:40.0790 5200 sffp_mmc - ok
14:29:40.0808 5200 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:29:40.0853 5200 sffp_sd - ok
14:29:40.0871 5200 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:29:40.0902 5200 sfloppy - ok
14:29:40.0933 5200 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:29:40.0948 5200 SiSRaid2 - ok
14:29:40.0963 5200 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:29:40.0979 5200 SiSRaid4 - ok
14:29:41.0007 5200 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:29:41.0058 5200 Smb - ok
14:29:41.0092 5200 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:29:41.0101 5200 spldr - ok
14:29:41.0129 5200 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:29:41.0150 5200 srv - ok
14:29:41.0179 5200 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:29:41.0211 5200 srv2 - ok
14:29:41.0237 5200 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:29:41.0270 5200 srvnet - ok
14:29:41.0299 5200 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:29:41.0313 5200 stexstor - ok
14:29:41.0345 5200 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:29:41.0359 5200 swenum - ok
14:29:41.0422 5200 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:29:41.0506 5200 Tcpip - ok
14:29:41.0572 5200 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:29:41.0621 5200 TCPIP6 - ok
14:29:41.0657 5200 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:29:41.0742 5200 tcpipreg - ok
14:29:41.0785 5200 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:29:41.0829 5200 TDPIPE - ok
14:29:41.0855 5200 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:29:41.0921 5200 TDTCP - ok
14:29:41.0962 5200 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:29:41.0996 5200 tdx - ok
14:29:42.0014 5200 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:29:42.0024 5200 TermDD - ok
14:29:42.0060 5200 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:29:42.0102 5200 tssecsrv - ok
14:29:42.0138 5200 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:29:42.0155 5200 TsUsbFlt - ok
14:29:42.0203 5200 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:29:42.0251 5200 tunnel - ok
14:29:42.0268 5200 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:29:42.0280 5200 uagp35 - ok
14:29:42.0319 5200 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:29:42.0375 5200 udfs - ok
14:29:42.0394 5200 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:29:42.0407 5200 uliagpkx - ok
14:29:42.0425 5200 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:29:42.0450 5200 umbus - ok
14:29:42.0469 5200 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:29:42.0496 5200 UmPass - ok
14:29:42.0545 5200 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:29:42.0577 5200 USBAAPL64 - ok
14:29:42.0600 5200 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:29:42.0632 5200 usbccgp - ok
14:29:42.0653 5200 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:29:42.0683 5200 usbcir - ok
14:29:42.0699 5200 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:29:42.0724 5200 usbehci - ok
14:29:42.0749 5200 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:29:42.0772 5200 usbhub - ok
14:29:42.0812 5200 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:29:42.0846 5200 usbohci - ok
14:29:42.0867 5200 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:29:42.0893 5200 usbprint - ok
14:29:42.0924 5200 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:29:42.0963 5200 usbscan - ok
14:29:42.0983 5200 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:29:42.0996 5200 USBSTOR - ok
14:29:43.0004 5200 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:29:43.0019 5200 usbuhci - ok
14:29:43.0053 5200 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:29:43.0071 5200 vdrvroot - ok
14:29:43.0096 5200 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:29:43.0123 5200 vga - ok
14:29:43.0145 5200 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:29:43.0188 5200 VgaSave - ok
14:29:43.0220 5200 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:29:43.0233 5200 vhdmp - ok
14:29:43.0250 5200 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:29:43.0260 5200 viaide - ok
14:29:43.0268 5200 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:29:43.0278 5200 volmgr - ok
14:29:43.0308 5200 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:29:43.0323 5200 volmgrx - ok
14:29:43.0341 5200 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:29:43.0356 5200 volsnap - ok
14:29:43.0381 5200 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:29:43.0399 5200 vsmraid - ok
14:29:43.0425 5200 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:29:43.0446 5200 vwifibus - ok
14:29:43.0469 5200 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:29:43.0495 5200 WacomPen - ok
14:29:43.0512 5200 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:29:43.0573 5200 WANARP - ok
14:29:43.0576 5200 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:29:43.0609 5200 Wanarpv6 - ok
14:29:43.0633 5200 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:29:43.0644 5200 Wd - ok
14:29:43.0673 5200 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:29:43.0694 5200 Wdf01000 - ok
14:29:43.0728 5200 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:29:43.0764 5200 WfpLwf - ok
14:29:43.0784 5200 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:29:43.0795 5200 WIMMount - ok
14:29:43.0850 5200 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:29:43.0882 5200 WinUsb - ok
14:29:43.0907 5200 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:29:43.0921 5200 WmiAcpi - ok
14:29:43.0940 5200 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:29:43.0996 5200 ws2ifsl - ok
14:29:44.0031 5200 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:29:44.0084 5200 WudfPf - ok
14:29:44.0094 5200 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:29:44.0133 5200 WUDFRd - ok
14:29:44.0168 5200 MBR (0x1B8) (0b4635f994e242ce8183dd05a7e028e5) \Device\Harddisk0\DR0
14:29:44.0349 5200 \Device\Harddisk0\DR0 - ok
14:29:44.0353 5200 Boot (0x1200) (827353e27a3c09c8d813aefbe632a082) \Device\Harddisk0\DR0\Partition0
14:29:44.0354 5200 \Device\Harddisk0\DR0\Partition0 - ok
14:29:44.0385 5200 Boot (0x1200) (ef9e8de7232a8495f564e9b20ad793ac) \Device\Harddisk0\DR0\Partition1
14:29:44.0386 5200 \Device\Harddisk0\DR0\Partition1 - ok
14:29:44.0411 5200 Boot (0x1200) (151b777de72af199f17c558e70697b3c) \Device\Harddisk0\DR0\Partition2
14:29:44.0412 5200 \Device\Harddisk0\DR0\Partition2 - ok
14:29:44.0414 5200 ============================================================
14:29:44.0414 5200 Scan finished
14:29:44.0414 5200 ============================================================
14:29:44.0430 5672 Detected object count: 0
14:29:44.0430 5672 Actual detected object count: 0
14:30:17.0624 1560 ============================================================
14:30:17.0624 1560 Scan started
14:30:17.0624 1560 Mode: Manual; SigCheck; TDLFS;
14:30:17.0624 1560 ============================================================
14:30:18.0672 1560 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:30:18.0706 1560 1394ohci - ok
14:30:18.0753 1560 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:30:18.0776 1560 ACPI - ok
14:30:18.0816 1560 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:30:18.0845 1560 AcpiPmi - ok
14:30:18.0888 1560 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:30:18.0905 1560 adp94xx - ok
14:30:18.0940 1560 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:30:18.0955 1560 adpahci - ok
14:30:18.0991 1560 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:30:19.0008 1560 adpu320 - ok
14:30:19.0052 1560 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:30:19.0075 1560 AFD - ok
14:30:19.0111 1560 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:30:19.0124 1560 agp440 - ok
14:30:19.0167 1560 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:30:19.0177 1560 aliide - ok
14:30:19.0207 1560 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:30:19.0217 1560 amdide - ok
14:30:19.0247 1560 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:30:19.0262 1560 AmdK8 - ok
14:30:19.0314 1560 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:30:19.0333 1560 AmdPPM - ok
14:30:19.0367 1560 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:30:19.0382 1560 amdsata - ok
14:30:19.0421 1560 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:30:19.0444 1560 amdsbs - ok
14:30:19.0477 1560 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:30:19.0490 1560 amdxata - ok
14:30:19.0546 1560 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:30:19.0609 1560 AppID - ok
14:30:19.0638 1560 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:30:19.0646 1560 arc - ok
14:30:19.0684 1560 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:30:19.0704 1560 arcsas - ok
14:30:19.0730 1560 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:30:19.0778 1560 AsyncMac - ok
14:30:19.0804 1560 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:30:19.0825 1560 atapi - ok
14:30:19.0856 1560 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:30:19.0871 1560 b06bdrv - ok
14:30:19.0890 1560 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:30:19.0904 1560 b57nd60a - ok
14:30:19.0925 1560 BDFM (f050e487a787239c182c279ca97e8cf4) C:\Windows\system32\DRIVERS\bdfm.sys
14:30:19.0937 1560 BDFM - ok
14:30:19.0955 1560 bdfsfltr (abd97bfb299713a51fe36aaab71f73a2) C:\Windows\system32\DRIVERS\bdfsfltr.sys
14:30:19.0969 1560 bdfsfltr - ok
14:30:20.0033 1560 bdfwfpf (1d634cdb4f742ac282d5265d46829ff6) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
14:30:20.0048 1560 bdfwfpf - ok
14:30:20.0063 1560 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:30:20.0108 1560 Beep - ok
14:30:20.0123 1560 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:30:20.0134 1560 blbdrive - ok
14:30:20.0175 1560 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:30:20.0197 1560 bowser - ok
14:30:20.0217 1560 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:30:20.0232 1560 BrFiltLo - ok
14:30:20.0270 1560 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:30:20.0283 1560 BrFiltUp - ok
14:30:20.0304 1560 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:30:20.0318 1560 Brserid - ok
14:30:20.0334 1560 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:30:20.0349 1560 BrSerWdm - ok
14:30:20.0366 1560 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:30:20.0380 1560 BrUsbMdm - ok
14:30:20.0393 1560 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:30:20.0405 1560 BrUsbSer - ok
14:30:20.0436 1560 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:30:20.0453 1560 BTHMODEM - ok
14:30:20.0468 1560 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:30:20.0499 1560 cdfs - ok
14:30:20.0534 1560 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:30:20.0547 1560 cdrom - ok
14:30:20.0569 1560 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:30:20.0585 1560 circlass - ok
14:30:20.0613 1560 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:30:20.0630 1560 CLFS - ok
14:30:20.0657 1560 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:30:20.0668 1560 CmBatt - ok
14:30:20.0727 1560 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:30:20.0743 1560 cmdide - ok
14:30:20.0777 1560 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:30:20.0804 1560 CNG - ok
14:30:20.0821 1560 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:30:20.0831 1560 Compbatt - ok
14:30:20.0846 1560 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:30:20.0863 1560 CompositeBus - ok
14:30:20.0889 1560 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:30:20.0899 1560 crcdisk - ok
14:30:20.0934 1560 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:30:20.0975 1560 DfsC - ok
14:30:20.0988 1560 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:30:21.0020 1560 discache - ok
14:30:21.0034 1560 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:30:21.0043 1560 Disk - ok
14:30:21.0065 1560 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:30:21.0079 1560 drmkaud - ok
14:30:21.0116 1560 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:30:21.0139 1560 DXGKrnl - ok
14:30:21.0210 1560 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:30:21.0264 1560 ebdrv - ok
14:30:21.0302 1560 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:30:21.0319 1560 elxstor - ok
14:30:21.0335 1560 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:30:21.0348 1560 ErrDev - ok
14:30:21.0369 1560 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:30:21.0408 1560 exfat - ok
14:30:21.0426 1560 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:30:21.0459 1560 fastfat - ok
14:30:21.0484 1560 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:30:21.0495 1560 fdc - ok
14:30:21.0521 1560 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:30:21.0531 1560 FileInfo - ok
14:30:21.0547 1560 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:30:21.0584 1560 Filetrace - ok
14:30:21.0607 1560 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:30:21.0620 1560 flpydisk - ok
14:30:21.0652 1560 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:30:21.0666 1560 FltMgr - ok
14:30:21.0683 1560 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:30:21.0693 1560 FsDepends - ok
14:30:21.0705 1560 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:30:21.0715 1560 Fs_Rec - ok
14:30:21.0760 1560 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:30:21.0786 1560 fvevol - ok
14:30:21.0808 1560 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:30:21.0819 1560 gagp30kx - ok
14:30:21.0847 1560 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:30:21.0855 1560 GEARAspiWDM - ok
14:30:21.0873 1560 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:30:21.0887 1560 hcw85cir - ok
14:30:21.0915 1560 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:30:21.0936 1560 HdAudAddService - ok
14:30:21.0953 1560 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:30:21.0967 1560 HDAudBus - ok
14:30:22.0000 1560 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:30:22.0015 1560 HECIx64 - ok
14:30:22.0030 1560 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:30:22.0050 1560 HidBatt - ok
14:30:22.0065 1560 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:30:22.0089 1560 HidBth - ok
14:30:22.0107 1560 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:30:22.0123 1560 HidIr - ok
14:30:22.0144 1560 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:30:22.0158 1560 HidUsb - ok
14:30:22.0197 1560 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:30:22.0207 1560 HpSAMD - ok
14:30:22.0245 1560 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:30:22.0299 1560 HTTP - ok
14:30:22.0335 1560 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:30:22.0346 1560 hwpolicy - ok
14:30:22.0366 1560 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:30:22.0383 1560 i8042prt - ok
14:30:22.0423 1560 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:30:22.0451 1560 iaStor - ok
14:30:22.0480 1560 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:30:22.0506 1560 iaStorV - ok
14:30:22.0524 1560 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:30:22.0533 1560 iirsp - ok
14:30:22.0612 1560 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
14:30:22.0663 1560 IntcAzAudAddService - ok
14:30:22.0677 1560 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:30:22.0684 1560 intelide - ok
14:30:22.0705 1560 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:30:22.0717 1560 intelppm - ok
14:30:22.0763 1560 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:30:22.0812 1560 IpFilterDriver - ok
14:30:22.0828 1560 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:30:22.0838 1560 IPMIDRV - ok
14:30:22.0856 1560 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:30:22.0890 1560 IPNAT - ok
14:30:22.0916 1560 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:30:22.0930 1560 IRENUM - ok
14:30:22.0950 1560 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:30:22.0958 1560 isapnp - ok
14:30:22.0993 1560 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:30:23.0006 1560 iScsiPrt - ok
14:30:23.0027 1560 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:30:23.0037 1560 kbdclass - ok
14:30:23.0079 1560 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:30:23.0102 1560 kbdhid - ok
14:30:23.0118 1560 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:30:23.0136 1560 KSecDD - ok
14:30:23.0154 1560 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:30:23.0166 1560 KSecPkg - ok
14:30:23.0178 1560 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:30:23.0221 1560 ksthunk - ok
14:30:23.0270 1560 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
14:30:23.0279 1560 Lbd - ok
14:30:23.0309 1560 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:30:23.0348 1560 lltdio - ok
14:30:23.0377 1560 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:30:23.0386 1560 LSI_FC - ok
14:30:23.0415 1560 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:30:23.0425 1560 LSI_SAS - ok
14:30:23.0441 1560 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:30:23.0451 1560 LSI_SAS2 - ok
14:30:23.0465 1560 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:30:23.0476 1560 LSI_SCSI - ok
14:30:23.0491 1560 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:30:23.0524 1560 luafv - ok
14:30:23.0546 1560 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:30:23.0555 1560 MBAMProtector - ok
14:30:23.0574 1560 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:30:23.0583 1560 megasas - ok
14:30:23.0602 1560 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:30:23.0615 1560 MegaSR - ok
14:30:23.0629 1560 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:30:23.0669 1560 Modem - ok
14:30:23.0690 1560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:30:23.0702 1560 monitor - ok
14:30:23.0732 1560 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:30:23.0748 1560 mouclass - ok
14:30:23.0763 1560 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:30:23.0777 1560 mouhid - ok
14:30:23.0809 1560 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:30:23.0822 1560 mountmgr - ok
14:30:23.0857 1560 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:30:23.0879 1560 mpio - ok
14:30:23.0889 1560 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:30:23.0926 1560 mpsdrv - ok
14:30:23.0943 1560 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:30:23.0960 1560 MRxDAV - ok
14:30:23.0991 1560 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:30:24.0004 1560 mrxsmb - ok
14:30:24.0041 1560 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:30:24.0067 1560 mrxsmb10 - ok
14:30:24.0097 1560 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:30:24.0115 1560 mrxsmb20 - ok
14:30:24.0134 1560 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:30:24.0144 1560 msahci - ok
14:30:24.0188 1560 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:30:24.0209 1560 msdsm - ok
14:30:24.0235 1560 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:30:24.0280 1560 Msfs - ok
14:30:24.0307 1560 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:30:24.0337 1560 mshidkmdf - ok
14:30:24.0350 1560 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:30:24.0358 1560 msisadrv - ok
14:30:24.0385 1560 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:30:24.0418 1560 MSKSSRV - ok
14:30:24.0437 1560 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:30:24.0469 1560 MSPCLOCK - ok
14:30:24.0482 1560 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:30:24.0514 1560 MSPQM - ok
14:30:24.0540 1560 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:30:24.0552 1560 MsRPC - ok
14:30:24.0589 1560 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:30:24.0598 1560 mssmbios - ok
14:30:24.0619 1560 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:30:24.0660 1560 MSTEE - ok
14:30:24.0675 1560 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:30:24.0686 1560 MTConfig - ok
14:30:24.0703 1560 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:30:24.0713 1560 Mup - ok
14:30:24.0759 1560 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:30:24.0792 1560 NativeWifiP - ok
14:30:24.0831 1560 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:30:24.0858 1560 NDIS - ok
14:30:24.0880 1560 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:30:24.0918 1560 NdisCap - ok
14:30:24.0936 1560 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:30:24.0967 1560 NdisTapi - ok
14:30:24.0990 1560 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:30:25.0024 1560 Ndisuio - ok
14:30:25.0052 1560 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:30:25.0090 1560 NdisWan - ok
14:30:25.0117 1560 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:30:25.0149 1560 NDProxy - ok
14:30:25.0174 1560 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
14:30:25.0185 1560 Netaapl - ok
14:30:25.0201 1560 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:30:25.0238 1560 NetBIOS - ok
14:30:25.0258 1560 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:30:25.0293 1560 NetBT - ok
14:30:25.0320 1560 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:30:25.0328 1560 nfrd960 - ok
14:30:25.0360 1560 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:30:25.0392 1560 Npfs - ok
14:30:25.0402 1560 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:30:25.0435 1560 nsiproxy - ok
14:30:25.0502 1560 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:30:25.0549 1560 Ntfs - ok
14:30:25.0560 1560 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:30:25.0594 1560 Null - ok
14:30:25.0625 1560 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
14:30:25.0643 1560 NVHDA - ok
14:30:25.0834 1560 nvlddmkm (2f1bc5c1320b07a7480240c4ca6f6387) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:30:25.0994 1560 nvlddmkm - ok
14:30:26.0034 1560 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:30:26.0042 1560 nvraid - ok
14:30:26.0060 1560 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:30:26.0069 1560 nvstor - ok
14:30:26.0093 1560 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:30:26.0103 1560 nv_agp - ok
14:30:26.0152 1560 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:30:26.0175 1560 ohci1394 - ok
14:30:26.0205 1560 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:30:26.0218 1560 Parport - ok
14:30:26.0250 1560 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:30:26.0265 1560 partmgr - ok
14:30:26.0283 1560 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:30:26.0297 1560 pci - ok
14:30:26.0318 1560 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:30:26.0329 1560 pciide - ok
14:30:26.0364 1560 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:30:26.0378 1560 pcmcia - ok
14:30:26.0395 1560 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:30:26.0406 1560 pcw - ok
14:30:26.0447 1560 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:30:26.0501 1560 PEAUTH - ok
14:30:26.0539 1560 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:30:26.0570 1560 PptpMiniport - ok
14:30:26.0593 1560 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:30:26.0605 1560 Processor - ok
14:30:26.0635 1560 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:30:26.0668 1560 Psched - ok
14:30:26.0718 1560 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:30:26.0775 1560 ql2300 - ok
14:30:26.0788 1560 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:30:26.0799 1560 ql40xx - ok
14:30:26.0819 1560 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:30:26.0835 1560 QWAVEdrv - ok
14:30:26.0850 1560 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:30:26.0882 1560 RasAcd - ok
14:30:26.0913 1560 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:30:26.0972 1560 RasAgileVpn - ok
14:30:27.0006 1560 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:30:27.0057 1560 Rasl2tp - ok
14:30:27.0074 1560 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:30:27.0105 1560 RasPppoe - ok
14:30:27.0124 1560 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:30:27.0157 1560 RasSstp - ok
14:30:27.0188 1560 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:30:27.0225 1560 rdbss - ok
14:30:27.0241 1560 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:30:27.0257 1560 rdpbus - ok
14:30:27.0276 1560 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:30:27.0314 1560 RDPCDD - ok
14:30:27.0328 1560 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:30:27.0365 1560 RDPENCDD - ok
14:30:27.0380 1560 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:30:27.0411 1560 RDPREFMP - ok
14:30:27.0439 1560 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:30:27.0475 1560 RDPWD - ok
14:30:27.0506 1560 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:30:27.0516 1560 rdyboost - ok
14:30:27.0539 1560 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:30:27.0574 1560 rspndr - ok
14:30:27.0622 1560 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:30:27.0646 1560 RTL8167 - ok
14:30:27.0707 1560 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:30:27.0720 1560 SASDIFSV - ok
14:30:27.0727 1560 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:30:27.0739 1560 SASKUTIL - ok
14:30:27.0782 1560 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:30:27.0802 1560 sbp2port - ok
14:30:27.0834 1560 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:30:27.0871 1560 scfilter - ok
14:30:27.0888 1560 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:30:27.0927 1560 secdrv - ok
14:30:27.0949 1560 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:30:27.0960 1560 Serenum - ok
14:30:27.0989 1560 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:30:28.0003 1560 Serial - ok
14:30:28.0030 1560 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:30:28.0043 1560 sermouse - ok
14:30:28.0062 1560 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:30:28.0073 1560 sffdisk - ok
14:30:28.0087 1560 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:30:28.0098 1560 sffp_mmc - ok
14:30:28.0119 1560 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:30:28.0135 1560 sffp_sd - ok
14:30:28.0149 1560 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:30:28.0162 1560 sfloppy - ok
14:30:28.0195 1560 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:30:28.0205 1560 SiSRaid2 - ok
14:30:28.0225 1560 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:30:28.0234 1560 SiSRaid4 - ok
14:30:28.0260 1560 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:30:28.0303 1560 Smb - ok
14:30:28.0328 1560 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:30:28.0339 1560 spldr - ok
14:30:28.0373 1560 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:30:28.0392 1560 srv - ok
14:30:28.0424 1560 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:30:28.0442 1560 srv2 - ok
14:30:28.0465 1560 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:30:28.0482 1560 srvnet - ok
14:30:28.0502 1560 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:30:28.0513 1560 stexstor - ok
14:30:28.0532 1560 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:30:28.0543 1560 swenum - ok
14:30:28.0608 1560 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:30:28.0657 1560 Tcpip - ok
14:30:28.0692 1560 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:30:28.0726 1560 TCPIP6 - ok
14:30:28.0760 1560 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:30:28.0793 1560 tcpipreg - ok
14:30:28.0813 1560 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:30:28.0844 1560 TDPIPE - ok
14:30:28.0858 1560 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:30:28.0891 1560 TDTCP - ok
14:30:28.0932 1560 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:30:28.0985 1560 tdx - ok
14:30:29.0001 1560 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:30:29.0013 1560 TermDD - ok
14:30:29.0055 1560 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:30:29.0100 1560 tssecsrv - ok
14:30:29.0133 1560 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:30:29.0154 1560 TsUsbFlt - ok
14:30:29.0173 1560 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:30:29.0208 1560 tunnel - ok
14:30:29.0230 1560 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:30:29.0239 1560 uagp35 - ok
14:30:29.0299 1560 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:30:29.0376 1560 udfs - ok
14:30:29.0405 1560 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:30:29.0423 1560 uliagpkx - ok
14:30:29.0445 1560 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:30:29.0461 1560 umbus - ok
14:30:29.0481 1560 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:30:29.0495 1560 UmPass - ok
14:30:29.0533 1560 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:30:29.0545 1560 USBAAPL64 - ok
14:30:29.0562 1560 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:30:29.0577 1560 usbccgp - ok
14:30:29.0607 1560 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:30:29.0628 1560 usbcir - ok
14:30:29.0653 1560 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:30:29.0664 1560 usbehci - ok
14:30:29.0678 1560 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:30:29.0693 1560 usbhub - ok
14:30:29.0708 1560 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:30:29.0721 1560 usbohci - ok
14:30:29.0747 1560 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:30:29.0762 1560 usbprint - ok
14:30:29.0786 1560 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:30:29.0803 1560 usbscan - ok
14:30:29.0829 1560 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:30:29.0842 1560 USBSTOR - ok
14:30:29.0863 1560 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:30:29.0876 1560 usbuhci - ok
14:30:29.0899 1560 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:30:29.0911 1560 vdrvroot - ok
14:30:29.0934 1560 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:30:29.0952 1560 vga - ok
14:30:29.0975 1560 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:30:30.0016 1560 VgaSave - ok
14:30:30.0033 1560 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:30:30.0043 1560 vhdmp - ok
14:30:30.0062 1560 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:30:30.0071 1560 viaide - ok
14:30:30.0092 1560 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:30:30.0102 1560 volmgr - ok
14:30:30.0137 1560 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:30:30.0151 1560 volmgrx - ok
14:30:30.0170 1560 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:30:30.0183 1560 volsnap - ok
14:30:30.0202 1560 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:30:30.0214 1560 vsmraid - ok
14:30:30.0229 1560 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:30:30.0245 1560 vwifibus - ok
14:30:30.0273 1560 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:30:30.0284 1560 WacomPen - ok
14:30:30.0308 1560 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:30.0343 1560 WANARP - ok
14:30:30.0349 1560 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:30.0379 1560 Wanarpv6 - ok
14:30:30.0413 1560 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:30:30.0421 1560 Wd - ok
14:30:30.0463 1560 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:30:30.0493 1560 Wdf01000 - ok
14:30:30.0525 1560 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:30:30.0564 1560 WfpLwf - ok
14:30:30.0580 1560 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:30:30.0588 1560 WIMMount - ok
14:30:30.0622 1560 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:30:30.0635 1560 WinUsb - ok
14:30:30.0653 1560 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:30:30.0663 1560 WmiAcpi - ok
14:30:30.0688 1560 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:30:30.0722 1560 ws2ifsl - ok
14:30:30.0760 1560 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:30:30.0795 1560 WudfPf - ok
14:30:30.0805 1560 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:30:30.0837 1560 WUDFRd - ok
14:30:30.0856 1560 MBR (0x1B8) (0b4635f994e242ce8183dd05a7e028e5) \Device\Harddisk0\DR0
14:30:31.0034 1560 \Device\Harddisk0\DR0 - ok
14:30:31.0038 1560 Boot (0x1200) (827353e27a3c09c8d813aefbe632a082) \Device\Harddisk0\DR0\Partition0
14:30:31.0039 1560 \Device\Harddisk0\DR0\Partition0 - ok
14:30:31.0073 1560 Boot (0x1200) (ef9e8de7232a8495f564e9b20ad793ac) \Device\Harddisk0\DR0\Partition1
14:30:31.0074 1560 \Device\Harddisk0\DR0\Partition1 - ok
14:30:31.0099 1560 Boot (0x1200) (151b777de72af199f17c558e70697b3c) \Device\Harddisk0\DR0\Partition2
14:30:31.0100 1560 \Device\Harddisk0\DR0\Partition2 - ok
14:30:31.0101 1560 ============================================================
14:30:31.0101 1560 Scan finished
14:30:31.0101 1560 ============================================================
14:30:31.0113 1564 Detected object count: 0
14:30:31.0113 1564 Actual detected object count: 0
Sehr geehrt xxxxxx vielen Dank für Ihre Mitteilung bzgl. der Trojaner-Software, die anscheinend aus den IP-Bereichen 82.98.97.176/28 und 82.98.97.192/28 verteilt wird. Wir haben unseren direkten Kunden informiert und ihn gebeten, seinerseits seinen Endkunden (Consumer Benefit) zu veranlassen, so schnell wie möglich geeignete Maßnahmen zu ergreifen. Mit freundlichen Grüßen xxxxx (um den armen Mann ein wenig zu schützen ;D) Zumindest seit ich heute den PC anschaltete, trat die Meldung nicht mehr auf... Aber who knows. Geändert von interaktion (29.12.2011 um 14:42 Uhr) |
|
29.12.2011, 16:49
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.12.2011, 17:40
| #23 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtCode:
ATTFilter ComboFix 11-12-29.04 - Blubb 29.12.2011 17:13:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6007.4082 [GMT 1:00]
ausgeführt von:: c:\users\Blubb\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: BitDefender AntiSpyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-29 ))))))))))))))))))))))))))))))
.
.
2011-12-29 16:17 . 2011-12-29 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-29 00:33 . 2011-12-29 00:33 -------- d-----w- C:\_OTL
2011-12-28 18:55 . 2011-12-28 18:55 -------- d-----w- c:\users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
2011-12-28 18:55 . 2011-12-28 18:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-28 18:55 . 2011-12-28 18:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-28 18:04 . 2011-12-28 15:28 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-28 15:25 . 2011-10-28 18:35 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-28 15:25 . 2011-12-28 15:25 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-27 16:19 . 2011-12-29 13:13 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEF6ADA9-BFB7-4CAC-80D4-648757204F94}\offreg.dll
2011-12-27 16:19 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEF6ADA9-BFB7-4CAC-80D4-648757204F94}\mpengine.dll
2011-12-27 01:18 . 2011-12-27 01:32 -------- d-----w- c:\users\Blubb\AppData\Local\WMTools Downloaded Files
2011-12-27 00:40 . 2011-12-27 00:40 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-12-27 00:40 . 2011-12-27 00:40 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-12-27 00:39 . 2011-12-27 00:39 -------- d-----r- C:\MSOCache
2011-12-26 23:51 . 2011-12-26 23:51 -------- d-----w- c:\program files (x86)\Movie Maker 2.6
2011-12-26 23:47 . 2011-12-26 23:47 -------- d-----w- c:\windows\PCHEALTH
2011-12-26 22:11 . 2011-12-26 22:11 -------- d-----w- c:\windows\de
2011-12-26 22:09 . 2011-12-26 22:09 -------- d-----w- c:\windows\en
2011-12-26 22:07 . 2011-12-26 22:07 -------- d-----w- c:\program files\Windows Live
2011-12-26 22:06 . 2011-12-26 22:06 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-26 22:03 . 2011-12-26 22:03 -------- d-----w- c:\users\Blubb\AppData\Local\Windows Live
2011-12-23 19:38 . 2011-12-23 19:38 -------- d-----w- c:\program files (x86)\ESET
2011-12-23 14:23 . 2011-12-28 22:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-14 23:34 . 2011-11-04 01:53 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 23:34 . 2011-11-04 01:44 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 23:34 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-14 23:34 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-14 23:34 . 2011-11-04 01:48 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-14 23:34 . 2011-11-03 22:42 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2011-12-14 23:33 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 23:33 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 23:31 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 23:31 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 23:31 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 23:31 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-12 16:15 . 2011-12-12 16:15 -------- d--h--w- c:\programdata\CanonIJScan
2011-12-12 16:15 . 2011-12-12 16:27 -------- d-----w- c:\users\Blubb\AppData\Roaming\Canon
2011-12-08 20:31 . 2011-12-08 20:31 -------- d-----r- c:\program files (x86)\Skype
2011-12-08 20:15 . 2011-12-08 20:15 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 15:28 . 2011-05-29 02:41 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-10 14:24 . 2011-05-30 01:30 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 11:53 . 2011-05-20 18:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-08 20:15 . 2011-05-19 19:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Facebook Update"="c:\users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-12 137536]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-10-20 28651144]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2011-05-19 89680]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-28 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job
- c:\users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 20:27]
.
2011-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job
- c:\users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 20:27]
.
2011-12-06 c:\windows\Tasks\HPCeeScheduleForBLUBB-NEU$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2011-12-23 c:\windows\Tasks\HPCeeScheduleForBlubb.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"Corel Photo Downloader"="c:\program files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe" [2006-08-04 462336]
"BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2009-10-19 71152]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 76296]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2011-05-19 1699152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-29 17:23:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-29 16:23
.
Vor Suchlauf: 14 Verzeichnis(se), 780.469.669.888 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 779.842.330.624 Bytes frei
.
- - End Of File - - D2492D13DC426778D1676991F217061F
|
|
29.12.2011, 22:52
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.12.2011, 23:43
| #25 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtCode:
ATTFilter aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2011-12-29 23:30:33
-----------------------------
23:30:33.701 OS Version: Windows x64 6.1.7601 Service Pack 1
23:30:33.701 Number of processors: 4 586 0x2505
23:30:33.702 ComputerName: BLUBB-NEU UserName: Blubb
23:30:35.532 Initialize success
23:31:48.767 AVAST engine defs: 11122900
23:31:55.092 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:31:55.097 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 8
23:31:55.116 Disk 0 MBR read successfully
23:31:55.119 Disk 0 MBR scan
23:31:55.126 Disk 0 unknown MBR code
23:31:55.138 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:31:55.157 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 939569 MB offset 206848
23:31:55.191 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14198 MB offset 1924444160
23:31:55.202 Service scanning
23:31:58.490 Modules scanning
23:31:58.498 Disk 0 trace - called modules:
23:31:58.520 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:31:58.526 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006346060]
23:31:58.534 3 CLASSPNP.SYS[fffff88001b6743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006082050]
23:32:02.681 AVAST engine scan C:\Windows
23:32:05.502 AVAST engine scan C:\Windows\system32
23:33:45.705 AVAST engine scan C:\Windows\system32\drivers
23:33:59.876 AVAST engine scan C:\Users\Blubb
23:39:20.320 AVAST engine scan C:\ProgramData
23:41:07.483 Scan finished successfully
23:41:43.443 Disk 0 MBR has been saved successfully to "C:\Users\Blubb\Desktop\MBR.dat"
23:41:43.448 The log file has been saved successfully to "C:\Users\Blubb\Desktop\aswMBR.txt"
|
|
30.12.2011, 00:44
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2011, 02:16
| #27 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Hab ich gemacht! |
|
30.12.2011, 14:29
| #28 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Log: Code:
ATTFilter aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2011-12-30 14:14:52
-----------------------------
14:14:52.817 OS Version: Windows x64 6.1.7601 Service Pack 1
14:14:52.817 Number of processors: 4 586 0x2505
14:14:52.817 ComputerName: BLUBB-NEU UserName: Blubb
14:14:57.771 Initialize success
14:15:02.471 AVAST engine defs: 11122900
14:15:05.978 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:15:05.982 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 8
14:15:05.998 Disk 0 MBR read successfully
14:15:06.001 Disk 0 MBR scan
14:15:06.088 Disk 0 Windows 7 default MBR code
14:15:06.096 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:15:06.122 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 939569 MB offset 206848
14:15:06.165 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14198 MB offset 1924444160
14:15:06.177 Service scanning
14:15:09.389 Modules scanning
14:15:09.396 Disk 0 trace - called modules:
14:15:09.427 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:15:09.433 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800631d060]
14:15:09.767 3 CLASSPNP.SYS[fffff88001bb143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f93050]
14:15:14.813 AVAST engine scan C:\Windows
14:15:23.112 AVAST engine scan C:\Windows\system32
14:17:48.604 AVAST engine scan C:\Windows\system32\drivers
14:18:02.951 AVAST engine scan C:\Users\Blubb
14:24:26.630 AVAST engine scan C:\ProgramData
14:26:34.787 Scan finished successfully
14:27:06.260 Disk 0 MBR has been saved successfully to "C:\Users\Blubb\Desktop\MBR.dat"
14:27:06.318 The log file has been saved successfully to "C:\Users\Blubb\Desktop\aswMBR.txt"
 |
|
30.12.2011, 19:22
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2011, 22:17
| #30 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 12/30/2011 at 10:13 PM
Application Version : 5.0.1142
Core Rules Database Version : 8091
Trace Rules Database Version: 5903
Scan type : Complete Scan
Total Scan Time : 00:48:40
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 723
Memory threats detected : 0
Registry items scanned : 71987
Registry threats detected : 0
File items scanned : 80832
File threats detected : 29
Adware.Tracking Cookie
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\D8Y68F7G.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\9K9GA0SL.txt [ /zanox.com ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\BYSCBBI6.txt [ /accounts.google.com ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\00I7BY8C.txt [ /tracking.quisma.com ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\QEMFYW3D.txt [ /ads.creative-serving.com ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\Y139VXEL.txt [ /a.revenuemax.de ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\LUHS80FO.txt [ /ad.yieldmanager.com ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\WT7PD2T1.txt [ /ad.zanox.com ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\OC03I18N.txt [ /serving-sys.com ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\MYYLPS6P.txt [ /adfarm1.adition.com ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\WZ40ERST.txt [ /media6degrees.com ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\TC5FKEXI.txt [ /ad3.adfarm1.adition.com ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\XCKH28B5.txt [ Cookie:blubb@ad2.adfarm1.adition.com/ ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\0NU2XNDQ.txt [ Cookie:blubb@eas.apm.emediate.eu/ ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\N0GFU3RY.txt [ Cookie:blubb@zanox.com/ ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\JWF9TPBK.txt [ Cookie:blubb@ad.yieldmanager.com/ ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\JRCGUXM7.txt [ Cookie:blubb@ad.zanox.com/ ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\L7CLC6E8.txt [ Cookie:blubb@adfarm1.adition.com/ ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\COVWHO0I.txt [ Cookie:blubb@ad3.adfarm1.adition.com/ ]
C:\USERS\BLUBB\Cookies\D8Y68F7G.txt [ Cookie:blubb@ad2.adfarm1.adition.com/ ]
C:\USERS\BLUBB\Cookies\9K9GA0SL.txt [ Cookie:blubb@zanox.com/ ]
C:\USERS\BLUBB\Cookies\BYSCBBI6.txt [ Cookie:blubb@accounts.google.com/ ]
C:\USERS\BLUBB\Cookies\Y139VXEL.txt [ Cookie:blubb@a.revenuemax.de/ ]
C:\USERS\BLUBB\Cookies\LUHS80FO.txt [ Cookie:blubb@ad.yieldmanager.com/ ]
C:\USERS\BLUBB\Cookies\WT7PD2T1.txt [ Cookie:blubb@ad.zanox.com/ ]
C:\USERS\BLUBB\Cookies\OC03I18N.txt [ Cookie:blubb@serving-sys.com/ ]
C:\USERS\BLUBB\Cookies\MYYLPS6P.txt [ Cookie:blubb@adfarm1.adition.com/ ]
C:\USERS\BLUBB\Cookies\WZ40ERST.txt [ Cookie:blubb@media6degrees.com/ ]
C:\USERS\BLUBB\Cookies\TC5FKEXI.txt [ Cookie:blubb@ad3.adfarm1.adition.com/ ]
Naja, da wurde ja schon vorher nichts gefunden... :/ edit: Falscher Malware-Log, kommt gleich der Aktuelle, kanns nur grade nich starten wegen ESET ;D Geändert von interaktion (30.12.2011 um 22:31 Uhr) |
|
| Themen zu Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht |
| 64-bit, adobe, autorun, benutzerregistrierung, blockiert, bonjour, c:\windows\system32\rundll32.exe, canon, defender, diner dash, downloader, error, explorer, fehler, format, helper, home, install.exe, limited.com/facebook, logfile, microsoft office word, object, office 2007, origin, plug-in, problem, realtek, registry, scan, senden, server, services.exe, software, starten, symantec, trojan.generic., version=1.0, webcheck, weißes fenster, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
