| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Progressive Protection VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.10.2012, 19:54
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  System Progressive Protection VirusZitat:
NICHTS voreilig aus der Quarantäne löschen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.10.2012, 20:08
| #17 |
 | System Progressive Protection Virus erledigt
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.04.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Bernd :: LANGBAUER-PC [Administrator] Schutz: Aktiviert 04.10.2012 19:10:12 mbam-log-2012-10-04 (19-10-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 317870 Laufzeit: 1 Stunde(n), 27 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
04.10.2012, 20:09
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Progressive Protection VirusCode:
ATTFilter C:\Users\Bernd\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe
 Finger weg von Softonic!!  Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ |
|
04.10.2012, 20:12
| #19 |
| | System Progressive Protection Virus ja ich habs heute schon gelesen das solche software Müll ist. Wird auch umgehend entfernt Man lernt ja immer dazu # AdwCleaner v2.003 - Datei am 10/04/2012 um 20:04:46 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits) # Benutzer : Bernd - LANGBAUER-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Bernd\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\x47eyp4j.default\extensions\adapter@babylontc.com.xpi Datei Gefunden : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\x47eyp4j.default\extensions\ocr@babylon.com.xpi Ordner Gefunden : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Ordner Gefunden : C:\Users\Bernd\AppData\Local\TempDir Ordner Gefunden : C:\Users\Bernd\AppData\Roaming\eType ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Iminent Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gefunden : HKLM\Software\Iminent Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v15.0 (de) Profilname : default Datei : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\x47eyp4j.default\prefs.js Gefunden : user_pref("extensions.enabledAddons", "adapter@babylontc.com:1.0.0.1,ocr@babylon.com:1.1,{972ce4c6-7[...] ************************* AdwCleaner[R1].txt - [2124 octets] - [04/10/2012 20:04:46] ########## EOF - C:\AdwCleaner[R1].txt - [2184 octets] ########## |
|
05.10.2012, 09:40
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Progressive Protection Virus Die Logs bitte in CODE-Tags posten!  adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2012, 09:54
| #21 |
| | System Progressive Protection Virus so besserCode:
ATTFilter wCleaner v2.003 - Datei am 10/05/2012 um 10:46:54 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : Bernd - LANGBAUER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Bernd\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\x47eyp4j.default\extensions\adapter@babylontc.com.xpi
Datei Gelöscht : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\x47eyp4j.default\extensions\ocr@babylon.com.xpi
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gelöscht : C:\Users\Bernd\AppData\Local\TempDir
Ordner Gelöscht : C:\Users\Bernd\AppData\Roaming\eType
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\x47eyp4j.default\prefs.js
Gelöscht : user_pref("extensions.enabledAddons", "adapter@babylontc.com:1.0.0.1,ocr@babylon.com:1.1,{972ce4c6-7[...]
*************************
AdwCleaner[R1].txt - [2253 octets] - [04/10/2012 20:04:46]
AdwCleaner[R2].txt - [2313 octets] - [05/10/2012 10:44:28]
AdwCleaner[S1].txt - [2503 octets] - [05/10/2012 10:46:54]
|
|
05.10.2012, 13:43
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Progressive Protection Virus Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2012, 20:16
| #23 |
| | System Progressive Protection Virus Windows läuft wieder ganz normal und ich vermisse keine Programme. Allerdings hab ich heute von meinem Internetanbieter eine Mail bekommen das von diesem PC Spam-Mails versendet werden. Allerdings kam die Mail erst heute und man hat das am 3.10. festgestellt, jetzt weiß ich nicht ob es immer noch so ist. Denn ich soll das schnellstmöglich in Ordnung bringen sonnst sperren sie mir den Internetzugang. |
|
07.10.2012, 03:22
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Progressive Protection Virus Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 19:35
| #25 |
| | System Progressive Protection Virus OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.10.2012 19:52:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bernd\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,22% Memory free
6,23 Gb Paging File | 5,03 Gb Available in Paging File | 80,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 156,67 Gb Free Space | 70,33% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 88,12 Gb Free Space | 37,85% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 9,92 Gb Free Space | 99,21% Space Free | Partition Type: NTFS
Computer Name: LANGBAUER-PC | User Name: Bernd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.07 19:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bernd\Downloads\OTL(1).exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.01 12:02:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.18 11:04:52 | 000,434,168 | ---- | M] (TomTom) -- C:\Programme\MyTomTom 3\MyTomTomSA.exe
PRC - [2012.05.14 15:48:54 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.14 15:48:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 15:48:53 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.14 15:48:53 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 15:48:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 15:48:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.08 18:55:56 | 007,027,664 | ---- | M] (ETU Software GmbH) -- C:\Programme\HSETU\ApplicationService\ApplicationService.exe
PRC - [2012.01.25 11:09:45 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Bernd\AppData\Local\Apps\2.0\D2YKVDHE.A2X\JJQMHEGW.3MR\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
PRC - [2011.06.29 15:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.02.20 14:58:44 | 000,053,248 | ---- | M] (Logitech Inc.) -- C:\Programme\SetPoint\LBTWiz.exe
PRC - [2007.02.20 14:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTSERV.EXE
PRC - [2007.02.20 14:29:00 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Programme\SetPoint\SetPoint.exe
PRC - [2007.01.11 20:15:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\khalshared\KHALMNPR.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.13 14:15:47 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\18050fc0ebf2c4835d05ffd337aa1616\System.Deployment.ni.dll
MOD - [2012.06.13 14:10:59 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.13 14:10:51 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.13 14:10:39 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.13 14:10:13 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.18 11:04:54 | 000,252,408 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2012.05.18 11:04:54 | 000,067,576 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2012.05.18 11:04:44 | 007,964,160 | ---- | M] () -- C:\Programme\MyTomTom 3\QtGui4.dll
MOD - [2012.05.18 11:04:44 | 000,980,480 | ---- | M] () -- C:\Programme\MyTomTom 3\QtNetwork4.dll
MOD - [2012.05.18 11:04:44 | 000,019,456 | ---- | M] () -- C:\Programme\MyTomTom 3\DeviceDetection.dll
MOD - [2012.05.18 11:04:42 | 002,302,464 | ---- | M] () -- C:\Programme\MyTomTom 3\QtCore4.dll
MOD - [2012.05.18 11:04:42 | 000,357,888 | ---- | M] () -- C:\Programme\MyTomTom 3\QtXml4.dll
MOD - [2012.05.13 08:42:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.13 08:39:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.13 08:38:29 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.13 08:38:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.13 08:37:54 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.13 08:37:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.01.25 11:09:19 | 000,368,640 | ---- | M] () -- C:\Users\Bernd\AppData\Local\Apps\2.0\D2YKVDHE.A2X\JJQMHEGW.3MR\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
========== Services (SafeList) ==========
SRV - [2012.09.21 16:59:45 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.14 09:11:53 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.20 03:26:02 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012.05.14 15:48:54 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 15:48:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 15:48:53 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 15:48:53 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 15:48:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.08 18:55:56 | 007,027,664 | ---- | M] (ETU Software GmbH) [Auto | Running] -- C:\Programme\HSETU\ApplicationService\ApplicationService.exe -- (HSETUApplicationService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.29 15:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.02.20 14:57:32 | 000,110,592 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.14 15:48:54 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 15:48:54 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.05.14 15:48:54 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.05.14 15:48:54 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.03.26 23:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2012.01.25 11:09:25 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2011.10.11 15:52:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.19 06:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.09.17 09:07:00 | 007,624,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.01.11 20:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.01.11 20:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-224231629-1705089913-2493866651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-224231629-1705089913-2493866651-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-224231629-1705089913-2493866651-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-224231629-1705089913-2493866651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-224231629-1705089913-2493866651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..keyword.URL: "hxxp://go.web.de/br/moz_keyurl_search/?su="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 09:11:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 09:11:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.01.22 11:51:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Extensions
[2012.10.05 10:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\x47eyp4j.default\extensions
[2012.09.10 20:14:54 | 000,518,756 | ---- | M] () (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\extensions\toolbar@web.de.xpi
[2012.02.24 22:33:18 | 000,000,933 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\searchplugins\11-suche.xml
[2012.02.24 22:33:18 | 000,002,419 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\searchplugins\englische-ergebnisse.xml
[2012.02.24 22:33:18 | 000,010,525 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\searchplugins\gmx-suche.xml
[2012.02.24 22:33:18 | 000,002,457 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\searchplugins\lastminute.xml
[2012.02.24 22:33:18 | 000,005,508 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mozilla\firefox\profiles\x47eyp4j.default\searchplugins\webde-suche.xml
[2012.10.05 10:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.14 09:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.09.14 09:11:43 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.09.14 09:11:53 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-224231629-1705089913-2493866651-1000..\Run: [AVMUSBFernanschluss] C:\Users\Bernd\AppData\Local\Apps\2.0\D2YKVDHE.A2X\JJQMHEGW.3MR\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-224231629-1705089913-2493866651-1000..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-224231629-1705089913-2493866651-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE2E673-F951-4FE5-A387-7598FDFE91A2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61C6D9CB-7C89-499F-A1B0-E1A365B5250F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d55b2e4-65cf-11e1-b162-001d0976423b}\Shell - "" = AutoRun
O33 - MountPoints2\{2d55b2e4-65cf-11e1-b162-001d0976423b}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.10.04 16:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.04 13:50:24 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\Malwarebytes
[2012.10.04 13:50:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.04 13:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.04 13:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.04 13:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.03 14:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\558B4AD8E66D86CE0052558AF8D50D9C
[2012.09.29 10:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\KinderDuden
[2012.09.25 21:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012.09.24 15:44:46 | 000,000,000 | R--D | C] -- C:\Users\Bernd\Documents\Scanned Documents
[2012.09.24 15:44:46 | 000,000,000 | ---D | C] -- C:\Users\Bernd\Documents\Fax
[2012.09.21 16:07:59 | 000,000,000 | ---D | C] -- C:\Users\Bernd\Documents\src
[2012.09.21 16:07:59 | 000,000,000 | ---D | C] -- C:\Users\Bernd\Documents\__MACOSX
[2012.09.15 09:50:56 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\LumacDaemon
[2012.09.15 09:50:53 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\Lumaris_F.Z.E
[2012.09.15 09:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\Lumac
[2012.09.14 20:27:17 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\U3
[2012.09.14 09:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.13 13:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.13 13:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.13 13:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.13 13:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.11 07:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
========== Files - Modified Within 30 Days ==========
[2012.10.07 19:46:02 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 19:46:02 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 19:45:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 19:45:52 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.07 14:24:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.07 13:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.06 21:18:45 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Lumac.lnk
[2012.10.05 07:09:19 | 000,011,496 | ---- | M] () -- C:\Users\Bernd\Documents\cc_20121005_070915.reg
[2012.10.04 13:31:03 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.04 13:31:03 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.04 13:31:03 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.04 13:31:03 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.04 11:03:10 | 000,059,392 | ---- | M] () -- C:\Users\Bernd\AppData\Local\qodipbhk
[2012.10.03 15:01:48 | 000,093,184 | ---- | M] () -- C:\Users\Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.03 14:02:50 | 000,059,392 | ---- | M] () -- C:\Users\Bernd\AppData\Local\cxxitugi
[2012.10.03 14:00:49 | 000,000,000 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\SharedSettings.ccs
[2012.09.30 12:00:11 | 001,357,972 | ---- | M] () -- C:\Users\Bernd\Documents\Mindelheim.sh3d
[2012.09.20 08:36:32 | 005,734,769 | ---- | M] () -- C:\Users\Bernd\Energie.zip
[2012.09.20 08:19:19 | 000,234,183 | ---- | M] () -- C:\Users\Bernd\Documents\Oberste Decke Haal Sontheim a.d.Brenz.jpg
[2012.09.15 09:49:50 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.13 13:53:44 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.13 12:30:09 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
========== Files Created - No Company Name ==========
[2012.10.05 07:09:18 | 000,011,496 | ---- | C] () -- C:\Users\Bernd\Documents\cc_20121005_070915.reg
[2012.10.04 18:39:30 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.04 11:03:10 | 000,059,392 | ---- | C] () -- C:\Users\Bernd\AppData\Local\qodipbhk
[2012.10.03 14:02:50 | 000,059,392 | ---- | C] () -- C:\Users\Bernd\AppData\Local\cxxitugi
[2012.10.03 14:00:49 | 000,000,000 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\SharedSettings.ccs
[2012.09.29 22:58:25 | 001,357,972 | ---- | C] () -- C:\Users\Bernd\Documents\Mindelheim.sh3d
[2012.09.21 16:09:44 | 000,170,840 | ---- | C] () -- C:\Users\Bernd\dropbearmulti
[2012.09.21 16:09:44 | 000,000,398 | ---- | C] () -- C:\Users\Bernd\usbnetwork.sh
[2012.09.21 16:09:44 | 000,000,082 | ---- | C] () -- C:\Users\Bernd\._scp
[2012.09.21 16:09:44 | 000,000,082 | ---- | C] () -- C:\Users\Bernd\._dropbearkey
[2012.09.21 16:09:44 | 000,000,082 | ---- | C] () -- C:\Users\Bernd\._dropbearconvert
[2012.09.21 16:09:44 | 000,000,082 | ---- | C] () -- C:\Users\Bernd\._dbclient
[2012.09.21 16:07:59 | 000,093,037 | ---- | C] () -- C:\Users\Bernd\Documents\update_simple_usbnet_1.0_install.bin
[2012.09.21 16:07:59 | 000,001,526 | ---- | C] () -- C:\Users\Bernd\Documents\README
[2012.09.21 16:07:59 | 000,001,444 | ---- | C] () -- C:\Users\Bernd\Documents\update_simple_usbnet_1.0_uninstall.bin
[2012.09.21 16:07:59 | 000,000,127 | ---- | C] () -- C:\Users\Bernd\Documents\runme.sh
[2012.09.21 16:07:59 | 000,000,008 | ---- | C] () -- C:\Users\Bernd\Documents\password
[2012.09.20 08:19:19 | 000,234,183 | ---- | C] () -- C:\Users\Bernd\Documents\Oberste Decke Haal Sontheim a.d.Brenz.jpg
[2012.09.15 09:50:33 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Lumac.lnk
[2012.09.15 09:50:33 | 000,001,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lumac.lnk
[2012.09.13 13:53:44 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.27 17:52:20 | 000,000,129 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.04.07 07:10:19 | 005,734,769 | ---- | C] () -- C:\Users\Bernd\Energie.zip
[2012.02.27 10:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.02.27 10:40:44 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.02.27 10:38:36 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.02.27 10:38:18 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.02.08 09:02:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.01.25 12:04:11 | 000,001,583 | ---- | C] () -- C:\Windows\System32\hpenum.ini
[2012.01.25 12:04:11 | 000,000,103 | ---- | C] () -- C:\Windows\System32\hptrace.ini
[2012.01.25 12:04:11 | 000,000,055 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012.01.25 12:02:33 | 000,013,451 | ---- | C] () -- C:\Windows\hpbins01.dat
[2012.01.25 12:02:11 | 000,003,342 | ---- | C] () -- C:\Windows\hplj3380.ini
[2012.01.25 11:44:40 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012.01.24 18:37:00 | 000,000,024 | ---- | C] () -- C:\Windows\HBUser.ini
[2012.01.24 15:24:32 | 000,093,184 | ---- | C] () -- C:\Users\Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.24 15:16:57 | 000,000,293 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.01.23 07:58:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.01.23 06:02:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.01.23 06:02:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.01.23 06:01:34 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.01.21 14:57:50 | 000,000,680 | ---- | C] () -- C:\Users\Bernd\AppData\Local\d3d9caps.dat
[2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
========== ZeroAccess Check ==========
[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.01.24 16:29:38 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\DataDesign
[2012.04.09 15:44:57 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\HSETU
[2012.02.22 22:06:05 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Lexware
[2012.10.07 09:10:50 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\LumacDaemon
[2012.01.24 18:33:38 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\T-Online
[2012.03.16 08:05:24 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\TeamViewer
[2012.08.08 21:58:49 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\WindSolutions
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.01.24 14:22:09 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Adobe
[2012.07.11 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Apple Computer
[2012.01.23 20:26:00 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Avira
[2012.01.24 16:29:38 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\DataDesign
[2012.08.07 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\dvdcss
[2012.04.09 15:44:57 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\HSETU
[2012.01.21 14:57:54 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Identities
[2012.02.22 22:06:05 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Lexware
[2012.02.08 09:02:02 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Logitech
[2012.10.07 09:10:50 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\LumacDaemon
[2012.01.23 00:04:51 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Macromedia
[2012.10.04 13:50:24 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Malwarebytes
[2012.09.30 14:49:55 | 000,000,000 | --SD | M] -- C:\Users\Bernd\AppData\Roaming\Microsoft
[2012.01.22 11:51:38 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\Mozilla
[2012.01.24 18:33:38 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\T-Online
[2012.03.16 08:05:24 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\TeamViewer
[2012.09.14 20:27:24 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\U3
[2012.10.03 00:32:14 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\vlc
[2012.08.08 21:58:49 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\WindSolutions
[2012.07.11 20:13:11 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2012.02.08 08:59:01 | 000,010,134 | R--- | M] () -- C:\Users\Bernd\AppData\Roaming\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
[2012.02.08 08:57:06 | 000,010,134 | R--- | M] () -- C:\Users\Bernd\AppData\Roaming\Microsoft\Installer\{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}\ARPPRODUCTICON.exe
[2012.01.24 19:13:30 | 000,010,134 | R--- | M] () -- C:\Users\Bernd\AppData\Roaming\Microsoft\Installer\{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}\ARPPRODUCTICON.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Bernd\AppData\Roaming\U3\temp\Launchpad Removal.exe
[2012.08.08 12:32:29 | 007,551,896 | ---- | M] (WindSolutions) -- C:\Users\Bernd\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe
[2012.07.09 13:43:52 | 004,156,848 | ---- | M] (WindSolutions) -- C:\Users\Bernd\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
[2012.07.09 13:45:10 | 008,331,752 | ---- | M] (WindSolutions) -- C:\Users\Bernd\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe
[2012.08.08 21:58:40 | 006,694,520 | ---- | M] (WindSolutions) -- C:\Users\Bernd\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransTuneSwift.exe
[2012.08.08 13:09:31 | 004,976,992 | ---- | M] (WindSolutions) -- C:\Users\Bernd\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\iLibs.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.02.22 03:53:17 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.02.22 03:53:17 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.02.22 03:53:17 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2012.01.22 04:17:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2012.01.22 04:17:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2012.01.22 04:17:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2012.01.21 15:52:37 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2012.01.21 15:52:37 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WININIT.EXE >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
< MD5 for: WINLOGON.EXE >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2012.01.23 15:22:58 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.01.23 15:22:58 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
< >
[2006.11.02 15:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:23 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.04 05:52:14 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< End of report >
OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.10.2012 19:52:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bernd\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,22% Memory free
6,23 Gb Paging File | 5,03 Gb Available in Paging File | 80,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,78 Gb Total Space | 156,67 Gb Free Space | 70,33% Space Free | Partition Type: NTFS
Drive D: | 232,83 Gb Total Space | 88,12 Gb Free Space | 37,85% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 9,92 Gb Free Space | 99,21% Space Free | Partition Type: NTFS
Computer Name: LANGBAUER-PC | User Name: Bernd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-224231629-1705089913-2493866651-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0888C603-217D-47E3-BB0C-7EE03F5C2EFE}" = lport=139 | protocol=6 | dir=in | app=system |
"{0FE13160-65AE-400E-9D3A-55008BC173FD}" = rport=137 | protocol=17 | dir=out | app=system |
"{228E07D6-1D60-4EF4-AEAF-FE843BA4324F}" = lport=445 | protocol=6 | dir=in | app=system |
"{26A55C42-DDEA-4933-8B5D-CDB90FAE48C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{384656F5-7F39-4D06-A463-C85F2F49EC07}" = rport=139 | protocol=6 | dir=out | app=system |
"{3FB16AC2-0B55-4B83-A3D9-C6B408F7814B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{483CB6AE-D5D1-4C7B-9C12-12C519AB0BA3}" = rport=445 | protocol=6 | dir=out | app=system |
"{70B9A6DA-9451-4E2F-93B7-B3BBFA885F12}" = rport=138 | protocol=17 | dir=out | app=system |
"{70BFE012-5D8D-4798-86F2-8352ED92F07C}" = lport=138 | protocol=17 | dir=in | app=system |
"{77DADD8B-4E91-45F4-8012-C8ABF277A0C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FF9A5A9C-C38E-4A9A-A634-91257A1285EB}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FB3C60-34A9-478A-A695-ABBB3D464B34}" = protocol=6 | dir=in | app=c:\users\bernd\appdata\local\apps\2.0\d2ykvdhe.a2x\jjqmhegw.3mr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{4756E529-A971-46DF-860E-7F12836C8C10}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4BF7122B-6436-4A02-B00B-D5A0ADA6B77A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4D55650D-54F3-4F14-A0FC-6A43D24ED554}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{582E7973-BCC4-411B-971E-99E4F9E20B88}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{588C5763-F80B-4A09-B6EF-A87CCC208D9A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60048C5E-50E6-4DE9-A5A4-28CBD0A1BE48}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7F04323E-ED9A-4F9B-9F8C-DBAB7058EC79}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{89AC897F-9245-4E00-AB7C-3C71944AD143}" = protocol=6 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{8DC824EA-192C-4FA0-81C9-82A47C4BFC67}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D3DE4B67-11EA-461A-B91E-3F2B9F2D0AFF}" = protocol=17 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{F55A8D93-0C77-4574-8CF5-19CCF707E8C4}" = protocol=17 | dir=in | app=c:\users\bernd\appdata\local\apps\2.0\d2ykvdhe.a2x\jjqmhegw.3mr\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking
"{010AE555-28A0-486B-82F2-F5ABD3C6730B}" = Lexware business plus 2012
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{084732CF-79B7-40ED-814A-B49E81B14D6B}" = Lexware Elster
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{103C2CEA-0C40-44C2-A115-86A51AEBAA39}" = HSETU Energieberater Professional
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{164E3750-2271-4DCC-9B86-4A9CFD47A087}" = HS Verbrauchspass
"{16FB2E08-AE8E-40C6-8334-B6A59E264D05}" = Lexware Admintools Plus
"{1A2B3C4D-ABCD-EF01-701D-6789E1701D01}" = HSETU Heizlast 12831/2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{448DA1AD-D1CA-4967-8EFA-9482F31E7BFD}" = Lexware Datenbank plus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{571CC131-7C8F-4E6D-ACD0-84465DF9DA55}" = Lumac
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B54B1AE-EBCA-48BE-92AF-61D02118F093}" = Lexware online banking
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{900F386B-084E-4451-B734-E815EA74445F}" = Lexware kaufmann plus 2012
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}" = Borland Database Engine
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8033CB5-A8DF-47B3-BDE9-1796626994C6}" = Lexware faktura+auftrag 2012
"{E8788309-C0D0-46CD-8D77-1574D7F0B721}" = HSETU PV Quick
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"InstallShield_{571CC131-7C8F-4E6D-ACD0-84465DF9DA55}" = Lumac
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Müller Foto" = Müller Foto
"MyTomTom" = MyTomTom 3.2.0.700
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"VLC media player" = VLC media player 2.0.3
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-224231629-1705089913-2493866651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.10.2012 11:48:36 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.10.2012 11:48:36 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11419
Error - 06.10.2012 11:48:36 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11419
Error - 06.10.2012 11:48:37 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.10.2012 11:48:37 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12433
Error - 06.10.2012 11:48:37 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12433
Error - 06.10.2012 11:48:38 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.10.2012 11:48:38 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13431
Error - 06.10.2012 11:48:38 | Computer Name = Langbauer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13431
Error - 07.10.2012 13:56:07 | Computer Name = Langbauer-PC | Source = Windows Backup | ID = 4103
Description =
[ System Events ]
Error - 04.10.2012 03:41:06 | Computer Name = Langbauer-PC | Source = WinDefend | ID = 1008
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
wurde von %%827 ein Fehler festgestellt. Weitere Informationen finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Rogue:Win32/Winwebsec&threatid=133077
Überprüfungs-ID:
{35EA3851-CA3B-448B-B3AD-C70AFB6C9576} Überprüfungstyp: %%802 Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Name:
Rogue:Win32/Winwebsec ID: 133077 Schweregrad-ID: 5 Kategorie-ID: 8 Pfad: Aktion: %%811
Fehlercode:
0x80508022 Fehlerbeschreibung: Sie müssen den Computer neu starten, um die Entfernung
der Spyware oder anderer potenziell unerwünschter Software abzuschließen.
Error - 04.10.2012 06:14:41 | Computer Name = Langbauer-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker hp LaserJet 3015 PCL 5 nicht unter
dem Namen hp LaserJet 3015 PCL 5 freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 04.10.2012 06:15:39 | Computer Name = Langbauer-PC | Source = DCOM | ID = 10010
Description =
Error - 04.10.2012 06:37:29 | Computer Name = Langbauer-PC | Source = DCOM | ID = 10010
Description =
Error - 04.10.2012 07:40:09 | Computer Name = Langbauer-PC | Source = DCOM | ID = 10005
Description =
Error - 04.10.2012 07:40:17 | Computer Name = Langbauer-PC | Source = DCOM | ID = 10005
Description =
Error - 04.10.2012 07:40:23 | Computer Name = Langbauer-PC | Source = DCOM | ID = 10005
Description =
Error - 04.10.2012 07:40:52 | Computer Name = Langbauer-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 04.10.2012 07:40:52 | Computer Name = Langbauer-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 06.10.2012 11:29:00 | Computer Name = Langbauer-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker hp LaserJet 3015 PCL 5 nicht unter
dem Namen hp LaserJet 3015 PCL 5 freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
< End of report >
[/code] |
|
07.10.2012, 20:28
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Progressive Protection Virus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..keyword.URL: "http://go.web.de/br/moz_keyurl_search/?su="
FF - user.js - File not found
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d55b2e4-65cf-11e1-b162-001d0976423b}\Shell - "" = AutoRun
O33 - MountPoints2\{2d55b2e4-65cf-11e1-b162-001d0976423b}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
:Files
C:\Users\Bernd\AppData\Local\qodipbhk
C:\Users\Bernd\AppData\Local\cxxitugi
C:\Users\Bernd\AppData\Local\*.exe
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Bernd\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 20:44
| #27 |
| | System Progressive Protection Virus erledigt, hier das log Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "hxxp://go.web.de/br/moz_keyurl_search/?su=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d55b2e4-65cf-11e1-b162-001d0976423b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d55b2e4-65cf-11e1-b162-001d0976423b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d55b2e4-65cf-11e1-b162-001d0976423b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d55b2e4-65cf-11e1-b162-001d0976423b}\ not found.
File M:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
File M:\LaunchU3.exe -a not found.
========== FILES ==========
C:\Users\Bernd\AppData\Local\qodipbhk moved successfully.
C:\Users\Bernd\AppData\Local\cxxitugi moved successfully.
File\Folder C:\Users\Bernd\AppData\Local\*.exe not found.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Bernd\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File\Folder C:\Users\Bernd\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Bernd\Downloads\cmd.bat deleted successfully.
C:\Users\Bernd\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bernd
->Temp folder emptied: 17568289 bytes
->Temporary Internet Files folder emptied: 3115762 bytes
->FireFox cache emptied: 65551698 bytes
->Flash cache emptied: 523 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2450966 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 602112 bytes
Total Files Cleaned = 85,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10072012_213340
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\HSETU\HSETUApplicationService.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\asat0000.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JET79EF.tmp not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
07.10.2012, 20:52
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Progressive Protection Virus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 21:03
| #29 |
| | System Progressive Protection Virus Danke übrigens für Deine schnellen Antworten Code:
ATTFilter 21:56:27.0064 5456 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:56:27.0392 5456 ============================================================
21:56:27.0392 5456 Current date / time: 2012/10/07 21:56:27.0392
21:56:27.0392 5456 SystemInfo:
21:56:27.0392 5456
21:56:27.0392 5456 OS Version: 6.0.6002 ServicePack: 2.0
21:56:27.0392 5456 Product type: Workstation
21:56:27.0393 5456 ComputerName: LANGBAUER-PC
21:56:27.0393 5456 UserName: Bernd
21:56:27.0393 5456 Windows directory: C:\Windows
21:56:27.0393 5456 System windows directory: C:\Windows
21:56:27.0393 5456 Processor architecture: Intel x86
21:56:27.0393 5456 Number of processors: 2
21:56:27.0393 5456 Page size: 0x1000
21:56:27.0393 5456 Boot type: Normal boot
21:56:27.0393 5456 ============================================================
21:56:27.0857 5456 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:56:27.0865 5456 Drive \Device\Harddisk1\DR1 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:56:27.0905 5456 ============================================================
21:56:27.0905 5456 \Device\Harddisk0\DR0:
21:56:27.0907 5456 MBR partitions:
21:56:27.0907 5456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
21:56:27.0907 5456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000
21:56:27.0907 5456 \Device\Harddisk1\DR1:
21:56:27.0915 5456 MBR partitions:
21:56:27.0915 5456 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1A8000
21:56:27.0915 5456 ============================================================
21:56:27.0943 5456 C: <-> \Device\Harddisk0\DR0\Partition2
21:56:27.0956 5456 D: <-> \Device\Harddisk1\DR1\Partition1
21:56:27.0982 5456 E: <-> \Device\Harddisk0\DR0\Partition1
21:56:27.0982 5456 ============================================================
21:56:27.0982 5456 Initialize success
21:56:27.0982 5456 ============================================================
21:57:55.0302 3028 ============================================================
21:57:55.0302 3028 Scan started
21:57:55.0302 3028 Mode: Manual; SigCheck; TDLFS;
21:57:55.0302 3028 ============================================================
21:57:55.0558 3028 ================ Scan system memory ========================
21:57:55.0558 3028 System memory - ok
21:57:55.0558 3028 ================ Scan services =============================
21:57:55.0732 3028 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:57:55.0835 3028 ACPI - ok
21:57:55.0898 3028 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:57:55.0910 3028 AdobeARMservice - ok
21:57:55.0993 3028 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:57:56.0006 3028 AdobeFlashPlayerUpdateSvc - ok
21:57:56.0027 3028 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:57:56.0049 3028 adp94xx - ok
21:57:56.0079 3028 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:57:56.0096 3028 adpahci - ok
21:57:56.0124 3028 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:57:56.0138 3028 adpu160m - ok
21:57:56.0183 3028 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:57:56.0197 3028 adpu320 - ok
21:57:56.0232 3028 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:57:56.0285 3028 AeLookupSvc - ok
21:57:56.0334 3028 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:57:56.0367 3028 AFD - ok
21:57:56.0398 3028 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:57:56.0410 3028 agp440 - ok
21:57:56.0432 3028 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:57:56.0444 3028 aic78xx - ok
21:57:56.0463 3028 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:57:56.0504 3028 ALG - ok
21:57:56.0536 3028 [ 3A99CB23A2D326FD532618705D6E3048 ] aliide C:\Windows\system32\drivers\aliide.sys
21:57:56.0551 3028 aliide - ok
21:57:56.0596 3028 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:57:56.0609 3028 amdagp - ok
21:57:56.0625 3028 [ 4333C133DBD71C7D7FE4FB1B83F9EE3E ] amdide C:\Windows\system32\drivers\amdide.sys
21:57:56.0636 3028 amdide - ok
21:57:56.0662 3028 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:57:56.0718 3028 AmdK7 - ok
21:57:56.0733 3028 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:57:56.0800 3028 AmdK8 - ok
21:57:56.0854 3028 [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
21:57:56.0887 3028 AntiVirFirewallService - ok
21:57:56.0922 3028 [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
21:57:56.0937 3028 AntiVirMailService - ok
21:57:56.0994 3028 [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:57:57.0003 3028 AntiVirSchedulerService - ok
21:57:57.0028 3028 [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:57:57.0039 3028 AntiVirService - ok
21:57:57.0076 3028 [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:57:57.0094 3028 AntiVirWebService - ok
21:57:57.0126 3028 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:57:57.0155 3028 Appinfo - ok
21:57:57.0227 3028 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:57:57.0236 3028 Apple Mobile Device - ok
21:57:57.0292 3028 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
21:57:57.0332 3028 AppMgmt - ok
21:57:57.0352 3028 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
21:57:57.0364 3028 arc - ok
21:57:57.0386 3028 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:57:57.0398 3028 arcsas - ok
21:57:57.0433 3028 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:57:57.0456 3028 AsyncMac - ok
21:57:57.0481 3028 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:57:57.0493 3028 atapi - ok
21:57:57.0569 3028 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:57:57.0606 3028 AudioEndpointBuilder - ok
21:57:57.0627 3028 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:57:57.0647 3028 Audiosrv - ok
21:57:57.0684 3028 [ E6263CDD0EF3B98CFA2A251A21D8BE2E ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
21:57:57.0940 3028 avfwim - ok
21:57:57.0970 3028 [ 48929A52C039738C3193581F7FC483A5 ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
21:57:57.0982 3028 avfwot - ok
21:57:58.0016 3028 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:57:58.0027 3028 avgntflt - ok
21:57:58.0042 3028 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:57:58.0055 3028 avipbb - ok
21:57:58.0063 3028 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:57:58.0073 3028 avkmgr - ok
21:57:58.0113 3028 [ 728C4A6C722535C16D1025F51AA31E22 ] avmaudio C:\Windows\system32\DRIVERS\avmaudio.sys
21:57:58.0132 3028 avmaudio - ok
21:57:58.0173 3028 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
21:57:58.0242 3028 BCM43XV - ok
21:57:58.0268 3028 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:57:58.0307 3028 Beep - ok
21:57:58.0344 3028 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:57:58.0379 3028 BFE - ok
21:57:58.0423 3028 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
21:57:58.0494 3028 BITS - ok
21:57:58.0499 3028 blbdrive - ok
21:57:58.0538 3028 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:57:58.0583 3028 Bonjour Service - ok
21:57:58.0604 3028 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:57:58.0634 3028 bowser - ok
21:57:58.0680 3028 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:57:58.0714 3028 BrFiltLo - ok
21:57:58.0730 3028 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:57:58.0764 3028 BrFiltUp - ok
21:57:58.0811 3028 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:57:58.0875 3028 Browser - ok
21:57:58.0909 3028 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:57:58.0964 3028 Brserid - ok
21:57:59.0000 3028 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:57:59.0074 3028 BrSerWdm - ok
21:57:59.0094 3028 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:57:59.0136 3028 BrUsbMdm - ok
21:57:59.0155 3028 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:57:59.0211 3028 BrUsbSer - ok
21:57:59.0247 3028 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:57:59.0281 3028 BthEnum - ok
21:57:59.0303 3028 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:57:59.0359 3028 BTHMODEM - ok
21:57:59.0402 3028 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:57:59.0437 3028 BthPan - ok
21:57:59.0481 3028 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:57:59.0517 3028 BTHPORT - ok
21:57:59.0566 3028 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
21:57:59.0591 3028 BthServ - ok
21:57:59.0616 3028 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:57:59.0642 3028 BTHUSB - ok
21:57:59.0679 3028 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:57:59.0715 3028 cdfs - ok
21:57:59.0753 3028 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:57:59.0785 3028 cdrom - ok
21:57:59.0822 3028 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:57:59.0859 3028 CertPropSvc - ok
21:57:59.0878 3028 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
21:57:59.0930 3028 circlass - ok
21:57:59.0965 3028 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:57:59.0981 3028 CLFS - ok
21:58:00.0031 3028 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:58:00.0066 3028 clr_optimization_v2.0.50727_32 - ok
21:58:00.0128 3028 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:58:00.0148 3028 clr_optimization_v4.0.30319_32 - ok
21:58:00.0172 3028 [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:58:00.0185 3028 cmdide - ok
21:58:00.0213 3028 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:58:00.0225 3028 Compbatt - ok
21:58:00.0234 3028 COMSysApp - ok
21:58:00.0262 3028 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:58:00.0274 3028 crcdisk - ok
21:58:00.0287 3028 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:58:00.0331 3028 Crusoe - ok
21:58:00.0402 3028 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:58:00.0432 3028 CryptSvc - ok
21:58:00.0467 3028 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
21:58:00.0513 3028 CSC - ok
21:58:00.0545 3028 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
21:58:00.0586 3028 CscService - ok
21:58:00.0650 3028 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:58:00.0701 3028 DcomLaunch - ok
21:58:00.0721 3028 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:58:00.0749 3028 DfsC - ok
21:58:00.0805 3028 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:58:00.0910 3028 DFSR - ok
21:58:00.0976 3028 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:58:01.0010 3028 Dhcp - ok
21:58:01.0106 3028 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:58:01.0140 3028 disk - ok
21:58:01.0193 3028 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:58:01.0238 3028 Dnscache - ok
21:58:01.0278 3028 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:58:01.0322 3028 dot3svc - ok
21:58:01.0346 3028 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:58:01.0394 3028 Dot4 - ok
21:58:01.0416 3028 [ A84D8A9006B1AE515CC7B6B3586C295A ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
21:58:01.0450 3028 Dot4Scan - ok
21:58:01.0475 3028 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:58:01.0511 3028 dot4usb - ok
21:58:01.0547 3028 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:58:01.0580 3028 DPS - ok
21:58:01.0610 3028 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:58:01.0628 3028 drmkaud - ok
21:58:01.0655 3028 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:58:01.0688 3028 DXGKrnl - ok
21:58:01.0716 3028 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
21:58:01.0772 3028 e1express - ok
21:58:01.0806 3028 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:58:01.0862 3028 E1G60 - ok
21:58:01.0897 3028 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:58:01.0942 3028 EapHost - ok
21:58:01.0981 3028 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:58:01.0997 3028 Ecache - ok
21:58:02.0014 3028 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:58:02.0033 3028 elxstor - ok
21:58:02.0083 3028 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:58:02.0129 3028 EMDMgmt - ok
21:58:02.0157 3028 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:58:02.0192 3028 EventSystem - ok
21:58:02.0226 3028 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:58:02.0241 3028 exfat - ok
21:58:02.0270 3028 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:58:02.0305 3028 fastfat - ok
21:58:02.0338 3028 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
21:58:02.0391 3028 Fax - ok
21:58:02.0416 3028 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:58:02.0447 3028 fdc - ok
21:58:02.0472 3028 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:58:02.0512 3028 fdPHost - ok
21:58:02.0539 3028 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:58:02.0589 3028 FDResPub - ok
21:58:02.0621 3028 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:58:02.0641 3028 FileInfo - ok
21:58:02.0659 3028 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:58:02.0697 3028 Filetrace - ok
21:58:02.0723 3028 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:58:02.0779 3028 flpydisk - ok
21:58:02.0809 3028 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:58:02.0827 3028 FltMgr - ok
21:58:02.0887 3028 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
21:58:02.0939 3028 FontCache - ok
21:58:02.0973 3028 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:58:02.0985 3028 FontCache3.0.0.0 - ok
21:58:03.0008 3028 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:58:03.0022 3028 Fs_Rec - ok
21:58:03.0049 3028 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:58:03.0062 3028 gagp30kx - ok
21:58:03.0083 3028 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:58:03.0093 3028 GEARAspiWDM - ok
21:58:03.0124 3028 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:58:03.0162 3028 gpsvc - ok
21:58:03.0208 3028 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:58:03.0225 3028 HdAudAddService - ok
21:58:03.0261 3028 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:58:03.0302 3028 HDAudBus - ok
21:58:03.0326 3028 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:58:03.0358 3028 HidBth - ok
21:58:03.0379 3028 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:58:03.0421 3028 HidIr - ok
21:58:03.0439 3028 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
21:58:03.0464 3028 hidserv - ok
21:58:03.0506 3028 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:58:03.0535 3028 HidUsb - ok
21:58:03.0557 3028 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:58:03.0591 3028 hkmsvc - ok
21:58:03.0615 3028 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:58:03.0636 3028 HpCISSs - ok
21:58:03.0906 3028 [ 286403F0D051F476A41163626EACE252 ] HSETUApplicationService C:\Program Files\HSETU\ApplicationService\ApplicationService.exe
21:58:04.0093 3028 HSETUApplicationService - ok
21:58:04.0186 3028 [ 4FF5EF622F3E087710A01038AFA817E5 ] HssTrayService C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
21:58:04.0208 3028 HssTrayService - ok
21:58:04.0263 3028 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:58:04.0329 3028 HTTP - ok
21:58:04.0359 3028 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:58:04.0371 3028 i2omp - ok
21:58:04.0402 3028 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:58:04.0440 3028 i8042prt - ok
21:58:04.0460 3028 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:58:04.0477 3028 iaStorV - ok
21:58:04.0519 3028 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:58:04.0573 3028 idsvc - ok
21:58:04.0612 3028 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:58:04.0635 3028 iirsp - ok
21:58:04.0657 3028 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:58:04.0692 3028 IKEEXT - ok
21:58:04.0715 3028 [ 1C60617D54BC9F035671A44B75D9F7CC ] intelide C:\Windows\system32\drivers\intelide.sys
21:58:04.0727 3028 intelide - ok
21:58:04.0743 3028 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:58:04.0782 3028 intelppm - ok
21:58:04.0814 3028 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:58:04.0848 3028 IPBusEnum - ok
21:58:04.0877 3028 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:58:04.0923 3028 IpFilterDriver - ok
21:58:04.0975 3028 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:58:04.0990 3028 iphlpsvc - ok
21:58:04.0995 3028 IpInIp - ok
21:58:05.0025 3028 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:58:05.0070 3028 IPMIDRV - ok
21:58:05.0127 3028 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:58:05.0177 3028 IPNAT - ok
21:58:05.0218 3028 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:58:05.0244 3028 iPod Service - ok
21:58:05.0280 3028 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:58:05.0327 3028 IRENUM - ok
21:58:05.0356 3028 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:58:05.0369 3028 isapnp - ok
21:58:05.0396 3028 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:58:05.0411 3028 iScsiPrt - ok
21:58:05.0437 3028 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:58:05.0449 3028 iteatapi - ok
21:58:05.0474 3028 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:58:05.0486 3028 iteraid - ok
21:58:05.0501 3028 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:58:05.0515 3028 kbdclass - ok
21:58:05.0542 3028 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:58:05.0571 3028 kbdhid - ok
21:58:05.0595 3028 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:58:05.0626 3028 KeyIso - ok
21:58:05.0654 3028 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:58:05.0678 3028 KSecDD - ok
21:58:05.0710 3028 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:58:05.0764 3028 KtmRm - ok
21:58:05.0809 3028 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
21:58:05.0830 3028 LanmanServer - ok
21:58:05.0881 3028 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:58:05.0910 3028 LanmanWorkstation - ok
21:58:05.0948 3028 [ D27DD0015DCECF445F229020D263392A ] LBTServ C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
21:58:05.0952 3028 LBTServ ( UnsignedFile.Multi.Generic ) - warning
21:58:05.0952 3028 LBTServ - detected UnsignedFile.Multi.Generic (1)
21:58:05.0990 3028 Lexware_Datenbank_Plus - ok
21:58:06.0003 3028 [ 597D79382C154CEDB638A65012925A23 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:58:06.0018 3028 LHidFilt - ok
21:58:06.0063 3028 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:58:06.0098 3028 lltdio - ok
21:58:06.0125 3028 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:58:06.0161 3028 lltdsvc - ok
21:58:06.0186 3028 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:58:06.0229 3028 lmhosts - ok
21:58:06.0252 3028 [ 9EAD053D28182BD6ACB19D5F58202194 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:58:06.0262 3028 LMouFilt - ok
21:58:06.0289 3028 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:58:06.0328 3028 LSI_FC - ok
21:58:06.0363 3028 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:58:06.0394 3028 LSI_SAS - ok
21:58:06.0436 3028 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:58:06.0448 3028 LSI_SCSI - ok
21:58:06.0478 3028 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:58:06.0546 3028 luafv - ok
21:58:06.0579 3028 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:58:06.0591 3028 MBAMProtector - ok
21:58:06.0656 3028 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:58:06.0673 3028 MBAMScheduler - ok
21:58:06.0702 3028 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:58:06.0766 3028 MBAMService - ok
21:58:06.0793 3028 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
21:58:06.0805 3028 megasas - ok
21:58:06.0822 3028 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:58:06.0862 3028 MMCSS - ok
21:58:06.0890 3028 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:58:06.0914 3028 Modem - ok
21:58:06.0938 3028 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:58:06.0969 3028 monitor - ok
21:58:06.0988 3028 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:58:07.0000 3028 mouclass - ok
21:58:07.0014 3028 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:58:07.0047 3028 mouhid - ok
21:58:07.0070 3028 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:58:07.0094 3028 MountMgr - ok
21:58:07.0176 3028 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:58:07.0195 3028 MozillaMaintenance - ok
21:58:07.0256 3028 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
21:58:07.0268 3028 mpio - ok
21:58:07.0297 3028 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:58:07.0344 3028 mpsdrv - ok
21:58:07.0445 3028 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:58:07.0483 3028 MpsSvc - ok
21:58:07.0537 3028 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:58:07.0549 3028 Mraid35x - ok
21:58:07.0570 3028 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:58:07.0601 3028 MRxDAV - ok
21:58:07.0629 3028 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:58:07.0657 3028 mrxsmb - ok
21:58:07.0676 3028 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:58:07.0705 3028 mrxsmb10 - ok
21:58:07.0710 3028 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:58:07.0732 3028 mrxsmb20 - ok
21:58:07.0761 3028 [ F0EC3A4E0693A34B148723B4DA31668C ] msahci C:\Windows\system32\drivers\msahci.sys
21:58:07.0772 3028 msahci - ok
21:58:07.0799 3028 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:58:07.0809 3028 msdsm - ok
21:58:07.0833 3028 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:58:07.0871 3028 MSDTC - ok
21:58:07.0904 3028 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:58:07.0945 3028 Msfs - ok
21:58:07.0971 3028 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:58:07.0990 3028 msisadrv - ok
21:58:08.0017 3028 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:58:08.0042 3028 MSiSCSI - ok
21:58:08.0047 3028 msiserver - ok
21:58:08.0083 3028 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:58:08.0107 3028 MSKSSRV - ok
21:58:08.0132 3028 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:58:08.0161 3028 MSPCLOCK - ok
21:58:08.0191 3028 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:58:08.0212 3028 MSPQM - ok
21:58:08.0282 3028 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:58:08.0295 3028 MsRPC - ok
21:58:08.0354 3028 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:58:08.0365 3028 mssmbios - ok
21:58:08.0387 3028 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:58:08.0417 3028 MSTEE - ok
21:58:08.0451 3028 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:58:08.0475 3028 Mup - ok
21:58:08.0502 3028 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:58:08.0534 3028 napagent - ok
21:58:08.0563 3028 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:58:08.0587 3028 NativeWifiP - ok
21:58:08.0611 3028 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:58:08.0648 3028 NDIS - ok
21:58:08.0688 3028 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:58:08.0708 3028 NdisTapi - ok
21:58:08.0737 3028 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:58:08.0779 3028 Ndisuio - ok
21:58:08.0807 3028 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:58:08.0846 3028 NdisWan - ok
21:58:08.0885 3028 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:58:08.0941 3028 NDProxy - ok
21:58:08.0995 3028 [ F7C14F5077BF2BC476C348B88A7F74E2 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:58:09.0000 3028 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:58:09.0000 3028 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:58:09.0044 3028 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:58:09.0084 3028 NetBIOS - ok
21:58:09.0165 3028 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:58:09.0207 3028 netbt - ok
21:58:09.0219 3028 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:58:09.0232 3028 Netlogon - ok
21:58:09.0297 3028 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:58:09.0406 3028 Netman - ok
21:58:09.0443 3028 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:58:09.0470 3028 netprofm - ok
21:58:09.0497 3028 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:58:09.0511 3028 NetTcpPortSharing - ok
21:58:09.0539 3028 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:58:09.0551 3028 nfrd960 - ok
21:58:09.0570 3028 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:58:09.0617 3028 NlaSvc - ok
21:58:09.0669 3028 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:58:09.0725 3028 Npfs - ok
21:58:09.0747 3028 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:58:09.0803 3028 nsi - ok
21:58:09.0828 3028 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:58:09.0893 3028 nsiproxy - ok
21:58:10.0004 3028 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:58:10.0064 3028 Ntfs - ok
21:58:10.0090 3028 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:58:10.0233 3028 ntrigdigi - ok
21:58:10.0269 3028 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:58:10.0293 3028 Null - ok
21:58:10.0597 3028 [ 671C58CC8DADFE2903207F299CE7A0E1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:58:10.0901 3028 nvlddmkm - ok
21:58:10.0928 3028 [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:58:10.0963 3028 nvraid - ok
21:58:10.0978 3028 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:58:11.0004 3028 nvstor - ok
21:58:11.0026 3028 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:58:11.0038 3028 nv_agp - ok
21:58:11.0042 3028 NwlnkFlt - ok
21:58:11.0047 3028 NwlnkFwd - ok
21:58:11.0103 3028 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:58:11.0123 3028 odserv - ok
21:58:11.0155 3028 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:58:11.0200 3028 ohci1394 - ok
21:58:11.0224 3028 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:58:11.0235 3028 ose - ok
21:58:11.0272 3028 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:58:11.0345 3028 p2pimsvc - ok
21:58:11.0371 3028 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:58:11.0398 3028 p2psvc - ok
21:58:11.0428 3028 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:58:11.0480 3028 Parport - ok
21:58:11.0504 3028 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:58:11.0535 3028 partmgr - ok
21:58:11.0577 3028 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:58:11.0664 3028 Parvdm - ok
21:58:11.0705 3028 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:58:11.0765 3028 PcaSvc - ok
21:58:11.0797 3028 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:58:11.0815 3028 pci - ok
21:58:11.0842 3028 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
21:58:11.0856 3028 pciide - ok
21:58:11.0879 3028 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:58:11.0894 3028 pcmcia - ok
21:58:11.0949 3028 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:58:12.0078 3028 PEAUTH - ok
21:58:12.0263 3028 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:58:12.0350 3028 pla - ok
21:58:12.0382 3028 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:58:12.0421 3028 PlugPlay - ok
21:58:12.0445 3028 [ E638656001C52A1FAA34F92E6D3A086B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:58:12.0466 3028 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:58:12.0466 3028 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:58:12.0497 3028 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:58:12.0531 3028 PNRPAutoReg - ok
21:58:12.0630 3028 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:58:12.0657 3028 PNRPsvc - ok
21:58:12.0685 3028 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:58:12.0751 3028 PolicyAgent - ok
21:58:12.0780 3028 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:58:12.0815 3028 PptpMiniport - ok
21:58:12.0843 3028 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
21:58:12.0909 3028 Processor - ok
21:58:12.0946 3028 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:58:12.0977 3028 ProfSvc - ok
21:58:12.0991 3028 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:58:13.0005 3028 ProtectedStorage - ok
21:58:13.0027 3028 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:58:13.0057 3028 PSched - ok
21:58:13.0174 3028 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:58:13.0259 3028 ql2300 - ok
21:58:13.0293 3028 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:58:13.0319 3028 ql40xx - ok
21:58:13.0374 3028 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:58:13.0413 3028 QWAVE - ok
21:58:13.0437 3028 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:58:13.0462 3028 QWAVEdrv - ok
21:58:13.0500 3028 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:58:13.0537 3028 RasAcd - ok
21:58:13.0559 3028 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:58:13.0614 3028 RasAuto - ok
21:58:13.0654 3028 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:58:13.0689 3028 Rasl2tp - ok
21:58:13.0724 3028 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:58:13.0748 3028 RasMan - ok
21:58:13.0767 3028 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:58:13.0804 3028 RasPppoe - ok
21:58:13.0831 3028 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:58:13.0845 3028 RasSstp - ok
21:58:13.0868 3028 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:58:13.0902 3028 rdbss - ok
21:58:13.0923 3028 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:58:13.0959 3028 RDPCDD - ok
21:58:14.0009 3028 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
21:58:14.0066 3028 rdpdr - ok
21:58:14.0076 3028 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:58:14.0101 3028 RDPENCDD - ok
21:58:14.0153 3028 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:58:14.0186 3028 RDPWD - ok
21:58:14.0210 3028 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:58:14.0237 3028 RemoteAccess - ok
21:58:14.0266 3028 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:58:14.0309 3028 RemoteRegistry - ok
21:58:14.0350 3028 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:58:14.0379 3028 RFCOMM - ok
21:58:14.0411 3028 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:58:14.0474 3028 RpcLocator - ok
21:58:14.0528 3028 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:58:14.0556 3028 RpcSs - ok
21:58:14.0585 3028 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:58:14.0611 3028 rspndr - ok
21:58:14.0624 3028 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:58:14.0638 3028 SamSs - ok
21:58:14.0662 3028 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:58:14.0675 3028 sbp2port - ok
21:58:14.0697 3028 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:58:14.0769 3028 SCardSvr - ok
21:58:14.0814 3028 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:58:14.0945 3028 Schedule - ok
21:58:14.0964 3028 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:58:14.0983 3028 SCPolicySvc - ok
21:58:15.0025 3028 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:58:15.0075 3028 SDRSVC - ok
21:58:15.0116 3028 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:58:15.0172 3028 secdrv - ok
21:58:15.0214 3028 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:58:15.0240 3028 seclogon - ok
21:58:15.0270 3028 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
21:58:15.0305 3028 SENS - ok
21:58:15.0344 3028 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:58:15.0388 3028 Serenum - ok
21:58:15.0406 3028 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:58:15.0462 3028 Serial - ok
21:58:15.0491 3028 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:58:15.0517 3028 sermouse - ok
21:58:15.0548 3028 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:58:15.0575 3028 SessionEnv - ok
21:58:15.0593 3028 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:58:15.0660 3028 sffdisk - ok
21:58:15.0669 3028 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:58:15.0711 3028 sffp_mmc - ok
21:58:15.0723 3028 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:58:15.0762 3028 sffp_sd - ok
21:58:15.0779 3028 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:58:15.0810 3028 sfloppy - ok
21:58:15.0831 3028 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:58:15.0870 3028 SharedAccess - ok
21:58:15.0918 3028 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:58:15.0944 3028 ShellHWDetection - ok
21:58:15.0963 3028 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:58:15.0974 3028 sisagp - ok
21:58:15.0986 3028 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:58:15.0998 3028 SiSRaid2 - ok
21:58:16.0009 3028 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:58:16.0022 3028 SiSRaid4 - ok
21:58:16.0113 3028 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:58:16.0231 3028 slsvc - ok
21:58:16.0259 3028 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:58:16.0296 3028 SLUINotify - ok
21:58:16.0326 3028 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:58:16.0346 3028 Smb - ok
21:58:16.0371 3028 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:58:16.0385 3028 SNMPTRAP - ok
21:58:16.0442 3028 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:58:16.0467 3028 spldr - ok
21:58:16.0498 3028 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:58:16.0536 3028 Spooler - ok
21:58:16.0565 3028 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:58:16.0595 3028 srv - ok
21:58:16.0669 3028 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:58:16.0711 3028 srv2 - ok
21:58:16.0725 3028 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:58:16.0770 3028 srvnet - ok
21:58:16.0795 3028 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:58:16.0837 3028 SSDPSRV - ok
21:58:16.0862 3028 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:58:16.0883 3028 ssmdrv - ok
21:58:16.0914 3028 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:58:16.0939 3028 SstpSvc - ok
21:58:17.0058 3028 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:58:17.0097 3028 stisvc - ok
21:58:17.0113 3028 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:58:17.0126 3028 swenum - ok
21:58:17.0147 3028 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:58:17.0181 3028 swprv - ok
21:58:17.0197 3028 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:58:17.0209 3028 Symc8xx - ok
21:58:17.0219 3028 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:58:17.0229 3028 Sym_hi - ok
21:58:17.0242 3028 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:58:17.0252 3028 Sym_u3 - ok
21:58:17.0284 3028 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:58:17.0309 3028 SysMain - ok
21:58:17.0333 3028 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:58:17.0388 3028 TabletInputService - ok
21:58:17.0410 3028 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
21:58:17.0419 3028 taphss - ok
21:58:17.0442 3028 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:58:17.0477 3028 TapiSrv - ok
21:58:17.0497 3028 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:58:17.0521 3028 TBS - ok
21:58:17.0562 3028 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:58:17.0609 3028 Tcpip - ok
21:58:17.0663 3028 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:58:17.0695 3028 Tcpip6 - ok
21:58:17.0734 3028 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:58:17.0761 3028 tcpipreg - ok
21:58:17.0787 3028 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:58:17.0811 3028 TDPIPE - ok
21:58:17.0828 3028 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:58:17.0867 3028 TDTCP - ok
21:58:17.0891 3028 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:58:17.0926 3028 tdx - ok
21:58:17.0944 3028 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:58:17.0959 3028 TermDD - ok
21:58:17.0988 3028 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:58:18.0023 3028 TermService - ok
21:58:18.0059 3028 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:58:18.0075 3028 Themes - ok
21:58:18.0083 3028 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:58:18.0108 3028 THREADORDER - ok
21:58:18.0130 3028 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:58:18.0158 3028 TrkWks - ok
21:58:18.0199 3028 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:58:18.0225 3028 TrustedInstaller - ok
21:58:18.0256 3028 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:58:18.0277 3028 tssecsrv - ok
21:58:18.0303 3028 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:58:18.0314 3028 tunmp - ok
21:58:18.0336 3028 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:58:18.0360 3028 tunnel - ok
21:58:18.0384 3028 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:58:18.0396 3028 uagp35 - ok
21:58:18.0417 3028 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:58:18.0453 3028 udfs - ok
21:58:18.0476 3028 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:58:18.0499 3028 UI0Detect - ok
21:58:18.0510 3028 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:58:18.0521 3028 uliagpkx - ok
21:58:18.0533 3028 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:58:18.0548 3028 uliahci - ok
21:58:18.0560 3028 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:58:18.0572 3028 UlSata - ok
21:58:18.0580 3028 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:58:18.0592 3028 ulsata2 - ok
21:58:18.0618 3028 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:58:18.0643 3028 umbus - ok
21:58:18.0674 3028 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
21:58:18.0701 3028 UmRdpService - ok
21:58:18.0721 3028 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:58:18.0751 3028 upnphost - ok
21:58:18.0769 3028 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:58:18.0774 3028 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
21:58:18.0774 3028 USBAAPL - detected UnsignedFile.Multi.Generic (1)
21:58:18.0796 3028 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:58:18.0816 3028 usbccgp - ok
21:58:18.0845 3028 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:58:18.0900 3028 usbcir - ok
21:58:18.0927 3028 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:58:18.0961 3028 usbehci - ok
21:58:18.0987 3028 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:58:19.0019 3028 usbhub - ok
21:58:19.0041 3028 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:58:19.0095 3028 usbohci - ok
21:58:19.0124 3028 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:58:19.0159 3028 usbprint - ok
21:58:19.0182 3028 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:58:19.0210 3028 USBSTOR - ok
21:58:19.0240 3028 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:58:19.0271 3028 usbuhci - ok
21:58:19.0304 3028 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
21:58:19.0324 3028 usb_rndisx - ok
21:58:19.0344 3028 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:58:19.0382 3028 UxSms - ok
21:58:19.0450 3028 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:58:19.0509 3028 vds - ok
21:58:19.0531 3028 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:58:19.0558 3028 vga - ok
21:58:19.0581 3028 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:58:19.0617 3028 VgaSave - ok
21:58:19.0642 3028 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:58:19.0664 3028 viaagp - ok
21:58:19.0678 3028 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:58:19.0735 3028 ViaC7 - ok
21:58:19.0763 3028 [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide C:\Windows\system32\drivers\viaide.sys
21:58:19.0774 3028 viaide - ok
21:58:19.0785 3028 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:58:19.0798 3028 volmgr - ok
21:58:19.0834 3028 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:58:19.0876 3028 volmgrx - ok
21:58:19.0921 3028 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:58:19.0960 3028 volsnap - ok
21:58:19.0986 3028 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:58:20.0004 3028 vsmraid - ok
21:58:20.0045 3028 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:58:20.0082 3028 VSS - ok
21:58:20.0130 3028 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:58:20.0170 3028 W32Time - ok
21:58:20.0189 3028 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:58:20.0251 3028 WacomPen - ok
21:58:20.0291 3028 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:58:20.0312 3028 Wanarp - ok
21:58:20.0324 3028 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:58:20.0344 3028 Wanarpv6 - ok
21:58:20.0393 3028 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
21:58:20.0450 3028 wbengine - ok
21:58:20.0488 3028 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:58:20.0511 3028 wcncsvc - ok
21:58:20.0528 3028 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:58:20.0564 3028 WcsPlugInService - ok
21:58:20.0596 3028 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
21:58:20.0608 3028 Wd - ok
21:58:20.0642 3028 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:58:20.0677 3028 Wdf01000 - ok
21:58:20.0701 3028 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:58:20.0728 3028 WdiServiceHost - ok
21:58:20.0734 3028 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:58:20.0761 3028 WdiSystemHost - ok
21:58:20.0792 3028 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:58:20.0809 3028 WebClient - ok
21:58:20.0857 3028 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:58:20.0904 3028 Wecsvc - ok
21:58:20.0943 3028 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:58:20.0977 3028 wercplsupport - ok
21:58:21.0010 3028 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:58:21.0049 3028 WerSvc - ok
21:58:21.0093 3028 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:58:21.0123 3028 WinDefend - ok
21:58:21.0128 3028 WinHttpAutoProxySvc - ok
21:58:21.0263 3028 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:58:21.0284 3028 Winmgmt - ok
21:58:21.0323 3028 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:58:21.0379 3028 WinRM - ok
21:58:21.0485 3028 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:58:21.0531 3028 Wlansvc - ok
21:58:21.0566 3028 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:58:21.0627 3028 WmiAcpi - ok
21:58:21.0658 3028 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:58:21.0687 3028 wmiApSrv - ok
21:58:21.0740 3028 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:58:21.0790 3028 WMPNetworkSvc - ok
21:58:21.0884 3028 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:58:21.0947 3028 WPDBusEnum - ok
21:58:22.0069 3028 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:58:22.0082 3028 WpdUsb - ok
21:58:22.0216 3028 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:58:22.0256 3028 WPFFontCache_v0400 - ok
21:58:22.0271 3028 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:58:22.0303 3028 ws2ifsl - ok
21:58:22.0345 3028 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
21:58:22.0372 3028 wscsvc - ok
21:58:22.0376 3028 WSearch - ok
21:58:22.0605 3028 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:58:22.0665 3028 wuauserv - ok
21:58:22.0734 3028 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:58:22.0760 3028 WUDFRd - ok
21:58:22.0785 3028 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:58:22.0812 3028 wudfsvc - ok
21:58:22.0823 3028 ================ Scan global ===============================
21:58:22.0861 3028 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:58:22.0979 3028 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:58:23.0038 3028 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:58:23.0107 3028 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:58:23.0111 3028 [Global] - ok
21:58:23.0111 3028 ================ Scan MBR ==================================
21:58:23.0131 3028 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:58:23.0697 3028 \Device\Harddisk0\DR0 - ok
21:58:23.0706 3028 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
21:58:23.0759 3028 \Device\Harddisk1\DR1 - ok
21:58:23.0759 3028 ================ Scan VBR ==================================
21:58:23.0770 3028 [ DAFC158D3394504D27A10B6566633CA6 ] \Device\Harddisk0\DR0\Partition1
21:58:23.0771 3028 \Device\Harddisk0\DR0\Partition1 - ok
21:58:23.0785 3028 [ 7D9B0471D12DD54E307DFC465984837C ] \Device\Harddisk0\DR0\Partition2
21:58:23.0786 3028 \Device\Harddisk0\DR0\Partition2 - ok
21:58:23.0809 3028 [ AB65A28748ACEDAD568C9D4523D0EF32 ] \Device\Harddisk1\DR1\Partition1
21:58:23.0811 3028 \Device\Harddisk1\DR1\Partition1 - ok
21:58:23.0811 3028 ============================================================
21:58:23.0811 3028 Scan finished
21:58:23.0811 3028 ============================================================
21:58:23.0824 4660 Detected object count: 4
21:58:23.0824 4660 Actual detected object count: 4
22:00:13.0165 4660 LBTServ ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:13.0165 4660 LBTServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:13.0167 4660 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:13.0167 4660 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:13.0168 4660 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:13.0168 4660 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:00:13.0170 4660 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
22:00:13.0170 4660 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
07.10.2012, 21:12
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Progressive Protection Virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu System Progressive Protection Virus |
| anwenden, avira, ebook, eingefangen, forum, funde, gefangen, gen, inter, interne, internet, keinerlei, laufe, laufen, mbam, notebook, programm, progressive, progressive protection, protection, rechte, stick, system, system progressive protection, virus, virus eingefangen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
