| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Browser starten nicht mehr, google schickt mich auf falsche SeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
21.01.2012, 18:12
| #1 |
 |  Browser starten nicht mehr, google schickt mich auf falsche Seiten Hallo, habe zwei Probleme. Das größere von den beiden: Seit heute öffnet mein PC keinen Browser mehr. Ich nutze normalerweise Firefox (aktuelle Version). Ich habe auch den Internetexplorer probiert und Chrome noch installiert. Wenn ich die jeweilige exe starten möchte läd mein pc kurz und es öffnet sich garnichts (auch im Taskmanager ist nichts zu finden). Ich nutze Windows 7 mit einem 64 bit System. Andere Programme funktionieren scheinbar normal. Mein zweites Problem (was sich natürlich derzeit ohne Browser erübrigt  ) ist, dass ich bei ner google Suche immer auf falsche Seiten geschickt werde. Wenn ich dann mehrmals den "Zurück" Button drücke komme ich dann in der Regel auf die eigentlich ausgewählte Seite. Ich benutze die Comodo Firewall + Virenscanner. Ein Virenscan hat nichts ergeben. Ein Durchlauf mit Malewarebyte hat diesmal nichts gefunden. Ich hatte schonmal Viren/Maleware Probleme in der Vergangenheit, aber diese konnten die beiden Programme beseitigen. Hier die OTL logs: Code:
ATTFilter OTL logfile created on: 21.01.2012 17:45:25 - Run 6 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mark\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 55,80% Memory free 7,99 Gb Paging File | 6,12 Gb Available in Paging File | 76,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 9,17 Gb Free Space | 18,79% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 44,33 Gb Free Space | 30,26% Space Free | Partition Type: NTFS Drive E: | 166,02 Gb Total Space | 29,27 Gb Free Space | 17,63% Space Free | Partition Type: NTFS Drive F: | 104,43 Gb Total Space | 37,64 Gb Free Space | 36,05% Space Free | Partition Type: NTFS Drive H: | 3,91 Gb Total Space | 3,83 Gb Free Space | 98,00% Space Free | Partition Type: FAT32 Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mark\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - F:\poker\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) PRC - F:\poker\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (CLPSLS) -- C:\Programme\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (postgresql-8.4) -- F:\poker\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (XENfiltv) -- C:\Windows\SysNative\drivers\XENfiltv.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 8B 12 10 59 D1 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\InprocServer32 File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62141 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6 FF - prefs.js..extensions.enabledItems: handfire@thehandconverter.com:0.1.5 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 62141 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.23 14:45:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.01.09 16:04:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.07 19:02:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.15 20:54:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 15:12:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.01.15 20:54:48 | 000,000,000 | ---D | M] [2010.04.01 06:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions [2010.04.01 06:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.01.10 20:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\mfzfdpv8.default\extensions [2011.06.12 14:27:55 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\mfzfdpv8.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2012.01.05 01:39:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\mfzfdpv8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.07.04 14:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\mfzfdpv8.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2011.10.15 18:46:25 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\mfzfdpv8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011.04.25 20:54:40 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\mfzfdpv8.default\extensions\battlefieldplay4free@ea.com [2011.04.21 01:55:55 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\mfzfdpv8.default\extensions\bug489729@alice0775 [2010.04.07 19:16:34 | 000,000,000 | ---D | M] ("Handfire") -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\mfzfdpv8.default\extensions\handfire@thehandconverter.com [2010.12.04 15:24:04 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\mfzfdpv8.default\extensions\vshare@toolbar [2012.01.01 18:36:36 | 000,002,391 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\askcom.xml [2012.01.17 15:44:15 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-1.xml [2010.11.27 00:00:16 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-10.xml [2010.12.13 01:29:21 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-11.xml [2011.03.03 22:07:03 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-12.xml [2011.03.06 15:34:28 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-13.xml [2011.03.25 16:02:54 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-14.xml [2011.04.07 01:45:18 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-15.xml [2011.06.21 21:15:09 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-16.xml [2011.08.17 19:01:20 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-17.xml [2011.09.01 11:55:32 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-18.xml [2011.09.07 17:37:18 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-19.xml [2010.06.24 18:05:13 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-2.xml [2011.09.11 18:32:34 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-20.xml [2011.10.01 14:39:17 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-21.xml [2011.10.06 15:14:07 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-22.xml [2011.11.08 19:39:13 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-23.xml [2012.01.01 18:39:32 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-24.xml [2012.01.07 19:02:16 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-25.xml [2012.01.11 01:30:15 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-26.xml [2010.07.21 15:11:32 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-3.xml [2010.07.24 15:16:13 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-4.xml [2010.09.08 22:12:23 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-5.xml [2010.09.17 10:51:16 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-6.xml [2010.10.20 14:19:19 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-7.xml [2010.10.28 19:20:11 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-8.xml [2010.10.30 11:11:41 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin-9.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\icqplugin.xml [2011.06.13 12:32:41 | 000,002,062 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\qip-search.xml [2011.10.15 18:46:15 | 000,003,915 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\searchplugins\sweetim.xml [2012.01.11 01:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.09 16:04:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT () (No name found) -- C:\USERS\MARK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFZFDPV8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\MARK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFZFDPV8.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI () (No name found) -- C:\USERS\MARK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFZFDPV8.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI [2012.01.07 19:02:04 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.10.01 14:38:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.01 14:38:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.01 14:38:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.02.28 20:00:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2011.10.01 14:38:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.01 14:38:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.01 14:38:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: RayV Plugin (Enabled) = C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: No name found = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [COMODO] C:\Programme\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO) O4 - HKLM..\Run: [CPA] C:\Programme\COMODO\COMODO GeekBuddy\VALA.exe (COMODO) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Steam] F:\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - e:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - f:\poker\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - f:\poker\PartyGaming\PartyPoker\RunApp.exe () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A25F6BA-D8E7-4EA0-9407-9F8E5E0EA8CA}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A25F6BA-D8E7-4EA0-9407-9F8E5E0EA8CA}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFBC0C73-8713-4369-8AD9-1C5E85151453}: NameServer = 8.26.56.26,156.154.70.22 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {39574CB9-3CEB-BEED-8769-A82FA24D98F8} - Java (Sun) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) MsConfig:64bit - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) MsConfig:64bit - StartUpReg: QIP Internet Guardian - hkey= - key= - C:\Users\Mark\AppData\Roaming\QipGuard\QipGuard.exe () MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RayV - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.21 17:04:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe [2012.01.21 17:04:22 | 015,134,848 | ---- | C] (Mozilla) -- C:\Users\Mark\Desktop\Firefox_Setup_9.0.1.exe [2012.01.21 16:43:23 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mark\Desktop\HiJackThis.exe [2012.01.21 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.01.15 20:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.01.15 20:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.01.14 12:43:17 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.01.14 12:43:16 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012.01.14 12:43:16 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012.01.14 12:43:16 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012.01.14 12:43:16 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012.01.14 12:43:16 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012.01.12 21:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs [2012.01.11 20:56:17 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012.01.11 20:56:16 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012.01.11 20:56:16 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.01.11 20:56:15 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.01.11 20:56:14 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.01.11 20:56:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.01.11 20:56:12 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012.01.11 20:56:11 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012.01.11 20:56:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012.01.11 16:54:16 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.01.11 16:54:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.01.11 16:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.01.11 16:42:21 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.01.11 16:42:21 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.01.11 16:42:21 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.01.11 16:42:21 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.01.11 12:34:47 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.01.11 01:42:50 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\Sonstiges [2012.01.11 01:31:36 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.01.09 16:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012.01.09 16:04:06 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012.01.09 16:03:52 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012.01.09 16:03:52 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012.01.09 16:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real [2012.01.09 16:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2012.01.09 16:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2012.01.09 16:03:05 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Real [2011.12.25 19:24:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Skyrim [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.21 17:44:44 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012.01.21 16:46:20 | 001,644,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.21 16:46:20 | 000,708,168 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.21 16:46:20 | 000,661,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.21 16:46:20 | 000,153,622 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.21 16:46:20 | 000,125,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.21 14:37:35 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.21 14:37:35 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.21 14:35:55 | 000,002,358 | ---- | M] () -- C:\Users\Mark\Desktop\Google Chrome.lnk [2012.01.21 12:17:01 | 000,001,138 | ---- | M] () -- C:\Users\Mark\Desktop\Mozilla Firefox.lnk [2012.01.21 12:14:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.21 12:14:37 | 3217,178,624 | -HS- | M] () -- C:\hiberfil.sys [2012.01.21 04:39:20 | 000,050,477 | ---- | M] () -- C:\Users\Mark\Desktop\Defogger.exe [2012.01.21 04:38:40 | 015,134,848 | ---- | M] (Mozilla) -- C:\Users\Mark\Desktop\Firefox_Setup_9.0.1.exe [2012.01.21 04:33:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe [2012.01.21 04:04:54 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mark\Desktop\HiJackThis.exe [2012.01.18 19:31:32 | 000,077,282 | ---- | M] () -- C:\Users\Mark\Desktop\12_Vorbereitung_Klausur_EinführWipäd_WS11_12.pdf [2012.01.15 20:54:49 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.01.11 19:19:46 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.01.11 18:15:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.11 16:42:04 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.01.11 16:42:04 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.01.11 16:42:04 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.01.11 16:42:04 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.01.11 16:42:04 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.01.09 16:04:35 | 000,001,358 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.01.09 16:04:06 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012.01.09 16:03:52 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012.01.09 16:03:52 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012.01.08 18:48:08 | 001,622,308 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.02 21:36:58 | 002,014,308 | ---- | M] () -- C:\Users\Mark\Desktop\0_EinführungWipäd_WS11_12.pdf [2011.12.28 23:50:05 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Mark.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.21 17:04:16 | 000,050,477 | ---- | C] () -- C:\Users\Mark\Desktop\Defogger.exe [2012.01.21 14:33:29 | 000,002,358 | ---- | C] () -- C:\Users\Mark\Desktop\Google Chrome.lnk [2012.01.21 12:17:01 | 000,001,138 | ---- | C] () -- C:\Users\Mark\Desktop\Mozilla Firefox.lnk [2012.01.18 19:31:31 | 000,077,282 | ---- | C] () -- C:\Users\Mark\Desktop\12_Vorbereitung_Klausur_EinführWipäd_WS11_12.pdf [2012.01.15 20:54:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.01.15 20:54:49 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.01.11 18:15:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.09 16:04:35 | 000,001,358 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.01.02 21:36:56 | 002,014,308 | ---- | C] () -- C:\Users\Mark\Desktop\0_EinführungWipäd_WS11_12.pdf [2011.11.04 01:06:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.11.04 01:06:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.08.10 01:55:50 | 000,001,801 | ---- | C] () -- C:\Windows\XENcfg.ini [2011.08.10 01:55:48 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.08.10 01:55:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.08.04 12:52:26 | 000,000,000 | ---- | C] () -- C:\Users\Mark\AppData\Local\{CF698085-65E6-4531-95B8-E936CDB73A9A} [2011.06.13 01:04:32 | 000,000,092 | ---- | C] () -- C:\Users\Mark\AppData\Local\fusioncache.dat [2011.05.25 00:09:57 | 001,622,308 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2010.11.15 00:36:43 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.11.15 00:36:42 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.08.03 14:28:00 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.04.09 19:26:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.02 12:34:05 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2010.04.01 07:11:21 | 000,005,104 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda [2009.08.19 06:15:08 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.03.24 20:28:38 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\.minecraft [2011.03.21 03:56:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\.minecraft server [2011.11.05 14:10:59 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\29FB9 [2011.11.08 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\34B99 [2011.11.07 01:19:59 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\9976C [2011.05.05 16:09:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Canneverbe Limited [2011.01.08 04:11:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\EBookSys [2011.06.17 15:59:35 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\HLSW [2012.01.21 17:44:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\ICQ [2011.07.20 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Intermedia Software [2011.07.24 13:19:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Leadertech [2011.05.23 00:30:55 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LolClient [2010.07.27 10:24:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OpenOffice.org [2011.06.12 14:28:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\QIP [2011.06.12 14:28:07 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\QipGuard [2012.01.11 01:36:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\RayV [2010.04.01 07:05:25 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Thunderbird [2011.12.08 18:59:01 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TS3Client [2011.07.20 00:54:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\ts3overlay [2011.07.04 17:55:26 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Unity [2011.11.04 13:49:03 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\At1.job [2011.12.04 15:31:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.04.01 05:45:05 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.06.27 13:46:25 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.04.01 05:44:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.01.11 12:34:47 | 000,000,000 | -HSD | M] -- C:\found.000 [2010.08.24 01:06:09 | 000,000,000 | ---D | M] -- C:\Intel [2012.01.11 01:31:56 | 000,000,000 | ---D | M] -- C:\Nexon [2010.04.01 06:11:28 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.08 17:04:08 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.15 20:53:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.01.12 21:50:42 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.04.01 05:44:41 | 000,000,000 | -HSD | M] -- C:\Programme [2010.04.01 05:44:41 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.01.21 17:46:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.20 16:08:17 | 000,000,000 | ---D | M] -- C:\Temp [2011.05.24 23:05:02 | 000,000,000 | R--D | M] -- C:\Users [2011.11.06 02:55:55 | 000,000,000 | -H-D | M] -- C:\VritualRoot [2012.01.11 19:23:48 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.01.2012 17:45:25 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mark\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 55,80% Memory free
7,99 Gb Paging File | 6,12 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 9,17 Gb Free Space | 18,79% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 44,33 Gb Free Space | 30,26% Space Free | Partition Type: NTFS
Drive E: | 166,02 Gb Total Space | 29,27 Gb Free Space | 17,63% Space Free | Partition Type: NTFS
Drive F: | 104,43 Gb Total Space | 37,64 Gb Free Space | 36,05% Space Free | Partition Type: NTFS
Drive H: | 3,91 Gb Total Space | 3,83 Gb Free Space | 98,00% Space Free | Partition Type: FAT32
Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0ADF1B89-17EA-489C-86DF-6E33DA8520A6}_is1" = flatster
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DF3688-6EF3-4C86-83DE-54AB46029F07}" = Hellgate
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8624888C-A959-45A5-98F4-292E956325EA}" = LECTURNITY Player
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93CFCA51-4484-4211-89EB-39ED3CBDBEB1}" = Sound Blaster Tactic(3D) Sigma
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"1180-6883-2514-0226-trickyplay-PROD" = Trickyplay
"COMODO GeekBuddy" = COMODO GeekBuddy
"Crazy Machines Gold Edition" = Crazy Machines Gold Edition 1.0
"Diablo II" = Diablo II
"DivX Setup" = DivX-Setup
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"HLSW_is1" = HLSW v1.3.3.8c
"hon" = Heroes of Newerth
"InstallShield_{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"NSS" = Norton Security Scan
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"r3dn3cK´s Settings Deluxe" = r3dn3cK´s Settings Deluxe v1.1
"RealPlayer 15.0" = RealPlayer
"SopCast" = SopCast 3.2.9
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP Infium" = QIP Infium 3.0.9044
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
22.01.2012, 03:04
| #2 |
| /// Selecta Jahrusso   | Browser starten nicht mehr, google schickt mich auf falsche Seiten Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Bitte poste in deiner nächsten Antwort gmer.txt
__________________ |
|
22.01.2012, 20:58
| #3 |
| | Browser starten nicht mehr, google schickt mich auf falsche Seiten Vielen Dank schonmal.
__________________Seit heute geht scheinbar Firefox wieder. Ich weiß aber nicht warum. Habe nichts verändert. Was ich noch vergessen hatte. Es ploppt im Hintergrund ständig ein kleines Fenster auf: "Meldung von Website Stack overflow at line: xx (beliebige Zahl)" Hier der Log. Ich hoffe ich habe alles richtig gemacht: (als ich das Programm gestartet habe war zB. garkein Hacken bei IAT/EAT) Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-01-22 13:35:31 Windows 6.1.7601 Service Pack 1 Running: hzciyme6.exe ---- Services - GMER 1.0.15 ---- Service .NET CLR Data Service .NET CLR Networking Service .NET CLR Networking 4.0.0.0 Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NET Memory Cache 4.0 Service .NETFramework Service system32\drivers\1394ohci.sys (1394 OpenHCI Driver/Microsoft Corporation) [MANUAL] 1394ohci Service system32\drivers\ACPI.sys (ACPI-Treiber für NT/Microsoft Corporation) [BOOT] ACPI Service system32\drivers\acpipmi.sys (ACPI Power Metering Driver/Microsoft Corporation) [MANUAL] AcpiPmi Service C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated) [AUTO] AdobeARMservice Service system32\DRIVERS\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [MANUAL] adp94xx Service system32\DRIVERS\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [MANUAL] adpahci Service system32\DRIVERS\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.) [MANUAL] adpu320 Service adsi Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] AeLookupSvc Service system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD Service system32\drivers\agp440.sys (440 NT AGP-Filter/Microsoft Corporation) [MANUAL] agp440 Service C:\Windows\System32\alg.exe (Gatewaydienst auf Anwendungsebene/Microsoft Corporation) [MANUAL] ALG Service system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [MANUAL] aliide Service system32\drivers\amdide.sys (AMD-IDE-Treiber/Microsoft Corporation) [MANUAL] amdide Service system32\DRIVERS\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8 Service system32\DRIVERS\amdppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdPPM Service system32\drivers\amdsata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices) [MANUAL] amdsata Service system32\DRIVERS\amdsbs.sys (AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform/AMD Technologies Inc.) [MANUAL] amdsbs Service system32\drivers\amdxata.sys (Storage Filter Driver/Advanced Micro Devices) [BOOT] amdxata Service system32\drivers\appid.sys (AppID Driver/Microsoft Corporation) [MANUAL] AppID Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] AppIDSvc Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] Appinfo Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] AppMgmt Service system32\DRIVERS\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [MANUAL] arc Service system32\DRIVERS\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [MANUAL] arcsas Service ASP.NET Service ASP.NET_1.1.4322 Service ASP.NET_4.0.30319 Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state Service system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac Service system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi Service system32\DRIVERS\atksgt.sys [AUTO] atksgt Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] AudioEndpointBuilder Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] AudioSrv Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] AxInstSV Service system32\DRIVERS\bxvbda.sys (Broadcom NetXtreme II GigE VBD/Broadcom Corporation) [MANUAL] b06bdrv Service system32\DRIVERS\b57nd60a.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver./Broadcom Corporation) [MANUAL] b57nd60a Service (Battery Class Driver/Microsoft Corporation) BattC Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] BDESVC Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] BFE Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] BITS Service system32\DRIVERS\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [SYSTEM] blbdrive Service system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser Service system32\DRIVERS\BrFiltLo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo Service system32\DRIVERS\BrFiltUp.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] Browser Service System32\Drivers\Brserid.sys (Brother Schnittstellentreiber (WDM) (seriell)/Brother Industries Ltd.) [MANUAL] Brserid Service System32\Drivers\BrSerWdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm Service System32\Drivers\BrUsbMdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm Service System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer Service system32\DRIVERS\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM Service BTHPORT Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] bthserv Service system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs Service system32\drivers\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] CertPropSvc Service system32\DRIVERS\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [MANUAL] circlass Service System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS Service C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO livePCsupport Service/COMODO) [AUTO] CLPSLS Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_32 Service C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_64 Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_32 Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_64 Service system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt Service C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) [AUTO] cmdAgent Service System32\DRIVERS\cmderd.sys (COMODO Internet Security Eradication Driver/COMODO) [SYSTEM] cmderd Service System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) [SYSTEM] cmdGuard Service System32\DRIVERS\cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) [SYSTEM] cmdHlp Service system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [MANUAL] cmdide Service System32\Drivers\cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation) [BOOT] CNG Service system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt Service system32\drivers\CompositeBus.sys (Multi-Transport Composite Bus Enumerator/Microsoft Corporation) [MANUAL] CompositeBus Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp Service system32\DRIVERS\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [DISABLED] crcdisk Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (System Level Service Utility/Creative Labs) [MANUAL] Creative ALchemy AL6 Licensing Service Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (System Level Service Utility/Creative Labs) [MANUAL] Creative Audio Engine Licensing Service Service crypt32 Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] CryptSvc Service system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation) [SYSTEM] CSC Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] CscService Service C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd) [AUTO] CTAudSvcService Service DCLocator Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] DcomLaunch Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] defragsvc Service System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Dhcp Service System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation) [SYSTEM] discache Service system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Dnscache Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] dot3svc Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] DPS Service system32\drivers\drmkaud.sys (Microsoft Trusted Audio Drivers/Microsoft Corporation) [MANUAL] drmkaud Service System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl Service C:\Windows\system32\drivers\EagleX64.sys [MANUAL] EagleX64 Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] EapHost Service system32\DRIVERS\evbda.sys (Broadcom NetXtreme II 10 GigE VBD/Broadcom Corporation) [MANUAL] ebdrv Service C:\Windows\System32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] EFS Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center-Empfängerdienst/Microsoft Corporation) [MANUAL] ehRecvr Service C:\Windows\ehome\ehsched.exe (Windows Media Center-Planerdienst/Microsoft Corporation) [MANUAL] ehSched Service system32\DRIVERS\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [MANUAL] elxstor Service system32\drivers\errdev.sys (Error Device Driver/Microsoft Corporation) [MANUAL] ErrDev Service ESENT Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] eventlog Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] EventSystem Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat Service C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [MANUAL] Fax Service system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] fdPHost Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] FDResPub Service system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo Service system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace Service system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk Service system32\drivers\fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) [BOOT] FltMgr Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] FontCache Service C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0 Service System32\drivers\FsDepends.sys (File System Dependency Manager Mini Filter Driver/Microsoft Corporation) [MANUAL] FsDepends Service (File System Recognizer Driver/Microsoft Corporation) [BOOT] Fs_Rec Service System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) [BOOT] fvevol Service system32\DRIVERS\gagp30kx.sys (MS Generischer AGPv3.0 Filter für K8/9-Prozessorplattformen/Microsoft Corporation) [MANUAL] gagp30kx Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] gpsvc Service system32\DRIVERS\hamachi.sys (Hamachi Virtual Network Interface Driver/LogMeIn, Inc.) [MANUAL] hamachi Service C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Hamachi Client Tunneling Engine/LogMeIn Inc.) [AUTO] Hamachi2Svc Service system32\drivers\hcw85cir.sys (Hauppauge WinTV 885 Consumer IR Driver for eHome/Hauppauge Computer Works, Inc.) [MANUAL] hcw85cir Service system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService Service system32\drivers\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus Service system32\DRIVERS\HidBatt.sys (Hid Battery Driver/Microsoft Corporation) [MANUAL] HidBatt Service system32\DRIVERS\hidbth.sys (Bluetooth-Miniporttreiber für HID-Geräte/Microsoft Corporation) [MANUAL] HidBth Service system32\DRIVERS\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidIr Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] hidserv Service system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] hkmsvc Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] HomeGroupListener Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] HomeGroupProvider Service system32\drivers\HpSAMD.sys (Smart Array SAS/SATA Controller Media Driver/Hewlett-Packard Company) [MANUAL] HpSAMD Service system32\drivers\HTTP.sys (HTTP-Protokollstapel/Microsoft Corporation) [MANUAL] HTTP Service System32\drivers\hwpolicy.sys (Hardware Policy Driver/Microsoft Corporation) [BOOT] hwpolicy Service system32\drivers\i8042prt.sys (i8042-Anschlusstreiber/Microsoft Corporation) [MANUAL] i8042prt Service C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (RAID Monitor/Intel Corporation) [AUTO] IAANTMON Service system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [BOOT] iaStor Service system32\drivers\iaStorV.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [MANUAL] iaStorV Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc Service system32\DRIVERS\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [MANUAL] iirsp Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] IKEEXT Service inetaccs Service system32\DRIVERS\inspect.sys (COMODO Internet Security Firewall Driver/COMODO) [SYSTEM] inspect Service system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [MANUAL] intelide Service system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] IPBusEnum Service system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] iphlpsvc Service system32\drivers\IPMIDrv.sys (WMI IPMI-TREIBER/Microsoft Corporation) [MANUAL] IPMIDRV Service System32\drivers\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT Service system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM Service system32\drivers\isapnp.sys (PNP-ISA-Bustreiber/Microsoft Corporation) [MANUAL] isapnp Service system32\drivers\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt Service system32\DRIVERS\kbdclass.sys (Tastaturklassentreiber/Microsoft Corporation) [MANUAL] kbdclass Service system32\DRIVERS\kbdhid.sys (HID-Tastaturfiltertreiber/Microsoft Corporation) [MANUAL] kbdhid Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso Service System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD Service System32\Drivers\ksecpkg.sys (Kernel Security Support Provider Interface Packages/Microsoft Corporation) [BOOT] KSecPkg Service system32\drivers\ksthunk.sys (Kernel Streaming WOW Thunk Service/Microsoft Corporation) [MANUAL] ksthunk Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] KtmRm Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] LanmanServer Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] LanmanWorkstation Service ldap Service system32\DRIVERS\lirsgt.sys [AUTO] lirsgt Service system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] lltdsvc Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] lmhosts Service Lsa Service system32\DRIVERS\lsi_fc.sys (LSI Fusion-MPT FC Driver (StorPort)/LSI Corporation) [MANUAL] LSI_FC Service system32\DRIVERS\lsi_sas.sys (LSI Fusion-MPT SAS Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS Service system32\DRIVERS\lsi_sas2.sys (LSI SAS Gen2 Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS2 Service system32\DRIVERS\lsi_scsi.sys (LSI Fusion-MPT SCSI Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SCSI Service system32\drivers\luafv.sys (LUA-Filtertreiber zur Dateivirtualisierung/Microsoft Corporation) [AUTO] luafv Service C:\Windows\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMProtector Service C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe ( Malwarebytes Anti-Malware /Malwarebytes Corporation) [AUTO] MBAMService Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [DISABLED] Mcx2Svc Service system32\DRIVERS\megasas.sys (MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64/LSI Corporation) [MANUAL] megasas Service system32\DRIVERS\MegaSR.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [MANUAL] MegaSR Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] MMCSS Service system32\drivers\modem.sys (Modemgerätetreiber/Microsoft Corporation) [MANUAL] Modem Service system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor Service system32\drivers\mouclass.sys (Mausklassentreiber/Microsoft Corporation) [MANUAL] mouclass Service system32\DRIVERS\mouhid.sys (HID-Mausfiltertreiber/Microsoft Corporation) [MANUAL] mouhid Service System32\drivers\mountmgr.sys (Bereitstellungspunkt-Manager/Microsoft Corporation) [BOOT] mountmgr Service system32\drivers\mpio.sys (Multipfad-Supportbustreiber/Microsoft Corporation) [MANUAL] mpio Service System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] MpsSvc Service system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV Service system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb Service system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10 Service system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20 Service system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [BOOT] msahci Service system32\drivers\msdsm.sys (Gerätespezifisches Modul von Microsoft/Microsoft Corporation) [MANUAL] msdsm Service C:\Windows\System32\msdtc.exe (Microsoft Distributed Transaction Coordinator-Dienst/Microsoft Corporation) [MANUAL] MSDTC Service MSDTC Bridge 3.0.0.0 Service MSDTC Bridge 4.0.0.0 Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs Service System32\drivers\mshidkmdf.sys (Pass-through HID to KMDF Filter Driver/Microsoft Corporation) [MANUAL] mshidkmdf Service system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] MSiSCSI Service C:\Windows\system32\msiexec.exe (Windows® Installer/Microsoft Corporation) [MANUAL] msiserver Service system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV Service system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK Service system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC Service MSSCNTRS Service system32\drivers\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [SYSTEM] mssmbios Service system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE Service system32\DRIVERS\MTConfig.sys (HID-Treiber für Mehrfingereingabe von Microsoft/Microsoft Corporation) [MANUAL] MTConfig Service System32\Drivers\mup.sys (Multiple UNC Provider Driver/Microsoft Corporation) [BOOT] Mup Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] napagent Service system32\DRIVERS\nwifi.sys (Systemeigener WiFi-Miniporttreiber/Microsoft Corporation) [MANUAL] NativeWifiP Service system32\drivers\ndis.sys (NDIS 6.20-Treiber/Microsoft Corporation) [BOOT] NDIS Service system32\DRIVERS\ndiscap.sys (NDIS Packet Capture Filter Driver/Microsoft Corporation) [MANUAL] NdisCap Service system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi Service system32\DRIVERS\ndisuio.sys (E/A-Treiber für NDIS-Benutzermodus/Microsoft Corporation) [MANUAL] Ndisuio Service system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy Service system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS Service System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] Netman Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetMsmqActivator Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetPipeActivator Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] netprofm Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpActivator Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing Service system32\DRIVERS\netw5v64.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) [MANUAL] netw5v64 Service system32\DRIVERS\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [MANUAL] nfrd960 Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] NlaSvc Service NMSAccess Service NMSAccessU Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] nsi Service system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy Service NTDS Service (NT-Dateisystemtreiber/Microsoft Corporation) [MANUAL] Ntfs Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null Service system32\DRIVERS\nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 275.33 /NVIDIA Corporation) [MANUAL] nvlddmkm Service system32\drivers\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation) [MANUAL] nvraid Service system32\drivers\nvstor.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [MANUAL] nvstor Service C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 275.33/NVIDIA Corporation) [AUTO] nvsvc Service C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation) [AUTO] nvUpdatusService Service system32\drivers\nv_agp.sys (NForce NT AGP-Filter/Microsoft Corporation) [MANUAL] nv_agp Service system32\drivers\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394 Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] p2pimsvc Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] p2psvc Service system32\DRIVERS\parport.sys (Treiber für parallelen Anschluss/Microsoft Corporation) [MANUAL] Parport Service System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] PcaSvc Service system32\drivers\pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation) [BOOT] pci Service system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [MANUAL] pciide Service system32\DRIVERS\pcmcia.sys (PCMCIA-Treiber/Microsoft Corporation) [MANUAL] pcmcia Service System32\drivers\pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation) [BOOT] pcw Service system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] PeerDistSvc Service PerfDisk Service C:\Windows\SysWow64\perfhost.exe (x86-Leistungsindikatorhost/Microsoft Corporation) [MANUAL] PerfHost Service PerfNet Service PerfOS Service PerfProc Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] pla Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] PlugPlay Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] PNRPAutoReg Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] PNRPsvc Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] PolicyAgent Service PortProxy Service F:\poker\PostgreSQL\8.4\bin\pg_ctl.exe (pg_ctl - starts/stops/restarts the PostgreSQL server/PostgreSQL Global Development Group) [AUTO] postgresql-8.4 Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Power Service system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport Service system32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] Processor Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] ProfSvc Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage Service system32\DRIVERS\pacer.sys (QoS-Paketplaner/Microsoft Corporation) [SYSTEM] Psched Service system32\DRIVERS\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [MANUAL] ql2300 Service system32\DRIVERS\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [MANUAL] ql40xx Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] QWAVE Service system32\drivers\qwavedrv.sys (Supporttreiber für verbessertes Microsoft-Audio/Video-Streaming (qWave)/Microsoft Corporation) [MANUAL] QWAVEdrv Service System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [MANUAL] RasAcd Service system32\DRIVERS\AgileVpn.sys (RAS Agile Vpn Miniport Call Manager/Microsoft Corporation) [MANUAL] RasAgileVpn Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] RasAuto Service system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] RasMan Service system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe Service system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp Service system32\DRIVERS\rdbss.sys (Subsystemtreiber für Pufferung des umgeleiteten Laufwerks/Microsoft Corporation) [SYSTEM] rdbss Service system32\DRIVERS\rdpbus.sys (Microsoft RDP Bus Device driver/Microsoft Corporation) [MANUAL] rdpbus Service System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD Service RDPDD Service System32\drivers\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] RDPDR Service system32\drivers\rdpencdd.sys (RDP Encoder Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD Service RDPNP Service system32\drivers\rdprefmp.sys (RDP Reflector Driver Miniport/Microsoft Corporation) [SYSTEM] RDPREFMP Service (RDP-Terminalstapeltreiber/Microsoft Corporation) [MANUAL] RDPWD Service System32\drivers\rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) [BOOT] rdyboost Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [DISABLED] RemoteAccess Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] RemoteRegistry Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] RpcEptMapper Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] RpcSs Service system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr Service system32\DRIVERS\Rt64win7.sys (Realtek 8101E/8168/8169 NDIS 6.20 64-bit Driver /Realtek Corporation ) [MANUAL] RTL8167 Service system32\drivers\vms3cap.sys (Microsoft S3 Emulated Device Cap Driver/Microsoft Corporation) [MANUAL] s3cap Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs Service system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [MANUAL] sbp2port Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SCardSvr Service System32\DRIVERS\scfilter.sys (Filtertreiber für Smartcard-Leser von Microsoft/Microsoft Corporation) [MANUAL] scfilter Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Schedule Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SCPolicySvc Service system32\drivers\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) [MANUAL] sdbus Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SDRSVC Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] seclogon Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] SENS Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SensrSvc Service system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum Service system32\DRIVERS\serial.sys (Serieller Gerätetreiber/Microsoft Corporation) [MANUAL] Serial Service system32\DRIVERS\sermouse.sys (Serieller Mausfiltertreiber/Microsoft Corporation) [MANUAL] sermouse Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SessionEnv Service system32\DRIVERS\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk Service system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc Service system32\DRIVERS\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd Service system32\DRIVERS\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [MANUAL] sfloppy Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [DISABLED] SharedAccess Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] ShellHWDetection Service system32\DRIVERS\SiSRaid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [MANUAL] SiSRaid2 Service system32\DRIVERS\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [MANUAL] SiSRaid4 Service system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [MANUAL] Smb Service system32\DRIVERS\SmSerl64.sys (Motorola SM56 Modem WDM Driver/Motorola Inc.) [MANUAL] smserial Service SMSvcHost 3.0.0.0 Service SMSvcHost 4.0.0.0 Service C:\Windows\System32\snmptrap.exe (SNMP-Trap/Microsoft Corporation) [MANUAL] SNMPTRAP Service (loader for security processor/Microsoft Corporation) [BOOT] spldr Service C:\Windows\System32\spoolsv.exe (Spoolersubsystem-Anwendung/Microsoft Corporation) [AUTO] Spooler Service C:\Windows\system32\sppsvc.exe (Softwareschutzplattform-Dienst von Microsoft/Microsoft Corporation) [AUTO] sppsvc Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] sppuinotify Service System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv Service System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2 Service System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SSDPSRV Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] SstpSvc Service C:\Program [MANUAL] Steam Client Service Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Stereo Vision Control Panel API Server/NVIDIA Corporation) [AUTO] Stereo Service Service system32\DRIVERS\stexstor.sys (Promise SuperTrak EX Series Driver for Windows /Promise Technology) [MANUAL] stexstor Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] stisvc Service system32\drivers\vmstorfl.sys (Virtual Storage Filter Driver/Microsoft Corporation) [BOOT] storflt Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] StorSvc Service system32\drivers\storvsc.sys (Storage VSC Driver/Microsoft Corporation) [MANUAL] storvsc Service system32\drivers\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] swprv Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] SysMain Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] TabletInputService Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] TapiSrv Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] TBS Service System32\drivers\tcpip.sys (TCP/IP-Treiber/Microsoft Corporation) [BOOT] Tcpip Service system32\DRIVERS\tcpip.sys (TCP/IP-Treiber/Microsoft Corporation) [MANUAL] TCPIP6 Service TCPIP6TUNNEL Service System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg Service TCPIPTUNNEL Service system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE Service system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP Service system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx Service system32\drivers\termdd.sys (Remote Desktop Server Driver/Microsoft Corporation) [SYSTEM] TermDD Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] TermService Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Themes Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] THREADORDER Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] TrkWks Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller Service TSDDD Service System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv Service system32\drivers\tsusbflt.sys (USB-Hub-Filtertreiber für Remotedesktop/Microsoft Corporation) [MANUAL] TsUsbFlt Service system32\DRIVERS\tunnel.sys (Microsoft-Tunnelschnittstellentreiber/Microsoft Corporation) [MANUAL] tunnel Service system32\DRIVERS\uagp35.sys (MS AGPv3.5-Filter/Microsoft Corporation) [MANUAL] uagp35 Service system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs Service UGatherer Service UGTHRSVC Service C:\Windows\system32\UI0Detect.exe (Erkennung interaktiver Dienste/Microsoft Corporation) [MANUAL] UI0Detect Service system32\drivers\uliagpkx.sys (ULi AGPv3.0-Filter für K8/9-Prozessorplattformen/Microsoft Corporation) [MANUAL] uliagpkx Service system32\drivers\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus Service system32\DRIVERS\umpass.sys (Generic pass-through driver/Microsoft Corporation) [MANUAL] UmPass Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] UmRdpService Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] upnphost Service system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio Service system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp Service system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [MANUAL] usbcir Service system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci Service system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub Service system32\drivers\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci Service system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint Service system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR Service system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci Service System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) [MANUAL] usbvideo Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] UxSms Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] VaultSvc Service system32\drivers\vdrvroot.sys (Stammenumerator für virtuelles Laufwerk/Microsoft Corporation) [BOOT] vdrvroot Service C:\Windows\System32\vds.exe (Virtueller Datenträgerdienst/Microsoft Corporation) [MANUAL] vds Service system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga Service System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave Service system32\drivers\vhdmp.sys (VHD Miniport Driver/Microsoft Corporation) [MANUAL] vhdmp Service system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [MANUAL] viaide Service system32\drivers\vmbus.sys (Virtual Machine Bus/Microsoft Corporation) [BOOT] vmbus Service system32\drivers\VMBusHID.sys (Microsoft VMBus HID Miniport/Microsoft Corporation) [MANUAL] VMBusHID Service system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr Service System32\drivers\volmgrx.sys (Treiber für Erweiterung des Volume-Managers/Microsoft Corporation) [BOOT] volmgrx Service system32\drivers\volsnap.sys (Volumeschattenkopie-Treiber/Microsoft Corporation) [BOOT] volsnap Service system32\DRIVERS\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [MANUAL] vsmraid Service C:\Windows\system32\vssvc.exe (Microsoft® Volumeschattenkopie-Dienst/Microsoft Corporation) [MANUAL] VSS Service System32\drivers\vwifibus.sys (Virtueller WiFi-Bustreiber/Microsoft Corporation) [MANUAL] vwifibus Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] W32Time Service W3SVC |
|
22.01.2012, 20:59
| #4 |
| | Browser starten nicht mehr, google schickt mich auf falsche Seiten Musste die Log Datei trennen, da sie zu viele Zeichen hatte. Hier der zweite Teil: Code:
ATTFilter Service system32\DRIVERS\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [MANUAL] WacomPen
Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] WANARP
Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6
Service C:\Windows\system32\wbengine.exe (EXE-Datei für Microsoft®-Blockebenen-Sicherungsmodul/Microsoft Corporation) [MANUAL] wbengine
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WbioSrvc
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] wcncsvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WcsPlugInService
Service system32\DRIVERS\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [MANUAL] Wd
Service system32\drivers\Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) [BOOT] Wdf01000
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WdiServiceHost
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WdiSystemHost
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WebClient
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] Wecsvc
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] wercplsupport
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WerSvc
Service system32\DRIVERS\wfplwf.sys (WFP NDIS 6.20 Lightweight Filter Driver/Microsoft Corporation) [SYSTEM] WfpLwf
Service C:\Windows\system32\drivers\wimmount.sys (Wim file system Driver/Microsoft Corporation) [MANUAL] WIMMount
Service Windows Workflow Foundation 3.0.0.0
Service Windows Workflow Foundation 4.0.0.0
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Winmgmt
Service C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service system32\DRIVERS\WinUSB.sys (Windows USB Class Driver BETA/Microsoft Corporation) [MANUAL] WinUsb
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] Wlansvc
Service system32\drivers\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [MANUAL] WmiAcpi
Service WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe (Adapter für den WMI-Leistungsreverseadapter/Microsoft Corporation) [MANUAL] wmiApSrv
Service C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [MANUAL] WMPNetworkSvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WPCSvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WPDBusEnum
Service system32\drivers\ws2ifsl.sys (Winsock2-IFS-Schicht/Microsoft Corporation) [DISABLED] ws2ifsl
Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search-Indexerstellung/Microsoft Corporation) [AUTO] WSearch
Service WSearchIdxPi
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] wuauserv
Service system32\drivers\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [AUTO] wudfsvc
Service C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation) [MANUAL] WwanSvc
Service system32\drivers\XENfiltv.sys (Creative Audio Driver/Creative Technology Ltd.) [MANUAL] XENfiltv
Service xmlprov
Service system32\DRIVERS\xusb21.sys (Windows Common Controller/Microsoft Corporation) [MANUAL] xusb21
Service {1A25F6BA-D8E7-4EA0-9407-9F8E5E0EA8CA}
Service {2A625DC4-80F9-457A-AAA9-02A747873EAB}
Service {BFBC0C73-8713-4369-8AD9-1C5E85151453}
---- Files - GMER 1.0.15 ----
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\01001D25-FFC3-4C66-8287-1AC5D7394D2E.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\01001D25-FFC3-4C66-8287-1AC5D7394D2E.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\09E2D78B-B6A4-4EBC-A22C-A7068969E3C9.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\09E2D78B-B6A4-4EBC-A22C-A7068969E3C9.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0BDFF1D0-E2AA-4CE4-A96E-B6F89FB83A5C.data 5859 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0BDFF1D0-E2AA-4CE4-A96E-B6F89FB83A5C.data.info 214 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0C850A1C-0BFF-41D5-A6E1-A2F594121E18.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0C850A1C-0BFF-41D5-A6E1-A2F594121E18.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0E625004-5EF3-4EB5-9F69-D5A808107137.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0E625004-5EF3-4EB5-9F69-D5A808107137.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\10ACC0AD-DF1D-4673-AD46-5940F35DF2C2.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BBE3735F-204E-44C6-B5AC-27CD86A7DD65.data 353792 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BBE3735F-204E-44C6-B5AC-27CD86A7DD65.data.info 152 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BCEB3BF2-CCF9-4420-BFC2-314A7B3AB37A.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BCEB3BF2-CCF9-4420-BFC2-314A7B3AB37A.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C085B182-97B1-45CB-941E-5A9895C461A9.data 463360 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C085B182-97B1-45CB-941E-5A9895C461A9.data.info 178 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C1EC9FAE-FB74-46CD-B6E3-5B7142DBE257.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C1EC9FAE-FB74-46CD-B6E3-5B7142DBE257.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\619CDC08-43CC-4BB5-9F5E-139F4CBCB0E6.data.info 140 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\63623BEA-9911-47E5-A76D-381F6C5AD5F2.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\63623BEA-9911-47E5-A76D-381F6C5AD5F2.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\63B5B25A-4A97-4F46-97F2-3C564EB052C6.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\63B5B25A-4A97-4F46-97F2-3C564EB052C6.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\647704CF-7EB3-4B5E-8AC9-4C623E74C20D.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\647704CF-7EB3-4B5E-8AC9-4C623E74C20D.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\658BA497-5746-41FE-ABB5-AEA723397925.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\658BA497-5746-41FE-ABB5-AEA723397925.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6625F2CC-36AE-41A8-9CC6-4D7AD8D4A156.data 463360 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E2CF47C1-9CF0-4008-AD63-96FB26DB9454.data 3649536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E2CF47C1-9CF0-4008-AD63-96FB26DB9454.data.info 148 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E3CD0361-2F04-4EEA-8C36-14E7E70373DE.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E3CD0361-2F04-4EEA-8C36-14E7E70373DE.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E69F7066-F966-437B-BF79-D293523E06B7.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E69F7066-F966-437B-BF79-D293523E06B7.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E7ED9EE4-D975-4407-BC68-770438C5CEFD.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E7ED9EE4-D975-4407-BC68-770438C5CEFD.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E8990B65-DDCA-46D9-8614-2F627AE2179D.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E8990B65-DDCA-46D9-8614-2F627AE2179D.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EA882AE3-7B2E-4F29-935E-B6F6A70CDF0F.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EA882AE3-7B2E-4F29-935E-B6F6A70CDF0F.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EB9A9162-D7A2-4EB9-9F30-18A976FA17CB.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EB9A9162-D7A2-4EB9-9F30-18A976FA17CB.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\10ACC0AD-DF1D-4673-AD46-5940F35DF2C2.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1B0D74A1-AD1A-443D-82E9-ED1322CBE9D9.data.info 178 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\252C848E-7E14-4C29-9CDF-E75D2DEDAFAD.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2EB542FF-A8BB-4E92-8186-579140642146.data 284160 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4B123B2C-5AF0-4F69-A2B2-CCB26FBF3787.data.info 148 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5B11F030-BFD4-4DCA-9725-BE75684D6B10.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\619CDC08-43CC-4BB5-9F5E-139F4CBCB0E6.data 189952 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6625F2CC-36AE-41A8-9CC6-4D7AD8D4A156.data.info 164 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\872E9558-643E-4E33-85F1-BDEF187C2B27.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8C90D2BA-1883-46C4-8CDD-7A3E077A89BD.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A15DE00D-99FF-469E-8A00-1807226AEC15.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A89760A3-DF86-4846-97D4-D10CB265ADA1.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BA8469D2-C3EB-4CD6-B5E0-475321C6AAF3.data.info 158 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C22A59B7-F722-447C-B75E-85E1B9D6F6B2.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D2C9048E-D86A-4220-A68C-B0AD31FC114B.data 172544 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F90F9F23-2938-455C-81C1-A80C44EF5543.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4BF8D0AD-6A9E-48B4-BE0A-A06F80359FFB.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4BF8D0AD-6A9E-48B4-BE0A-A06F80359FFB.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4E1B34A6-7B36-499F-A398-D8E565C018CC.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4E1B34A6-7B36-499F-A398-D8E565C018CC.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4FD3E031-A699-4C07-BE39-E71910594717.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4FD3E031-A699-4C07-BE39-E71910594717.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\52A60B8B-6AE6-442A-A1A4-39AED1A5EFDB.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\52A60B8B-6AE6-442A-A1A4-39AED1A5EFDB.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\566F304B-C9FF-4BF5-ACAF-E3054196117E.data 1952 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\566F304B-C9FF-4BF5-ACAF-E3054196117E.data.info 282 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\56E8B780-79FC-4254-B299-4D694A80344C.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\56E8B780-79FC-4254-B299-4D694A80344C.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\56F3D09B-2EFE-44CE-8FDB-E1DB44E38C0C.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\56F3D09B-2EFE-44CE-8FDB-E1DB44E38C0C.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2EB542FF-A8BB-4E92-8186-579140642146.data.info 154 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2FDB228F-09AE-4A14-836A-27F0842E1415.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2FDB228F-09AE-4A14-836A-27F0842E1415.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3815AD44-EC5A-4B00-9B28-5DEC7DE2E0E5.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3815AD44-EC5A-4B00-9B28-5DEC7DE2E0E5.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\387C00AE-8041-4780-A28C-58886EE8A638.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\387C00AE-8041-4780-A28C-58886EE8A638.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7C6D34A4-A6CA-4E6C-8CB2-5662F20EC68B.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7C6D34A4-A6CA-4E6C-8CB2-5662F20EC68B.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7E0A3E73-FCB9-43BA-9858-73C3B6D7F290.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7E0A3E73-FCB9-43BA-9858-73C3B6D7F290.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\83C2288C-06C0-438C-97C6-E4E217E212C4.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\83C2288C-06C0-438C-97C6-E4E217E212C4.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\84CEAA97-8B15-4F2B-A896-14AFACC66FE4.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\84CEAA97-8B15-4F2B-A896-14AFACC66FE4.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A89760A3-DF86-4846-97D4-D10CB265ADA1.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A9969556-9C32-4162-A9CC-76101EADDE6B.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A9969556-9C32-4162-A9CC-76101EADDE6B.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AC5C375D-DC12-4E41-91A0-2F5E5D43BA85.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AC5C375D-DC12-4E41-91A0-2F5E5D43BA85.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AE44208C-B202-44F1-979A-DEAA70610089.data 3649536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AE44208C-B202-44F1-979A-DEAA70610089.data.info 148 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1D5241FB-5C10-4657-A1A3-4CAB62508258.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1D5241FB-5C10-4657-A1A3-4CAB62508258.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1D724103-A7F3-41FA-A53D-CEA04ABCFE3E.data 1952 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1D724103-A7F3-41FA-A53D-CEA04ABCFE3E.data.info 282 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\20E1BBA4-DDB7-493E-B838-E337351471EC.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\20E1BBA4-DDB7-493E-B838-E337351471EC.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\247A4D2C-40C3-4CB6-A3AB-73797D2A3452.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\247A4D2C-40C3-4CB6-A3AB-73797D2A3452.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D2C9048E-D86A-4220-A68C-B0AD31FC114B.data.info 164 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D7E425C4-6CD1-46E9-86FF-C037D3539D3D.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D7E425C4-6CD1-46E9-86FF-C037D3539D3D.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D99D4D3D-78A9-4A6E-AD3C-8CA77840BF90.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D99D4D3D-78A9-4A6E-AD3C-8CA77840BF90.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D9DAF3AF-E92D-4671-AAA1-7787DCA9DF95.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D9DAF3AF-E92D-4671-AAA1-7787DCA9DF95.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ECDF6A1F-16E8-4F98-8722-D4A4DE5E66FF.data 5943 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ECDF6A1F-16E8-4F98-8722-D4A4DE5E66FF.data.info 214 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ED99B6EA-EDFF-4DCB-ABBD-86B03C0B58D8.data 755574 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ED99B6EA-EDFF-4DCB-ABBD-86B03C0B58D8.data.info 216 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EE6DCFC1-8143-4380-BB7A-6E953632ADF7.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EE6DCFC1-8143-4380-BB7A-6E953632ADF7.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F677C51C-2CCF-4C4F-9747-F09462A39D13.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F677C51C-2CCF-4C4F-9747-F09462A39D13.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F700E1D6-566A-4446-BA63-C89EC800C00B.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F700E1D6-566A-4446-BA63-C89EC800C00B.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F90F9F23-2938-455C-81C1-A80C44EF5543.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5752EF81-F471-434A-ADA6-3AA0C95C7FB6.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5752EF81-F471-434A-ADA6-3AA0C95C7FB6.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\57CA1004-407C-4439-BC0F-E627F45D71F0.data 3649536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\57CA1004-407C-4439-BC0F-E627F45D71F0.data.info 148 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\580C3B91-9F9E-48BC-96F6-932C7687A143.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\580C3B91-9F9E-48BC-96F6-932C7687A143.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\591093A5-1C56-41DB-9F2D-E34D28851540.data 3649536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\591093A5-1C56-41DB-9F2D-E34D28851540.data.info 148 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5A7DF90C-ABC9-4A28-95FE-4A19B3FA71EA.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5A7DF90C-ABC9-4A28-95FE-4A19B3FA71EA.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5B11F030-BFD4-4DCA-9725-BE75684D6B10.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6A502B27-54D4-4028-8203-06B241ADF56E.data 353792 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6A502B27-54D4-4028-8203-06B241ADF56E.data.info 152 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6C7B6E07-8C29-49F5-94CE-55647DD9FFDE.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6C7B6E07-8C29-49F5-94CE-55647DD9FFDE.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6CD556F0-D75B-4694-A7EC-154E62C72BD0.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6CD556F0-D75B-4694-A7EC-154E62C72BD0.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\75DC9D76-4718-4556-9BF2-AAE454C2B86D.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\75DC9D76-4718-4556-9BF2-AAE454C2B86D.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7A941D81-9AD6-4665-82D1-26CB3AF30484.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7A941D81-9AD6-4665-82D1-26CB3AF30484.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7B480A7F-145D-49FF-A617-D001F6AC4829.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7B480A7F-145D-49FF-A617-D001F6AC4829.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8DA1D4FD-7C51-4D51-AFF9-7A6C84937A1F.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8DA1D4FD-7C51-4D51-AFF9-7A6C84937A1F.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\92C3AFAF-D96B-4C94-A59E-10AF09B9F144.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\92C3AFAF-D96B-4C94-A59E-10AF09B9F144.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\93D076EB-E0BD-4768-A608-848CC4529263.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\93D076EB-E0BD-4768-A608-848CC4529263.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\94BE41EA-E5BB-472C-97FE-D21B94DA206F.data 6021 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\94BE41EA-E5BB-472C-97FE-D21B94DA206F.data.info 214 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\994AD976-364E-4ABB-A2FC-8DF477A47D03.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\994AD976-364E-4ABB-A2FC-8DF477A47D03.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9C39C9BB-9DD3-4660-AB26-C7463DF2B727.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9C39C9BB-9DD3-4660-AB26-C7463DF2B727.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C22A59B7-F722-447C-B75E-85E1B9D6F6B2.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C9547B4D-54E0-4621-ADFB-38A8116457FB.data 3649536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C9547B4D-54E0-4621-ADFB-38A8116457FB.data.info 148 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CC3F8A0C-0A73-4817-944E-801BBD395366.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CC3F8A0C-0A73-4817-944E-801BBD395366.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CFA2F874-1692-46EA-8693-51BA0B0DCE0A.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CFA2F874-1692-46EA-8693-51BA0B0DCE0A.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CFC5F48E-18E9-41C2-8F7C-751C1B039575.data 5774 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CFC5F48E-18E9-41C2-8F7C-751C1B039575.data.info 212 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D1AC04F3-196C-4761-B93C-4ED57BD779AA.data 5871 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D1AC04F3-196C-4761-B93C-4ED57BD779AA.data.info 214 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D2694D0B-8486-43BB-84F8-D112C3C73458.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D2694D0B-8486-43BB-84F8-D112C3C73458.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\114939E4-1181-4380-90CA-897B3BBB462D.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\114939E4-1181-4380-90CA-897B3BBB462D.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\176EFD05-05D0-4C94-8447-2A895742AB63.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\176EFD05-05D0-4C94-8447-2A895742AB63.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1829056F-1454-44AF-86A0-74EB0D44F293.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1829056F-1454-44AF-86A0-74EB0D44F293.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1841B057-10D9-4813-9F4A-A75F86E0540A.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1841B057-10D9-4813-9F4A-A75F86E0540A.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1B0D74A1-AD1A-443D-82E9-ED1322CBE9D9.data 284160 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\252C848E-7E14-4C29-9CDF-E75D2DEDAFAD.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\269B2047-CEE2-4317-B004-2E125DCAB453.data 1638400 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\269B2047-CEE2-4317-B004-2E125DCAB453.data.info 120 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2783E220-79B2-41C7-9462-E6E610C03C4F.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2783E220-79B2-41C7-9462-E6E610C03C4F.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2970EBDF-FF37-4B17-80DA-069E01C0E56F.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2970EBDF-FF37-4B17-80DA-069E01C0E56F.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FAA86A89-C2E1-4562-8A6E-481175BFE55A.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FAA86A89-C2E1-4562-8A6E-481175BFE55A.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FB602674-2916-42AC-B867-CB88D6A71295.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FB602674-2916-42AC-B867-CB88D6A71295.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FD32CA83-9892-41A5-8DD6-D8C44F36EB53.data 176640 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FD32CA83-9892-41A5-8DD6-D8C44F36EB53.data.info 156 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4696209E-B867-413D-9FDF-6A0859073DDD.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4696209E-B867-413D-9FDF-6A0859073DDD.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\482BC54C-E29C-403E-A776-306F100A638C.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\482BC54C-E29C-403E-A776-306F100A638C.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\489FD33B-0B13-4DFF-B0CD-CC7EE36427BB.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\489FD33B-0B13-4DFF-B0CD-CC7EE36427BB.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4AA515E2-CA21-4221-A783-29B8556C19DC.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4AA515E2-CA21-4221-A783-29B8556C19DC.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4B123B2C-5AF0-4F69-A2B2-CCB26FBF3787.data 3649536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\872E9558-643E-4E33-85F1-BDEF187C2B27.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\89D72A4A-8499-411C-B619-0B6AC2F8628D.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\89D72A4A-8499-411C-B619-0B6AC2F8628D.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8AB2E0F0-EAC6-40D2-A4CD-4466DE7CDF1E.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8AB2E0F0-EAC6-40D2-A4CD-4466DE7CDF1E.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8C90D2BA-1883-46C4-8CDD-7A3E077A89BD.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5F8A8452-F004-4D4A-90D6-95C9FC8C66C4.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5F8A8452-F004-4D4A-90D6-95C9FC8C66C4.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5F902E3F-807C-4B3F-B6B9-DE8B660A0BB3.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5F902E3F-807C-4B3F-B6B9-DE8B660A0BB3.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6004EED9-4BB3-45D4-B888-CA0FFFC70D47.data 3649536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6004EED9-4BB3-45D4-B888-CA0FFFC70D47.data.info 148 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A15DE00D-99FF-469E-8A00-1807226AEC15.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A1705957-8CA6-4BCD-A139-DEE22FD1E6A9.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A1705957-8CA6-4BCD-A139-DEE22FD1E6A9.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A334E229-25C2-427F-B90E-DD545F25A5D2.data 5859 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A334E229-25C2-427F-B90E-DD545F25A5D2.data.info 208 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A44EA30B-3C05-49AE-89FE-DC4BB622A5C2.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A44EA30B-3C05-49AE-89FE-DC4BB622A5C2.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A68FF165-875B-4FB2-A7A0-1E60E808A08C.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A68FF165-875B-4FB2-A7A0-1E60E808A08C.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D9F7B755-6FB4-470F-840F-C295729D10CF.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D9F7B755-6FB4-470F-840F-C295729D10CF.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DD2F68F8-821D-445D-8AE6-BDF7C50F654C.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DD2F68F8-821D-445D-8AE6-BDF7C50F654C.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E16E4933-FC3D-4DFB-BE76-5EABC6B04A5B.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E16E4933-FC3D-4DFB-BE76-5EABC6B04A5B.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E22F932A-8D27-488B-98C6-706B1D5B010F.data 3649536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E22F932A-8D27-488B-98C6-706B1D5B010F.data.info 148 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B1C1BDDE-62F6-4CC3-B166-B13FD97F4795.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B1C1BDDE-62F6-4CC3-B166-B13FD97F4795.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B3715972-8AD5-4ED2-9DC7-D6E64765A99C.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B3715972-8AD5-4ED2-9DC7-D6E64765A99C.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B3786801-D541-4F8E-BEBE-DCBA5244A38B.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B3786801-D541-4F8E-BEBE-DCBA5244A38B.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B4591E9D-A55A-4714-A066-DFC8B0FF9423.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B4591E9D-A55A-4714-A066-DFC8B0FF9423.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B9B785D6-855B-4AA5-AE69-24754CF281FB.data 7839 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B9B785D6-855B-4AA5-AE69-24754CF281FB.data.info 212 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BA8469D2-C3EB-4CD6-B5E0-475321C6AAF3.data 100352 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\388E38D2-1E6A-4FF4-A2A0-FE92C1A478F0.data 1952 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\388E38D2-1E6A-4FF4-A2A0-FE92C1A478F0.data.info 282 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\395514B8-8836-4B66-BC02-E23AEBBB8DF1.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\395514B8-8836-4B66-BC02-E23AEBBB8DF1.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3D7EEF34-CE25-4094-BBF9-E1989970BFB3.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3D7EEF34-CE25-4094-BBF9-E1989970BFB3.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\40B8CC32-8ADB-40CF-895C-8A2494F551C8.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\40B8CC32-8ADB-40CF-895C-8A2494F551C8.data.info 286 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\44810E46-8D14-4340-BF3D-51584CDE2D9F.data 1948 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\44810E46-8D14-4340-BF3D-51584CDE2D9F.data.info 286 bytes
---- EOF - GMER 1.0.15 ----
|
|
22.01.2012, 21:21
| #5 |
| /// Selecta Jahrusso | Browser starten nicht mehr, google schickt mich auf falsche Seiten Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Bitte poste in deiner nächsten Antwort TDSSKiller Log aswMBR.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
22.01.2012, 21:43
| #6 |
| | Browser starten nicht mehr, google schickt mich auf falsche Seiten TDSS Code:
ATTFilter 21:37:27.0830 1208 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
21:37:28.0029 1208 ============================================================
21:37:28.0029 1208 Current date / time: 2012/01/22 21:37:28.0029
21:37:28.0029 1208 SystemInfo:
21:37:28.0029 1208
21:37:28.0029 1208 OS Version: 6.1.7601 ServicePack: 1.0
21:37:28.0029 1208 Product type: Workstation
21:37:28.0030 1208 ComputerName: MARK-PC
21:37:28.0030 1208 UserName: Mark
21:37:28.0030 1208 Windows directory: C:\Windows
21:37:28.0030 1208 System windows directory: C:\Windows
21:37:28.0030 1208 Running under WOW64
21:37:28.0030 1208 Processor architecture: Intel x64
21:37:28.0030 1208 Number of processors: 2
21:37:28.0030 1208 Page size: 0x1000
21:37:28.0030 1208 Boot type: Normal boot
21:37:28.0030 1208 ============================================================
21:37:28.0648 1208 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:37:28.0841 1208 Initialize success
21:37:37.0557 3120 ============================================================
21:37:37.0557 3120 Scan started
21:37:37.0558 3120 Mode: Manual;
21:37:37.0558 3120 ============================================================
21:37:40.0111 3120 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:37:40.0116 3120 1394ohci - ok
21:37:40.0161 3120 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:37:40.0167 3120 ACPI - ok
21:37:40.0219 3120 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:37:40.0221 3120 AcpiPmi - ok
21:37:40.0360 3120 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:37:40.0373 3120 adp94xx - ok
21:37:40.0413 3120 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:37:40.0420 3120 adpahci - ok
21:37:40.0449 3120 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:37:40.0456 3120 adpu320 - ok
21:37:40.0526 3120 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:37:40.0536 3120 AFD - ok
21:37:40.0578 3120 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:37:40.0582 3120 agp440 - ok
21:37:40.0630 3120 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:37:40.0632 3120 aliide - ok
21:37:40.0647 3120 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:37:40.0650 3120 amdide - ok
21:37:40.0694 3120 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:37:40.0697 3120 AmdK8 - ok
21:37:40.0720 3120 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:37:40.0726 3120 AmdPPM - ok
21:37:40.0818 3120 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:37:40.0826 3120 amdsata - ok
21:37:40.0866 3120 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:37:40.0871 3120 amdsbs - ok
21:37:40.0887 3120 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:37:40.0890 3120 amdxata - ok
21:37:40.0949 3120 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:37:40.0954 3120 AppID - ok
21:37:41.0021 3120 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:37:41.0024 3120 arc - ok
21:37:41.0034 3120 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:37:41.0038 3120 arcsas - ok
21:37:41.0182 3120 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:37:41.0185 3120 AsyncMac - ok
21:37:41.0241 3120 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:37:41.0245 3120 atapi - ok
21:37:41.0375 3120 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
21:37:41.0383 3120 atksgt - ok
21:37:41.0512 3120 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:37:41.0522 3120 b06bdrv - ok
21:37:41.0579 3120 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:37:41.0585 3120 b57nd60a - ok
21:37:41.0633 3120 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:37:41.0636 3120 Beep - ok
21:37:41.0687 3120 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:37:41.0689 3120 blbdrive - ok
21:37:41.0735 3120 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:37:41.0739 3120 bowser - ok
21:37:41.0767 3120 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:37:41.0770 3120 BrFiltLo - ok
21:37:41.0789 3120 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:37:41.0791 3120 BrFiltUp - ok
21:37:41.0822 3120 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:37:41.0828 3120 Brserid - ok
21:37:41.0850 3120 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:37:41.0853 3120 BrSerWdm - ok
21:37:41.0881 3120 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:37:41.0883 3120 BrUsbMdm - ok
21:37:41.0899 3120 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:37:41.0901 3120 BrUsbSer - ok
21:37:41.0937 3120 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:37:41.0939 3120 BTHMODEM - ok
21:37:41.0964 3120 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:37:41.0967 3120 cdfs - ok
21:37:42.0034 3120 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:37:42.0038 3120 cdrom - ok
21:37:42.0132 3120 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:37:42.0134 3120 circlass - ok
21:37:42.0176 3120 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:37:42.0183 3120 CLFS - ok
21:37:42.0331 3120 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:37:42.0333 3120 CmBatt - ok
21:37:42.0429 3120 cmderd (fa26df95bfbeccbd44c961834789c549) C:\Windows\system32\DRIVERS\cmderd.sys
21:37:42.0434 3120 cmderd - ok
21:37:42.0689 3120 cmdGuard (efd76d1c9a28b75ff05b23cb0e7f79cd) C:\Windows\system32\DRIVERS\cmdguard.sys
21:37:42.0711 3120 cmdGuard - ok
21:37:42.0769 3120 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
21:37:42.0773 3120 cmdHlp - ok
21:37:42.0814 3120 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:37:42.0816 3120 cmdide - ok
21:37:42.0875 3120 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:37:42.0884 3120 CNG - ok
21:37:42.0987 3120 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:37:42.0991 3120 Compbatt - ok
21:37:43.0028 3120 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:37:43.0030 3120 CompositeBus - ok
21:37:43.0066 3120 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:37:43.0068 3120 crcdisk - ok
21:37:43.0196 3120 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:37:43.0214 3120 CSC - ok
21:37:43.0358 3120 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:37:43.0362 3120 DfsC - ok
21:37:43.0407 3120 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:37:43.0410 3120 discache - ok
21:37:43.0464 3120 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:37:43.0467 3120 Disk - ok
21:37:43.0596 3120 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:37:43.0598 3120 drmkaud - ok
21:37:43.0663 3120 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:37:43.0686 3120 DXGKrnl - ok
21:37:43.0784 3120 EagleX64 - ok
21:37:43.0932 3120 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:37:44.0025 3120 ebdrv - ok
21:37:44.0114 3120 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:37:44.0122 3120 elxstor - ok
21:37:44.0172 3120 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:37:44.0176 3120 ErrDev - ok
21:37:44.0261 3120 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:37:44.0265 3120 exfat - ok
21:37:44.0299 3120 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:37:44.0303 3120 fastfat - ok
21:37:44.0331 3120 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:37:44.0333 3120 fdc - ok
21:37:44.0368 3120 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:37:44.0375 3120 FileInfo - ok
21:37:44.0394 3120 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:37:44.0397 3120 Filetrace - ok
21:37:44.0410 3120 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:37:44.0413 3120 flpydisk - ok
21:37:44.0449 3120 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:37:44.0454 3120 FltMgr - ok
21:37:44.0482 3120 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:37:44.0486 3120 FsDepends - ok
21:37:44.0524 3120 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:37:44.0527 3120 Fs_Rec - ok
21:37:44.0609 3120 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:37:44.0615 3120 fvevol - ok
21:37:44.0681 3120 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:37:44.0684 3120 gagp30kx - ok
21:37:44.0747 3120 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
21:37:44.0749 3120 hamachi - ok
21:37:44.0834 3120 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:37:44.0838 3120 hcw85cir - ok
21:37:44.0903 3120 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:37:44.0911 3120 HdAudAddService - ok
21:37:44.0972 3120 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:37:44.0976 3120 HDAudBus - ok
21:37:45.0018 3120 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:37:45.0021 3120 HidBatt - ok
21:37:45.0050 3120 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:37:45.0054 3120 HidBth - ok
21:37:45.0074 3120 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:37:45.0078 3120 HidIr - ok
21:37:45.0129 3120 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:37:45.0131 3120 HidUsb - ok
21:37:45.0186 3120 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:37:45.0189 3120 HpSAMD - ok
21:37:45.0238 3120 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:37:45.0261 3120 HTTP - ok
21:37:45.0304 3120 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:37:45.0308 3120 hwpolicy - ok
21:37:45.0357 3120 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:37:45.0362 3120 i8042prt - ok
21:37:45.0454 3120 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:37:45.0457 3120 iaStor - ok
21:37:45.0508 3120 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:37:45.0516 3120 iaStorV - ok
21:37:45.0558 3120 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:37:45.0561 3120 iirsp - ok
21:37:45.0604 3120 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
21:37:45.0607 3120 inspect - ok
21:37:45.0652 3120 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:37:45.0655 3120 intelide - ok
21:37:45.0706 3120 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:37:45.0709 3120 intelppm - ok
21:37:45.0753 3120 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:37:45.0757 3120 IpFilterDriver - ok
21:37:45.0799 3120 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:37:45.0802 3120 IPMIDRV - ok
21:37:45.0832 3120 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:37:45.0836 3120 IPNAT - ok
21:37:45.0873 3120 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:37:45.0875 3120 IRENUM - ok
21:37:45.0913 3120 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:37:45.0915 3120 isapnp - ok
21:37:45.0947 3120 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:37:45.0953 3120 iScsiPrt - ok
21:37:45.0979 3120 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:37:45.0982 3120 kbdclass - ok
21:37:46.0021 3120 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:37:46.0024 3120 kbdhid - ok
21:37:46.0130 3120 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:37:46.0134 3120 KSecDD - ok
21:37:46.0166 3120 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:37:46.0170 3120 KSecPkg - ok
21:37:46.0245 3120 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:37:46.0248 3120 ksthunk - ok
21:37:46.0469 3120 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
21:37:46.0476 3120 lirsgt - ok
21:37:46.0550 3120 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:37:46.0553 3120 lltdio - ok
21:37:46.0633 3120 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:37:46.0636 3120 LSI_FC - ok
21:37:46.0668 3120 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:37:46.0672 3120 LSI_SAS - ok
21:37:46.0697 3120 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:37:46.0701 3120 LSI_SAS2 - ok
21:37:46.0727 3120 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:37:46.0731 3120 LSI_SCSI - ok
21:37:46.0769 3120 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:37:46.0772 3120 luafv - ok
21:37:46.0839 3120 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:37:46.0842 3120 MBAMProtector - ok
21:37:46.0880 3120 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:37:46.0883 3120 megasas - ok
21:37:46.0906 3120 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:37:46.0911 3120 MegaSR - ok
21:37:46.0940 3120 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:37:46.0943 3120 Modem - ok
21:37:47.0039 3120 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:37:47.0041 3120 monitor - ok
21:37:47.0094 3120 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:37:47.0096 3120 mouclass - ok
21:37:47.0143 3120 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:37:47.0146 3120 mouhid - ok
21:37:47.0233 3120 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:37:47.0239 3120 mountmgr - ok
21:37:47.0273 3120 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:37:47.0277 3120 mpio - ok
21:37:47.0313 3120 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:37:47.0316 3120 mpsdrv - ok
21:37:47.0365 3120 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:37:47.0368 3120 MRxDAV - ok
21:37:47.0407 3120 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:37:47.0411 3120 mrxsmb - ok
21:37:47.0443 3120 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:37:47.0448 3120 mrxsmb10 - ok
21:37:47.0467 3120 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:37:47.0471 3120 mrxsmb20 - ok
21:37:47.0513 3120 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:37:47.0515 3120 msahci - ok
21:37:47.0557 3120 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:37:47.0561 3120 msdsm - ok
21:37:47.0608 3120 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:37:47.0610 3120 Msfs - ok
21:37:47.0693 3120 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:37:47.0695 3120 mshidkmdf - ok
21:37:47.0741 3120 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:37:47.0743 3120 msisadrv - ok
21:37:47.0843 3120 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:37:47.0846 3120 MSKSSRV - ok
21:37:47.0874 3120 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:37:47.0896 3120 MSPCLOCK - ok
21:37:47.0968 3120 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:37:47.0972 3120 MSPQM - ok
21:37:48.0018 3120 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:37:48.0025 3120 MsRPC - ok
21:37:48.0072 3120 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:37:48.0073 3120 mssmbios - ok
21:37:48.0162 3120 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:37:48.0165 3120 MSTEE - ok
21:37:48.0193 3120 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:37:48.0196 3120 MTConfig - ok
21:37:48.0215 3120 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:37:48.0219 3120 Mup - ok
21:37:48.0302 3120 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:37:48.0308 3120 NativeWifiP - ok
21:37:48.0398 3120 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:37:48.0421 3120 NDIS - ok
21:37:48.0484 3120 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:37:48.0487 3120 NdisCap - ok
21:37:48.0526 3120 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:37:48.0528 3120 NdisTapi - ok
21:37:48.0578 3120 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:37:48.0581 3120 Ndisuio - ok
21:37:48.0641 3120 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:37:48.0645 3120 NdisWan - ok
21:37:48.0699 3120 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:37:48.0705 3120 NDProxy - ok
21:37:48.0766 3120 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:37:48.0774 3120 NetBIOS - ok
21:37:48.0892 3120 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:37:48.0898 3120 NetBT - ok
21:37:49.0169 3120 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:37:49.0296 3120 netw5v64 - ok
21:37:49.0355 3120 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:37:49.0358 3120 nfrd960 - ok
21:37:49.0422 3120 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:37:49.0425 3120 Npfs - ok
21:37:49.0446 3120 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:37:49.0449 3120 nsiproxy - ok
21:37:49.0522 3120 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:37:49.0556 3120 Ntfs - ok
21:37:49.0589 3120 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:37:49.0591 3120 Null - ok
21:37:50.0015 3120 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:37:50.0261 3120 nvlddmkm - ok
21:37:50.0336 3120 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:37:50.0342 3120 nvraid - ok
21:37:50.0370 3120 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:37:50.0375 3120 nvstor - ok
21:37:50.0444 3120 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:37:50.0448 3120 nv_agp - ok
21:37:50.0487 3120 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:37:50.0491 3120 ohci1394 - ok
21:37:50.0548 3120 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:37:50.0552 3120 Parport - ok
21:37:50.0605 3120 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:37:50.0609 3120 partmgr - ok
21:37:50.0645 3120 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:37:50.0650 3120 pci - ok
21:37:50.0673 3120 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:37:50.0676 3120 pciide - ok
21:37:50.0720 3120 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:37:50.0725 3120 pcmcia - ok
21:37:50.0752 3120 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:37:50.0756 3120 pcw - ok
21:37:50.0784 3120 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:37:50.0807 3120 PEAUTH - ok
21:37:50.0955 3120 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:37:50.0962 3120 PptpMiniport - ok
21:37:51.0008 3120 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:37:51.0011 3120 Processor - ok
21:37:51.0096 3120 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:37:51.0101 3120 Psched - ok
21:37:51.0185 3120 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:37:51.0219 3120 ql2300 - ok
21:37:51.0251 3120 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:37:51.0255 3120 ql40xx - ok
21:37:51.0277 3120 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:37:51.0280 3120 QWAVEdrv - ok
21:37:51.0302 3120 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:37:51.0304 3120 RasAcd - ok
21:37:51.0348 3120 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:37:51.0351 3120 RasAgileVpn - ok
21:37:51.0439 3120 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:37:51.0445 3120 Rasl2tp - ok
21:37:51.0499 3120 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:37:51.0503 3120 RasPppoe - ok
21:37:51.0531 3120 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:37:51.0534 3120 RasSstp - ok
21:37:51.0601 3120 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:37:51.0607 3120 rdbss - ok
21:37:51.0642 3120 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:37:51.0645 3120 rdpbus - ok
21:37:51.0663 3120 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:37:51.0665 3120 RDPCDD - ok
21:37:51.0710 3120 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:37:51.0714 3120 RDPDR - ok
21:37:51.0796 3120 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:37:51.0798 3120 RDPENCDD - ok
21:37:51.0844 3120 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:37:51.0847 3120 RDPREFMP - ok
21:37:51.0897 3120 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:37:51.0901 3120 RDPWD - ok
21:37:51.0942 3120 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:37:51.0946 3120 rdyboost - ok
21:37:52.0037 3120 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:37:52.0040 3120 rspndr - ok
21:37:52.0093 3120 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:37:52.0108 3120 RTL8167 - ok
21:37:52.0208 3120 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:37:52.0210 3120 s3cap - ok
21:37:52.0274 3120 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:37:52.0280 3120 sbp2port - ok
21:37:52.0344 3120 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:37:52.0346 3120 scfilter - ok
21:37:52.0403 3120 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:37:52.0406 3120 sdbus - ok
21:37:52.0456 3120 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:37:52.0459 3120 secdrv - ok
21:37:52.0493 3120 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:37:52.0495 3120 Serenum - ok
21:37:52.0516 3120 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:37:52.0519 3120 Serial - ok
21:37:52.0572 3120 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:37:52.0575 3120 sermouse - ok
21:37:52.0637 3120 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:37:52.0644 3120 sffdisk - ok
21:37:52.0678 3120 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:37:52.0681 3120 sffp_mmc - ok
21:37:52.0708 3120 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:37:52.0710 3120 sffp_sd - ok
21:37:52.0740 3120 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:37:52.0742 3120 sfloppy - ok
21:37:52.0795 3120 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:37:52.0798 3120 SiSRaid2 - ok
21:37:52.0821 3120 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:37:52.0824 3120 SiSRaid4 - ok
21:37:52.0858 3120 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:37:52.0861 3120 Smb - ok
21:37:52.0933 3120 smserial (7ae8bca90539ecbde87ac45ba1436be3) C:\Windows\system32\DRIVERS\SmSerl64.sys
21:37:52.0967 3120 smserial - ok
21:37:53.0045 3120 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:37:53.0049 3120 spldr - ok
21:37:53.0131 3120 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:37:53.0139 3120 srv - ok
21:37:53.0187 3120 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:37:53.0194 3120 srv2 - ok
21:37:53.0223 3120 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:37:53.0228 3120 srvnet - ok
21:37:53.0383 3120 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:37:53.0387 3120 stexstor - ok
21:37:53.0449 3120 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:37:53.0452 3120 storflt - ok
21:37:53.0504 3120 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:37:53.0507 3120 storvsc - ok
21:37:53.0557 3120 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:37:53.0559 3120 swenum - ok
21:37:53.0665 3120 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:37:53.0729 3120 Tcpip - ok
21:37:53.0798 3120 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:37:53.0809 3120 TCPIP6 - ok
21:37:53.0852 3120 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:37:53.0855 3120 tcpipreg - ok
21:37:53.0886 3120 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:37:53.0889 3120 TDPIPE - ok
21:37:53.0915 3120 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:37:53.0918 3120 TDTCP - ok
21:37:53.0965 3120 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:37:53.0969 3120 tdx - ok
21:37:54.0016 3120 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:37:54.0019 3120 TermDD - ok
21:37:54.0081 3120 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:37:54.0084 3120 tssecsrv - ok
21:37:54.0132 3120 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:37:54.0137 3120 TsUsbFlt - ok
21:37:54.0198 3120 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:37:54.0202 3120 tunnel - ok
21:37:54.0236 3120 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:37:54.0238 3120 uagp35 - ok
21:37:54.0283 3120 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:37:54.0288 3120 udfs - ok
21:37:54.0337 3120 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:37:54.0339 3120 uliagpkx - ok
21:37:54.0378 3120 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:37:54.0381 3120 umbus - ok
21:37:54.0430 3120 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:37:54.0432 3120 UmPass - ok
21:37:54.0493 3120 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:37:54.0497 3120 usbaudio - ok
21:37:54.0551 3120 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:37:54.0555 3120 usbccgp - ok
21:37:54.0605 3120 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:37:54.0609 3120 usbcir - ok
21:37:54.0650 3120 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:37:54.0655 3120 usbehci - ok
21:37:54.0694 3120 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:37:54.0702 3120 usbhub - ok
21:37:54.0726 3120 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:37:54.0729 3120 usbohci - ok
21:37:54.0768 3120 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:37:54.0771 3120 usbprint - ok
21:37:54.0803 3120 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:37:54.0807 3120 USBSTOR - ok
21:37:54.0831 3120 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:37:54.0834 3120 usbuhci - ok
21:37:54.0896 3120 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:37:54.0902 3120 usbvideo - ok
21:37:54.0953 3120 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:37:54.0956 3120 vdrvroot - ok
21:37:55.0010 3120 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:37:55.0013 3120 vga - ok
21:37:55.0035 3120 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:37:55.0038 3120 VgaSave - ok
21:37:55.0080 3120 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:37:55.0085 3120 vhdmp - ok
21:37:55.0124 3120 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:37:55.0126 3120 viaide - ok
21:37:55.0160 3120 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:37:55.0165 3120 vmbus - ok
21:37:55.0187 3120 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:37:55.0190 3120 VMBusHID - ok
21:37:55.0222 3120 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:37:55.0225 3120 volmgr - ok
21:37:55.0279 3120 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:37:55.0291 3120 volmgrx - ok
21:37:55.0340 3120 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:37:55.0348 3120 volsnap - ok
21:37:55.0399 3120 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:37:55.0403 3120 vsmraid - ok
21:37:55.0438 3120 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:37:55.0441 3120 vwifibus - ok
21:37:55.0493 3120 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:37:55.0495 3120 WacomPen - ok
21:37:55.0540 3120 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:37:55.0543 3120 WANARP - ok
21:37:55.0549 3120 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:37:55.0550 3120 Wanarpv6 - ok
21:37:55.0597 3120 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:37:55.0599 3120 Wd - ok
21:37:55.0638 3120 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:37:55.0647 3120 Wdf01000 - ok
21:37:55.0698 3120 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:37:55.0700 3120 WfpLwf - ok
21:37:55.0721 3120 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:37:55.0723 3120 WIMMount - ok
21:37:55.0817 3120 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
21:37:55.0820 3120 WinUsb - ok
21:37:55.0860 3120 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:37:55.0862 3120 WmiAcpi - ok
21:37:55.0918 3120 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:37:55.0920 3120 ws2ifsl - ok
21:37:55.0986 3120 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:37:55.0991 3120 WudfPf - ok
21:37:56.0041 3120 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:37:56.0046 3120 WUDFRd - ok
21:37:56.0104 3120 XENfiltv (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\XENfiltv.sys
21:37:56.0105 3120 XENfiltv - ok
21:37:56.0225 3120 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
21:37:56.0228 3120 xusb21 - ok
21:37:56.0275 3120 MBR (0x1B8) (a394fad93df70af56349f150c1a53331) \Device\Harddisk0\DR0
21:37:56.0308 3120 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
21:37:56.0308 3120 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
21:37:56.0313 3120 Boot (0x1200) (f373672980a468bcab4eb7466ddceb3c) \Device\Harddisk0\DR0\Partition0
21:37:56.0321 3120 \Device\Harddisk0\DR0\Partition0 - ok
21:37:56.0361 3120 Boot (0x1200) (c22d5cfb8568383976be070c5a93e2bc) \Device\Harddisk0\DR0\Partition1
21:37:56.0371 3120 \Device\Harddisk0\DR0\Partition1 - ok
21:37:56.0401 3120 Boot (0x1200) (0e6bb4fedb0639f053ad5ec99ef43c72) \Device\Harddisk0\DR0\Partition2
21:37:56.0403 3120 \Device\Harddisk0\DR0\Partition2 - ok
21:37:56.0430 3120 Boot (0x1200) (b2d034993b7bf5082f1d0285973d1902) \Device\Harddisk0\DR0\Partition3
21:37:56.0432 3120 \Device\Harddisk0\DR0\Partition3 - ok
21:37:56.0432 3120 ============================================================
21:37:56.0433 3120 Scan finished
21:37:56.0433 3120 ============================================================
21:37:56.0449 2284 Detected object count: 1
21:37:56.0449 2284 Actual detected object count: 1
21:38:08.0826 2284 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - skipped by user
21:38:08.0826 2284 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Skip
Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-22 21:39:47
-----------------------------
21:39:47.047 OS Version: Windows x64 6.1.7601 Service Pack 1
21:39:47.047 Number of processors: 2 586 0x170A
21:39:47.048 ComputerName: MARK-PC UserName: Mark
21:39:47.644 Initialize success
21:40:08.901 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:40:08.903 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
21:40:08.919 Disk 0 MBR read successfully
21:40:08.922 Disk 0 MBR scan
21:40:08.924 Disk 0 Windows 7 default MBR code
21:40:08.927 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
21:40:08.929 Disk 0 Partition - 00 0F Extended LBA 426930 MB offset 102398310
21:40:08.949 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149997 MB offset 102398373
21:40:08.953 Disk 0 Partition - 00 05 Extended 170000 MB offset 409593240
21:40:08.979 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 170000 MB offset 409593303
21:40:08.982 Disk 0 Partition - 00 05 Extended 106932 MB offset 1064948850
21:40:09.007 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 106932 MB offset 757753983
21:40:09.011 Service scanning
21:40:10.139 Modules scanning
21:40:10.504 Disk 0 trace - called modules:
21:40:10.525 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8005798334]<<
21:40:10.535 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800577c360]
21:40:10.542 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046e1050]
21:40:10.549 \Driver\iaStor[0xfffffa8004671880] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8005798334
21:40:10.557 Scan finished successfully
21:40:25.160 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
21:40:25.165 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"
|
|
23.01.2012, 00:41
| #7 | |
| /// Selecta Jahrusso | Browser starten nicht mehr, google schickt mich auf falsche Seiten Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Zitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
23.01.2012, 12:48
| #8 |
| | Browser starten nicht mehr, google schickt mich auf falsche Seiten TDSS: Code:
ATTFilter 12:27:53.0494 3776 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
12:27:53.0735 3776 ============================================================
12:27:53.0735 3776 Current date / time: 2012/01/23 12:27:53.0735
12:27:53.0735 3776 SystemInfo:
12:27:53.0735 3776
12:27:53.0736 3776 OS Version: 6.1.7601 ServicePack: 1.0
12:27:53.0736 3776 Product type: Workstation
12:27:53.0736 3776 ComputerName: MARK-PC
12:27:53.0736 3776 UserName: Mark
12:27:53.0736 3776 Windows directory: C:\Windows
12:27:53.0736 3776 System windows directory: C:\Windows
12:27:53.0736 3776 Running under WOW64
12:27:53.0736 3776 Processor architecture: Intel x64
12:27:53.0736 3776 Number of processors: 2
12:27:53.0736 3776 Page size: 0x1000
12:27:53.0736 3776 Boot type: Normal boot
12:27:53.0736 3776 ============================================================
12:27:54.0450 3776 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:27:54.0628 3776 Initialize success
12:28:13.0842 2500 ============================================================
12:28:13.0842 2500 Scan started
12:28:13.0842 2500 Mode: Manual;
12:28:13.0842 2500 ============================================================
12:28:15.0277 2500 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:28:15.0277 2500 1394ohci - ok
12:28:15.0340 2500 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:28:15.0355 2500 ACPI - ok
12:28:15.0418 2500 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:28:15.0433 2500 AcpiPmi - ok
12:28:15.0605 2500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:28:15.0605 2500 adp94xx - ok
12:28:15.0667 2500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:28:15.0683 2500 adpahci - ok
12:28:15.0730 2500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:28:15.0730 2500 adpu320 - ok
12:28:15.0823 2500 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:28:15.0823 2500 AFD - ok
12:28:15.0870 2500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:28:15.0870 2500 agp440 - ok
12:28:15.0917 2500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:28:15.0917 2500 aliide - ok
12:28:15.0932 2500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:28:15.0932 2500 amdide - ok
12:28:15.0979 2500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:28:15.0995 2500 AmdK8 - ok
12:28:16.0010 2500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:28:16.0010 2500 AmdPPM - ok
12:28:16.0057 2500 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:28:16.0073 2500 amdsata - ok
12:28:16.0104 2500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:28:16.0104 2500 amdsbs - ok
12:28:16.0120 2500 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:28:16.0120 2500 amdxata - ok
12:28:16.0166 2500 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:28:16.0182 2500 AppID - ok
12:28:16.0244 2500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:28:16.0244 2500 arc - ok
12:28:16.0276 2500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:28:16.0276 2500 arcsas - ok
12:28:16.0400 2500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:28:16.0416 2500 AsyncMac - ok
12:28:16.0463 2500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:28:16.0463 2500 atapi - ok
12:28:16.0603 2500 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
12:28:16.0603 2500 atksgt - ok
12:28:16.0728 2500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:28:16.0728 2500 b06bdrv - ok
12:28:16.0775 2500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:28:16.0790 2500 b57nd60a - ok
12:28:16.0853 2500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:28:16.0868 2500 Beep - ok
12:28:16.0900 2500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:28:16.0900 2500 blbdrive - ok
12:28:16.0931 2500 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:28:16.0946 2500 bowser - ok
12:28:16.0993 2500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:28:16.0993 2500 BrFiltLo - ok
12:28:17.0009 2500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:28:17.0009 2500 BrFiltUp - ok
12:28:17.0071 2500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:28:17.0071 2500 Brserid - ok
12:28:17.0102 2500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:28:17.0102 2500 BrSerWdm - ok
12:28:17.0118 2500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:28:17.0118 2500 BrUsbMdm - ok
12:28:17.0134 2500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:28:17.0134 2500 BrUsbSer - ok
12:28:17.0165 2500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:28:17.0165 2500 BTHMODEM - ok
12:28:17.0212 2500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:28:17.0212 2500 cdfs - ok
12:28:17.0258 2500 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:28:17.0258 2500 cdrom - ok
12:28:17.0305 2500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:28:17.0321 2500 circlass - ok
12:28:17.0368 2500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:28:17.0383 2500 CLFS - ok
12:28:17.0508 2500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:28:17.0508 2500 CmBatt - ok
12:28:17.0570 2500 cmderd (fa26df95bfbeccbd44c961834789c549) C:\Windows\system32\DRIVERS\cmderd.sys
12:28:17.0570 2500 cmderd - ok
12:28:17.0602 2500 cmdGuard (efd76d1c9a28b75ff05b23cb0e7f79cd) C:\Windows\system32\DRIVERS\cmdguard.sys
12:28:17.0617 2500 cmdGuard - ok
12:28:17.0648 2500 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
12:28:17.0648 2500 cmdHlp - ok
12:28:17.0695 2500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:28:17.0695 2500 cmdide - ok
12:28:17.0758 2500 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:28:17.0758 2500 CNG - ok
12:28:17.0867 2500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:28:17.0867 2500 Compbatt - ok
12:28:17.0929 2500 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:28:17.0929 2500 CompositeBus - ok
12:28:17.0976 2500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:28:17.0976 2500 crcdisk - ok
12:28:18.0101 2500 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:28:18.0101 2500 CSC - ok
12:28:18.0226 2500 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:28:18.0226 2500 DfsC - ok
12:28:18.0257 2500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:28:18.0257 2500 discache - ok
12:28:18.0288 2500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:28:18.0288 2500 Disk - ok
12:28:18.0319 2500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:28:18.0319 2500 drmkaud - ok
12:28:18.0413 2500 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:28:18.0444 2500 DXGKrnl - ok
12:28:18.0538 2500 EagleX64 - ok
12:28:18.0647 2500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:28:18.0772 2500 ebdrv - ok
12:28:18.0865 2500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:28:18.0881 2500 elxstor - ok
12:28:18.0896 2500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:28:18.0896 2500 ErrDev - ok
12:28:18.0959 2500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:28:18.0959 2500 exfat - ok
12:28:18.0990 2500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:28:18.0990 2500 fastfat - ok
12:28:19.0021 2500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:28:19.0037 2500 fdc - ok
12:28:19.0068 2500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:28:19.0068 2500 FileInfo - ok
12:28:19.0084 2500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:28:19.0099 2500 Filetrace - ok
12:28:19.0130 2500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:28:19.0130 2500 flpydisk - ok
12:28:19.0162 2500 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:28:19.0177 2500 FltMgr - ok
12:28:19.0193 2500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:28:19.0208 2500 FsDepends - ok
12:28:19.0224 2500 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:28:19.0240 2500 Fs_Rec - ok
12:28:19.0271 2500 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:28:19.0271 2500 fvevol - ok
12:28:19.0302 2500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:28:19.0302 2500 gagp30kx - ok
12:28:19.0349 2500 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
12:28:19.0364 2500 hamachi - ok
12:28:19.0458 2500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:28:19.0474 2500 hcw85cir - ok
12:28:19.0536 2500 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:28:19.0552 2500 HdAudAddService - ok
12:28:19.0630 2500 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:28:19.0630 2500 HDAudBus - ok
12:28:19.0754 2500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:28:19.0754 2500 HidBatt - ok
12:28:19.0770 2500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:28:19.0770 2500 HidBth - ok
12:28:19.0801 2500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:28:19.0801 2500 HidIr - ok
12:28:19.0926 2500 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:28:19.0926 2500 HidUsb - ok
12:28:19.0988 2500 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:28:20.0004 2500 HpSAMD - ok
12:28:20.0066 2500 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:28:20.0113 2500 HTTP - ok
12:28:20.0207 2500 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:28:20.0207 2500 hwpolicy - ok
12:28:20.0269 2500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:28:20.0269 2500 i8042prt - ok
12:28:20.0394 2500 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
12:28:20.0394 2500 iaStor - ok
12:28:20.0441 2500 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:28:20.0456 2500 iaStorV - ok
12:28:20.0519 2500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:28:20.0519 2500 iirsp - ok
12:28:20.0566 2500 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
12:28:20.0566 2500 inspect - ok
12:28:20.0628 2500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:28:20.0628 2500 intelide - ok
12:28:20.0675 2500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:28:20.0675 2500 intelppm - ok
12:28:20.0722 2500 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:28:20.0722 2500 IpFilterDriver - ok
12:28:20.0831 2500 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:28:20.0831 2500 IPMIDRV - ok
12:28:20.0862 2500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:28:20.0878 2500 IPNAT - ok
12:28:20.0971 2500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:28:20.0971 2500 IRENUM - ok
12:28:21.0018 2500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:28:21.0018 2500 isapnp - ok
12:28:21.0049 2500 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:28:21.0049 2500 iScsiPrt - ok
12:28:21.0174 2500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:28:21.0174 2500 kbdclass - ok
12:28:21.0205 2500 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:28:21.0221 2500 kbdhid - ok
12:28:21.0314 2500 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:28:21.0330 2500 KSecDD - ok
12:28:21.0361 2500 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:28:21.0361 2500 KSecPkg - ok
12:28:21.0408 2500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:28:21.0408 2500 ksthunk - ok
12:28:21.0580 2500 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
12:28:21.0580 2500 lirsgt - ok
12:28:21.0626 2500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:28:21.0626 2500 lltdio - ok
12:28:21.0673 2500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:28:21.0673 2500 LSI_FC - ok
12:28:21.0689 2500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:28:21.0704 2500 LSI_SAS - ok
12:28:21.0720 2500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:28:21.0720 2500 LSI_SAS2 - ok
12:28:21.0751 2500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:28:21.0751 2500 LSI_SCSI - ok
12:28:21.0782 2500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:28:21.0782 2500 luafv - ok
12:28:21.0876 2500 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:28:21.0876 2500 MBAMProtector - ok
12:28:21.0923 2500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:28:21.0938 2500 megasas - ok
12:28:21.0970 2500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:28:21.0985 2500 MegaSR - ok
12:28:22.0079 2500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:28:22.0079 2500 Modem - ok
12:28:22.0157 2500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:28:22.0157 2500 monitor - ok
12:28:22.0204 2500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:28:22.0219 2500 mouclass - ok
12:28:22.0250 2500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:28:22.0250 2500 mouhid - ok
12:28:22.0297 2500 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:28:22.0297 2500 mountmgr - ok
12:28:22.0328 2500 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:28:22.0344 2500 mpio - ok
12:28:22.0360 2500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:28:22.0360 2500 mpsdrv - ok
12:28:22.0422 2500 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:28:22.0438 2500 MRxDAV - ok
12:28:22.0484 2500 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:28:22.0484 2500 mrxsmb - ok
12:28:22.0531 2500 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:28:22.0531 2500 mrxsmb10 - ok
12:28:22.0547 2500 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:28:22.0547 2500 mrxsmb20 - ok
12:28:22.0594 2500 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:28:22.0594 2500 msahci - ok
12:28:22.0656 2500 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:28:22.0656 2500 msdsm - ok
12:28:22.0718 2500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:28:22.0718 2500 Msfs - ok
12:28:22.0734 2500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:28:22.0750 2500 mshidkmdf - ok
12:28:22.0781 2500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:28:22.0781 2500 msisadrv - ok
12:28:22.0828 2500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:28:22.0828 2500 MSKSSRV - ok
12:28:22.0843 2500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:28:22.0843 2500 MSPCLOCK - ok
12:28:22.0859 2500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:28:22.0859 2500 MSPQM - ok
12:28:22.0906 2500 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:28:22.0921 2500 MsRPC - ok
12:28:22.0952 2500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:28:22.0952 2500 mssmbios - ok
12:28:22.0999 2500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:28:22.0999 2500 MSTEE - ok
12:28:23.0046 2500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:28:23.0046 2500 MTConfig - ok
12:28:23.0062 2500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:28:23.0062 2500 Mup - ok
12:28:23.0124 2500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:28:23.0140 2500 NativeWifiP - ok
12:28:23.0218 2500 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:28:23.0233 2500 NDIS - ok
12:28:23.0327 2500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:28:23.0327 2500 NdisCap - ok
12:28:23.0358 2500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:28:23.0374 2500 NdisTapi - ok
12:28:23.0436 2500 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:28:23.0436 2500 Ndisuio - ok
12:28:23.0498 2500 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:28:23.0498 2500 NdisWan - ok
12:28:23.0576 2500 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:28:23.0592 2500 NDProxy - ok
12:28:23.0654 2500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:28:23.0654 2500 NetBIOS - ok
12:28:23.0701 2500 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:28:23.0701 2500 NetBT - ok
12:28:23.0951 2500 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
12:28:24.0076 2500 netw5v64 - ok
12:28:24.0138 2500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:28:24.0138 2500 nfrd960 - ok
12:28:24.0200 2500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:28:24.0200 2500 Npfs - ok
12:28:24.0216 2500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:28:24.0216 2500 nsiproxy - ok
12:28:24.0294 2500 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:28:24.0325 2500 Ntfs - ok
12:28:24.0356 2500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:28:24.0372 2500 Null - ok
12:28:24.0700 2500 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:28:24.0934 2500 nvlddmkm - ok
12:28:24.0996 2500 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:28:24.0996 2500 nvraid - ok
12:28:25.0027 2500 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:28:25.0027 2500 nvstor - ok
12:28:25.0090 2500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:28:25.0105 2500 nv_agp - ok
12:28:25.0136 2500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:28:25.0136 2500 ohci1394 - ok
12:28:25.0183 2500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:28:25.0183 2500 Parport - ok
12:28:25.0230 2500 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:28:25.0230 2500 partmgr - ok
12:28:25.0261 2500 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:28:25.0261 2500 pci - ok
12:28:25.0308 2500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:28:25.0308 2500 pciide - ok
12:28:25.0339 2500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:28:25.0339 2500 pcmcia - ok
12:28:25.0370 2500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:28:25.0370 2500 pcw - ok
12:28:25.0402 2500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:28:25.0417 2500 PEAUTH - ok
12:28:25.0558 2500 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:28:25.0558 2500 PptpMiniport - ok
12:28:25.0589 2500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:28:25.0604 2500 Processor - ok
12:28:25.0682 2500 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:28:25.0682 2500 Psched - ok
12:28:25.0760 2500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:28:25.0807 2500 ql2300 - ok
12:28:25.0838 2500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:28:25.0838 2500 ql40xx - ok
12:28:25.0870 2500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:28:25.0870 2500 QWAVEdrv - ok
12:28:25.0885 2500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:28:25.0885 2500 RasAcd - ok
12:28:25.0916 2500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:28:25.0932 2500 RasAgileVpn - ok
12:28:25.0963 2500 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:28:25.0979 2500 Rasl2tp - ok
12:28:26.0010 2500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:28:26.0010 2500 RasPppoe - ok
12:28:26.0026 2500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:28:26.0026 2500 RasSstp - ok
12:28:26.0088 2500 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:28:26.0088 2500 rdbss - ok
12:28:26.0119 2500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:28:26.0119 2500 rdpbus - ok
12:28:26.0166 2500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:28:26.0166 2500 RDPCDD - ok
12:28:26.0213 2500 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:28:26.0213 2500 RDPDR - ok
12:28:26.0244 2500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:28:26.0244 2500 RDPENCDD - ok
12:28:26.0275 2500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:28:26.0275 2500 RDPREFMP - ok
12:28:26.0322 2500 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:28:26.0338 2500 RDPWD - ok
12:28:26.0384 2500 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:28:26.0384 2500 rdyboost - ok
12:28:26.0447 2500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:28:26.0447 2500 rspndr - ok
12:28:26.0509 2500 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:28:26.0509 2500 RTL8167 - ok
12:28:26.0556 2500 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:28:26.0556 2500 s3cap - ok
12:28:26.0603 2500 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:28:26.0603 2500 sbp2port - ok
12:28:26.0650 2500 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:28:26.0650 2500 scfilter - ok
12:28:26.0696 2500 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:28:26.0696 2500 sdbus - ok
12:28:26.0743 2500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:28:26.0743 2500 secdrv - ok
12:28:26.0821 2500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:28:26.0821 2500 Serenum - ok
12:28:26.0837 2500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:28:26.0837 2500 Serial - ok
12:28:26.0884 2500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:28:26.0884 2500 sermouse - ok
12:28:26.0977 2500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:28:26.0993 2500 sffdisk - ok
12:28:27.0024 2500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:28:27.0024 2500 sffp_mmc - ok
12:28:27.0040 2500 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:28:27.0040 2500 sffp_sd - ok
12:28:27.0071 2500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:28:27.0071 2500 sfloppy - ok
12:28:27.0102 2500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:28:27.0102 2500 SiSRaid2 - ok
12:28:27.0133 2500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:28:27.0133 2500 SiSRaid4 - ok
12:28:27.0164 2500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:28:27.0164 2500 Smb - ok
12:28:27.0258 2500 smserial (7ae8bca90539ecbde87ac45ba1436be3) C:\Windows\system32\DRIVERS\SmSerl64.sys
12:28:27.0289 2500 smserial - ok
12:28:27.0383 2500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:28:27.0398 2500 spldr - ok
12:28:27.0461 2500 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:28:27.0461 2500 srv - ok
12:28:27.0508 2500 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:28:27.0523 2500 srv2 - ok
12:28:27.0539 2500 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:28:27.0554 2500 srvnet - ok
12:28:27.0710 2500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:28:27.0726 2500 stexstor - ok
12:28:27.0788 2500 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:28:27.0788 2500 storflt - ok
12:28:27.0851 2500 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:28:27.0851 2500 storvsc - ok
12:28:27.0882 2500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:28:27.0898 2500 swenum - ok
12:28:27.0991 2500 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:28:28.0069 2500 Tcpip - ok
12:28:28.0147 2500 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:28:28.0147 2500 TCPIP6 - ok
12:28:28.0210 2500 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:28:28.0210 2500 tcpipreg - ok
12:28:28.0272 2500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:28:28.0272 2500 TDPIPE - ok
12:28:28.0350 2500 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:28:28.0350 2500 TDTCP - ok
12:28:28.0459 2500 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:28:28.0459 2500 tdx - ok
12:28:28.0506 2500 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:28:28.0506 2500 TermDD - ok
12:28:28.0584 2500 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:28:28.0584 2500 tssecsrv - ok
12:28:28.0631 2500 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:28:28.0631 2500 TsUsbFlt - ok
12:28:28.0693 2500 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:28:28.0693 2500 tunnel - ok
12:28:28.0724 2500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:28:28.0724 2500 uagp35 - ok
12:28:28.0771 2500 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:28:28.0771 2500 udfs - ok
12:28:28.0849 2500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:28:28.0849 2500 uliagpkx - ok
12:28:28.0880 2500 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:28:28.0896 2500 umbus - ok
12:28:28.0943 2500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:28:28.0943 2500 UmPass - ok
12:28:29.0005 2500 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:28:29.0005 2500 usbaudio - ok
12:28:29.0036 2500 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:28:29.0036 2500 usbccgp - ok
12:28:29.0083 2500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:28:29.0083 2500 usbcir - ok
12:28:29.0130 2500 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:28:29.0130 2500 usbehci - ok
12:28:29.0177 2500 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:28:29.0177 2500 usbhub - ok
12:28:29.0208 2500 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:28:29.0208 2500 usbohci - ok
12:28:29.0239 2500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:28:29.0255 2500 usbprint - ok
12:28:29.0270 2500 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:28:29.0270 2500 USBSTOR - ok
12:28:29.0302 2500 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:28:29.0302 2500 usbuhci - ok
12:28:29.0364 2500 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:28:29.0364 2500 usbvideo - ok
12:28:29.0458 2500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:28:29.0473 2500 vdrvroot - ok
12:28:29.0520 2500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:28:29.0520 2500 vga - ok
12:28:29.0551 2500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:28:29.0551 2500 VgaSave - ok
12:28:29.0582 2500 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:28:29.0598 2500 vhdmp - ok
12:28:29.0629 2500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:28:29.0629 2500 viaide - ok
12:28:29.0660 2500 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:28:29.0660 2500 vmbus - ok
12:28:29.0692 2500 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:28:29.0692 2500 VMBusHID - ok
12:28:29.0707 2500 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:28:29.0707 2500 volmgr - ok
12:28:29.0770 2500 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:28:29.0770 2500 volmgrx - ok
12:28:29.0816 2500 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:28:29.0816 2500 volsnap - ok
12:28:29.0863 2500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:28:29.0863 2500 vsmraid - ok
12:28:29.0894 2500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:28:29.0894 2500 vwifibus - ok
12:28:29.0941 2500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:28:29.0941 2500 WacomPen - ok
12:28:29.0988 2500 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:28:29.0988 2500 WANARP - ok
12:28:30.0004 2500 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:28:30.0004 2500 Wanarpv6 - ok
12:28:30.0050 2500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:28:30.0050 2500 Wd - ok
12:28:30.0097 2500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:28:30.0097 2500 Wdf01000 - ok
12:28:30.0160 2500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:28:30.0160 2500 WfpLwf - ok
12:28:30.0191 2500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:28:30.0191 2500 WIMMount - ok
12:28:30.0316 2500 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
12:28:30.0316 2500 WinUsb - ok
12:28:30.0362 2500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:28:30.0362 2500 WmiAcpi - ok
12:28:30.0409 2500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:28:30.0425 2500 ws2ifsl - ok
12:28:30.0472 2500 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:28:30.0472 2500 WudfPf - ok
12:28:30.0487 2500 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:28:30.0503 2500 WUDFRd - ok
12:28:30.0550 2500 XENfiltv (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\XENfiltv.sys
12:28:30.0550 2500 XENfiltv - ok
12:28:30.0659 2500 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
12:28:30.0659 2500 xusb21 - ok
12:28:30.0690 2500 MBR (0x1B8) (a394fad93df70af56349f150c1a53331) \Device\Harddisk0\DR0
12:28:30.0737 2500 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
12:28:30.0737 2500 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
12:28:30.0737 2500 Boot (0x1200) (f373672980a468bcab4eb7466ddceb3c) \Device\Harddisk0\DR0\Partition0
12:28:30.0737 2500 \Device\Harddisk0\DR0\Partition0 - ok
12:28:30.0799 2500 Boot (0x1200) (c22d5cfb8568383976be070c5a93e2bc) \Device\Harddisk0\DR0\Partition1
12:28:30.0799 2500 \Device\Harddisk0\DR0\Partition1 - ok
12:28:30.0815 2500 Boot (0x1200) (0e6bb4fedb0639f053ad5ec99ef43c72) \Device\Harddisk0\DR0\Partition2
12:28:30.0815 2500 \Device\Harddisk0\DR0\Partition2 - ok
12:28:30.0846 2500 Boot (0x1200) (b2d034993b7bf5082f1d0285973d1902) \Device\Harddisk0\DR0\Partition3
12:28:30.0846 2500 \Device\Harddisk0\DR0\Partition3 - ok
12:28:30.0846 2500 ============================================================
12:28:30.0846 2500 Scan finished
12:28:30.0846 2500 ============================================================
12:28:30.0846 2884 Detected object count: 1
12:28:30.0846 2884 Actual detected object count: 1
12:28:35.0604 2884 \Device\Harddisk0\DR0 - processing error
12:28:47.0008 2884 \Device\Harddisk0\DR0 - will be restored on reboot
12:28:47.0008 2884 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
12:28:49.0379 3924 Deinitialize success
Bei combofix kam es nach einem scheinbareren Scan zu folgendem Fehler: "NIRCMD "NIRCMD" konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang" Zudem öffnet sich ein Dos Fenster in dem steht: "Der Befehl "c.bat" ist entweder falsch geschrieben oder konnte nicht gefunden werden. C:\ComboFix>" |
|
23.01.2012, 16:27
| #9 |
| /// Selecta Jahrusso | Browser starten nicht mehr, google schickt mich auf falsche Seiten Hy Lösche bitte die vorhandene Combofix Version und downloade dir von hier eine neue Version. Benenne diese vor dem abspeichern in svchost.exe um. Gehe sicher, dass all deine Anti Virus und anderen Schutzprogramme abgeschalten sind und starte die umbenannte Version von Combofix mit Rechtsklick --> Als Admin ausführen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie Geändert von Larusso (23.01.2012 um 16:42 Uhr) |
|
25.01.2012, 00:46
| #10 |
| | Browser starten nicht mehr, google schickt mich auf falsche Seiten Hi, Also nach dem Starten des Programms läuft scheinbar automatisch ein Scan durch und dann schließt sich das Programm und es passiert nichts. Ich kriege also keine Anweisungen oder kann irgendwas anklicken. Es kommt keine Fehlermeldung aber ich finde auch keine Log Datei. Google funktioniert aber schonmal wieder  |
|
25.01.2012, 01:10
| #11 |
| /// Selecta Jahrusso | Browser starten nicht mehr, google schickt mich auf falsche Seiten Sie bitte mal im Ordner C:\qoobox nach, ob sich dort eine Combofix.txt befindet
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
26.01.2012, 17:35
| #12 |
| | Browser starten nicht mehr, google schickt mich auf falsche Seiten In dem Ordner sind nur Unterordner die auch alle leer sind. |
|
26.01.2012, 21:45
| #13 |
| /// Selecta Jahrusso | Browser starten nicht mehr, google schickt mich auf falsche Seiten Gehe in den abgesicherten Modus (Link bitte unbedingt anklicken & lesen!) von windows
Starte Combofix und lass es in Ruhe laufen. Hoffentlich bekomm ich jetzt ein Logfile
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
27.01.2012, 02:04
| #14 |
| | Browser starten nicht mehr, google schickt mich auf falsche Seiten Ah ok. Jetzt habe ich eine Log Datei. Allerdings hat er vor dem Scan darauf hingewiesen, dass "Desktop Antivir" laufen würde. Ich habe leider keine Ahnung wie man das schließt (im Taskmanager habe ich nichts gefunden). Ich hoffe die Log Datei ist trotzdem brauchbar. Code:
ATTFilter ComboFix 12-01-23.02 - Mark 27.01.2012 1:44.1.2 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4091.3447 [GMT 1:00]
ausgeführt von:: c:\users\Mark\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\users\Mark\P-7-78-8964-9648-3874
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-27 bis 2012-01-27 ))))))))))))))))))))))))))))))
.
.
2012-01-27 00:49 . 2012-01-27 00:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-27 00:49 . 2012-01-27 00:49 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-01-27 00:49 . 2012-01-27 00:49 -------- d-----w- c:\users\postgres.Mark-PC\AppData\Local\temp
2012-01-27 00:49 . 2012-01-27 00:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-26 18:36 . 2012-01-26 18:36 -------- d-----w- c:\users\Mark\AppData\Local\Namco
2012-01-26 18:06 . 2012-01-26 18:07 -------- d-----w- c:\program files (x86)\Puzzle Quest 2
2012-01-26 17:43 . 2012-01-26 17:43 -------- d-----w- c:\program files (x86)\bfgclient
2012-01-26 17:43 . 2012-01-26 17:43 -------- d-----w- c:\programdata\Big Fish Games
2012-01-26 17:35 . 2012-01-26 18:08 -------- d-----w- C:\BigFishGamesCache
2012-01-15 19:53 . 2012-01-15 19:54 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-01-12 20:50 . 2012-01-12 20:50 -------- d-----w- c:\programdata\Creative Labs
2012-01-11 19:56 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 19:56 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 19:56 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 19:56 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 19:56 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 19:56 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 19:56 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 19:56 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 15:54 . 2012-01-11 18:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-11 15:54 . 2012-01-11 15:54 -------- d-----w- c:\windows\system32\Macromed
2012-01-11 15:42 . 2012-01-11 15:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-11 15:42 . 2012-01-11 15:42 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-01-11 11:34 . 2012-01-11 11:34 -------- d-----w- C:\found.000
2012-01-09 15:04 . 2012-01-09 15:04 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-01-09 15:04 . 2012-01-09 15:04 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-01-09 15:04 . 2012-01-09 15:04 150696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-01-09 15:03 . 2012-01-09 15:04 108544 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2012-01-09 15:03 . 2012-01-09 15:03 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-01-09 15:03 . 2012-01-09 15:04 -------- d-----w- c:\program files (x86)\Real
2012-01-07 18:02 . 2012-01-07 18:02 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-07 18:02 . 2012-01-07 18:02 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-07 18:02 . 2012-01-07 18:02 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-07 18:02 . 2012-01-07 18:02 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-11 15:42 . 2010-07-11 13:34 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-19 18:59 . 2011-10-07 17:48 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2011-10-07 17:47 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2011-10-07 17:47 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2011-10-07 17:47 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-10-07 17:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 18:58 . 2011-10-07 17:47 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-19 18:58 . 2011-10-07 17:47 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-10 14:24 . 2011-11-08 19:54 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 12:31 . 2011-12-08 12:31 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2011-12-08 12:31 . 2011-12-08 12:31 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-11-24 04:52 . 2011-12-14 10:18 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 01:36 . 2011-11-06 01:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-11-06 01:36 . 2011-11-06 01:36 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-11-06 01:36 . 2011-11-06 01:36 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-11-05 05:41 . 2011-12-14 10:18 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 10:18 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 10:18 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 10:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 10:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 10:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-11-01 00:07 . 2011-11-01 00:07 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Steam"="f:\steam\steam.exe" [2011-08-02 1242448]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"combofix"="c:\combofix\CF27700.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-10 79360]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;F:/poker/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D F:/poker/PostgreSQL/8.4/data -w [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-28 c:\windows\Tasks\Norton Security Scan for Mark.job
- c:\progra~2\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-23 23:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:62141
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: Interfaces\{1A25F6BA-D8E7-4EA0-9407-9F8E5E0EA8CA}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{BFBC0C73-8713-4369-8AD9-1C5E85151453}: NameServer = 8.26.56.26,156.154.70.22
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\mfzfdpv8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62141
FF - prefs.js: network.proxy.type - 0
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="F:/poker/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"F:/poker/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="F:/poker/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"F:/poker/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
f:\poker\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
f:\poker\PostgreSQL\8.4\bin\postgres.exe
f:\poker\PostgreSQL\8.4\bin\postgres.exe
f:\poker\PostgreSQL\8.4\bin\postgres.exe
f:\poker\PostgreSQL\8.4\bin\postgres.exe
f:\poker\PostgreSQL\8.4\bin\postgres.exe
f:\poker\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-27 01:58:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-27 00:58
.
Vor Suchlauf: 9.049.088.000 Bytes frei
Nach Suchlauf: 9.201.053.696 Bytes frei
.
- - End Of File - - 6A4A1A47403C71EC33C4A3399B326782
|
|
27.01.2012, 17:02
| #15 |
| /// Selecta Jahrusso | Browser starten nicht mehr, google schickt mich auf falsche Seiten Hy, Iwie seltsam, da im abgesicherten Modus überhaupt nichts dergleichen läuft. Anyway Hast du den Proxy Server selber erstellt ? ( wenn du nicht weißt, was es ist, wird dies nicht der Fall sein ) Wie läuft der Rechner im Normal Modus
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Browser starten nicht mehr, google schickt mich auf falsche Seiten |
| autorun, bho, browser, canon, downloader, error, exe, firefox, format, google, google earth, helper, hijack, iexplore.exe, iminent, iminent toolbar, install.exe, jdownloader, langs, logfile, mbamservice.exe, mozilla thunderbird, nvidia update, object, plug-in, port, realtek, registry, required, rundll, scan, security, security scan, software, starten, starten nicht, super, sweetim, taskmanager, teamspeak, webcheck, windows |
Hybrid-Darstellung
