rkit/agent.36864.5

bevaupe · 06.10.2012, 16:28

Hallo liebe Gemeinde,
ich brauche Hilfe!
Mein Rechner ist seit heute ultralangsam. Antivir hat den Trojaner rkit/agent.36864.5 an vier Stellen gefunden. Per HijackThis habe ich folgende Log-Datei erstellt: (schon mal danke und viele Grüße)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:18:59, on 06.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel Desktop Utilities\iptray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\bevaupe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\taskmgr.exe
D:\Eigene Dateien\zdownloads\tools\viren, trojaner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110187&tt=120912_ccp_3812_2&babsrc=HP_ss&mntrId=98c3f0a7000000000000001cc04d1694
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: FreeOnlineRadioPlayerRecorder - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\Intel Desktop Utilities\ipTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: Dropbox.lnk = bevaupe\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Desktop Utilities Service (IduService) - Intel(R) Corporation - C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8569 bytes

Chris4You · 06.10.2012, 19:00

Hi,

mit HJ kommen wir da nicht weiter...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Boote in den abgesicherten Modus mit Netzwerkunterstützung (F8 beim Booten).
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten...

chris

bevaupe · 07.10.2012, 15:47

Hallo Chris,
ich weiß nicht, ob ich Dich richtig verstanden habe - soll ich ALLES machen, was Du gepostet hast oder sind das Alternativen? Ich habe jedenfalls mal deinen ersten Vorschlag befolgt (malwarebytes), hier ist das Logfile:

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.07.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16443
be :: BE [Administrator]

Schutz: Aktiviert

07.10.2012 13:06:16
mbam-log-2012-10-07 (13-06-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 593969
Laufzeit: 3 Stunde(n), 13 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEYU0MOO\MyPhoneExplorer_v2_5185[1].exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt.
D:\Eigene Dateien\zdownloads\adobe\Photoshop\Adobe Photoshop CS3 Extended-Version (Deutsch)\KeyGen\Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Eigene Dateien 2012-04-13\zdownloads\adobe\Photoshop\Adobe Photoshop CS3 Extended-Version (Deutsch)\KeyGen\Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\Eigene Dateien 2012-03-02\zdownloads\adobe\Photoshop\Adobe Photoshop CS3 Extended-Version (Deutsch)\KeyGen\Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\eigene Dateien 4-02-2012\zdownloads\adobe\Photoshop\Adobe Photoshop CS3 Extended-Version (Deutsch)\KeyGen\Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Chris4You · 08.10.2012, 06:53

Hi,

nein, sind keine Alternativen, sondern n acheinander durchzuführen.

Allerdings verwendest Du gecrackte SW, d.h. es geht hier nicht weiter...
G:\Eigene Dateien 2012-03-02\zdownloads\adobe\Photoshop\Adobe Photoshop CS3 Extended-Version (Deutsch)\KeyGen\Keygen.exe
->http://www.trojaner-board.de/95394-c...-software.html

chris

bevaupe · 11.10.2012, 13:21

Hallo Chris,
tut mir leid, das war noch eine olle Leiche, die ich jetzt gelöscht habe (und die ich natürlich auch nicht installiert hatte, denn ich habe eine gültige Lizenz von CS5 auf dem Rechner).
Ich hoffe, Du bist immer noch bereit, mir zu helfen! Hier kommen die Logfiles.
Grüße und Danke!

---------------------
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.08.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16443
be :: BE [Administrator]

Schutz: Aktiviert

08.10.2012 14:23:13
mbam-log-2012-10-08 (14-23-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 594563
Laufzeit: 3 Stunde(n), 23 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\bevaupe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEYU0MOO\MyPhoneExplorer_v2_5185[1].exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt.

(Ende)

---------------------------OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.10.2012 22:32:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\be\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,95 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,63% Memory free
3,91 Gb Paging File | 2,38 Gb Available in Paging File | 60,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 48,71 Gb Free Space | 60,88% Space Free | Partition Type: NTFS
Drive D: | 152,54 Gb Total Space | 57,56 Gb Free Space | 37,74% Space Free | Partition Type: NTFS
Drive F: | 244,14 Gb Total Space | 158,11 Gb Free Space | 64,76% Space Free | Partition Type: NTFS
Drive G: | 221,62 Gb Total Space | 39,47 Gb Free Space | 17,81% Space Free | Partition Type: NTFS
 
Computer Name: BE | User Name: be | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\be\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\be\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Desktop Utilities\iduServ.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\Intel Desktop Utilities\iptray.exe (Intel(R) Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\BrowserManager-15.0.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Notepad++\NppShell_04.dll ()
MOD - C:\Programme\Seagate\DiscWizard\tishell.dll ()
MOD - C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe ()
MOD - C:\Programme\Seagate\DiscWizard\Common\rpc_client.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SgtSch2Svc) -- C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (IduService) -- C:\Programme\Intel\Intel Desktop Utilities\iduServ.exe (Intel(R) Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\Windows\System32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (osaio) -- C:\Windows\System32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Programme\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110187&tt=120912_ccp_3812_2&babsrc=HP_ss&mntrId=98c3f0a7000000000000001cc04d1694
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110187&tt=120912_ccp_3812_2&babsrc=HP_ss&mntrId=98c3f0a7000000000000001cc04d1694
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F DE B8 03 7D 19 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Programme\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110187&tt=120912_ccp_3812_2&babsrc=SP_ss&mntrId=98c3f0a7000000000000001cc04d1694
IE - HKCU\..\SearchScopes\{A0725B47-709B-47E0-B94D-A71AD2B19171}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "FreeOnlineRadioPlayerRecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2737658&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.faz.de"
FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.2.643.41
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 12:16:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.23 18:42:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.21 16:44:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 12:16:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.04.13 16:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\be\AppData\Roaming\mozilla\Extensions
[2012.09.21 18:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\be\AppData\Roaming\mozilla\Firefox\Profiles\yaqso63v.default\extensions
[2012.08.30 17:40:52 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\be\AppData\Roaming\mozilla\firefox\profiles\yaqso63v.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.09.08 12:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.21 16:44:41 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012.09.08 12:16:46 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.21 16:44:27 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.09.01 14:12:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Programme\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Programme\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Programme\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files\Intel\Intel Desktop Utilities\ipTray.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - Startup: C:\Users\be\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\be\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFBEE3DB-CB46-470C-8E87-C09F38322B98}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 22:30:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\be\Desktop\OTL.exe
[2012.10.10 14:23:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 14:23:35 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.10 14:23:35 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.10 14:23:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 14:23:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 14:23:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 14:23:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 14:23:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 14:23:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 14:23:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 14:23:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 14:23:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 14:23:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 14:23:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 14:23:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 14:23:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 14:23:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 14:23:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 14:23:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 14:23:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 14:23:20 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 14:23:20 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.07 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\be\AppData\Roaming\Malwarebytes
[2012.10.07 13:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.07 13:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.07 13:02:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.07 13:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.03 15:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontLab
[2012.10.03 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\be\Documents\FontLab
[2012.10.03 15:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\FontLab
[2012.09.26 14:24:50 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012.09.24 15:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.24 15:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.24 15:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.24 15:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.23 03:01:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.23 03:01:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.23 03:01:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.23 03:01:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.23 03:01:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.23 03:01:00 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.23 03:01:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.23 03:00:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.21 18:09:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.21 16:45:49 | 000,000,000 | ---D | C] -- C:\Users\be\AppData\Roaming\TuneUp Software
[2012.09.21 16:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.09.21 16:45:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.09.21 16:45:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.09.21 16:44:48 | 000,000,000 | ---D | C] -- C:\Users\be\AppData\Roaming\BabylonToolbar
[2012.09.21 16:44:46 | 000,000,000 | ---D | C] -- C:\Users\be\Start Menu
[2012.09.21 16:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.09.21 16:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2012.09.21 16:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.09.21 16:44:26 | 000,000,000 | ---D | C] -- C:\Users\be\AppData\Roaming\Babylon
[2012.09.21 16:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.09.21 14:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.20 19:03:46 | 000,000,000 | R--D | C] -- C:\Users\be\Dropbox
[2012.09.20 19:02:02 | 000,000,000 | ---D | C] -- C:\Users\be\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.09.20 19:01:14 | 000,000,000 | ---D | C] -- C:\Users\be\AppData\Roaming\Dropbox
[2012.09.12 17:59:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012.09.12 17:59:30 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.09.12 17:59:30 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.09.12 17:59:30 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 22:31:03 | 000,015,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 22:31:03 | 000,015,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 22:30:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\be\Desktop\OTL.exe
[2012.10.10 22:28:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 22:28:13 | 1574,195,200 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 21:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.09 17:28:18 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.09 17:28:18 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.08 17:32:59 | 000,001,456 | ---- | M] () -- C:\Users\be\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.10.03 17:14:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.10.03 17:14:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.09.26 14:48:39 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.26 14:48:39 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.26 14:48:39 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.26 14:48:39 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.24 15:15:04 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.21 16:44:39 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2012.09.21 16:44:38 | 000,000,315 | ---- | M] () -- C:\user.js
[2012.09.21 14:38:05 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.20 19:03:46 | 000,001,048 | ---- | M] () -- C:\Users\be\Desktop\Dropbox.lnk
[2012.09.20 19:02:10 | 000,001,058 | ---- | M] () -- C:\Users\be\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.09.15 12:48:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.09.14 20:28:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 
========== Files Created - No Company Name ==========
 
[2012.10.03 17:14:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.10.03 17:14:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.09.24 15:15:04 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.21 16:44:36 | 000,000,315 | ---- | C] () -- C:\user.js
[2012.09.20 19:03:46 | 000,001,048 | ---- | C] () -- C:\Users\be\Desktop\Dropbox.lnk
[2012.09.20 19:02:10 | 000,001,058 | ---- | C] () -- C:\Users\be\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.09.15 12:48:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.20 18:47:20 | 000,000,132 | ---- | C] () -- C:\Users\be\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.06.25 14:50:26 | 000,000,132 | ---- | C] () -- C:\Users\be\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2012.06.09 14:42:22 | 000,000,132 | ---- | C] () -- C:\Users\be\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.05.06 09:24:48 | 000,001,456 | ---- | C] () -- C:\Users\be\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.04.15 09:09:15 | 000,125,952 | ---- | C] () -- C:\Windows\System32\ZLhp2600.DLL
[2012.04.13 16:03:25 | 000,011,129 | ---- | C] () -- C:\Users\be\gsview32.ini
[2011.03.17 19:57:18 | 000,337,920 | ---- | C] () -- C:\Windows\System32\ZSHP2600.EXE
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---
-----------------------------------------------

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.10.2012 22:32:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\be\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,95 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,63% Memory free
3,91 Gb Paging File | 2,38 Gb Available in Paging File | 60,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 48,71 Gb Free Space | 60,88% Space Free | Partition Type: NTFS
Drive D: | 152,54 Gb Total Space | 57,56 Gb Free Space | 37,74% Space Free | Partition Type: NTFS
Drive F: | 244,14 Gb Total Space | 158,11 Gb Free Space | 64,76% Space Free | Partition Type: NTFS
Drive G: | 221,62 Gb Total Space | 39,47 Gb Free Space | 17,81% Space Free | Partition Type: NTFS
 
Computer Name: BE | User Name: be | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19653FDD-E78F-4A4A-8A19-9B6A3A931EA3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2C5848F0-5D85-4E6B-B38E-A84C0711CD81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39BC5D65-0537-459E-96B0-0E80BE93DCB7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3AE21A57-2531-4ADB-BD2E-55147CEA6F21}" = lport=139 | protocol=6 | dir=in | app=system | 
"{44D7D393-20A1-46F5-8BEC-FB961A967A61}" = rport=139 | protocol=6 | dir=out | app=system | 
"{48A13E4D-9AB7-45BD-9007-6EF15500CA27}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4DDDCC9A-7D8B-4C02-B11F-7FEFF17AB2CA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{61997CB8-B9C5-46E3-BC52-1DF85A528810}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7087175B-D762-4813-BF6B-EDFA79964D34}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7927C777-D3AC-4244-85E8-91023FCAA07C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7E1FC90B-B3A4-4AE6-9F22-F168FC5CD331}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{95174634-484A-4DCA-9420-04C35C456CDE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{967149EE-5DB5-46D1-B3AB-6D623A78BB48}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A2AF8C60-0638-4062-B786-9481C9A4BF9E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A7972197-35AC-40E7-9873-55E4DE191B3B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AA57BA1C-2C9B-4D25-9E4A-A70D311CE29E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CAA22575-7C46-4F0E-9671-0619652AAA86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CFBE9ACE-88AA-4887-939D-7F1BCEF67743}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D97EB69F-2C55-4C5E-BA65-53280B7426FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DCA5E81E-6914-45F0-B03F-68511601D7A1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E760B0F1-7862-4F72-8AD1-E60AF5839533}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E921F463-8A2D-4208-BCA7-EFB5B54BAECF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EBD0FECD-3FDD-4822-8027-8B59445B3C08}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002C2C66-17DB-4B15-9B1F-D8DFBBA20DEF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{31562CF3-10FC-40EE-85BA-C7F43D34D832}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3E7F2653-89B9-4322-BC80-E23BD05340CE}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{513A9781-4678-4223-964D-BDD436351919}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6D527B2E-BDDF-4264-8DB1-8AC5DF3BEBBC}" = protocol=17 | dir=in | app=c:\users\be\appdata\roaming\dropbox\bin\dropbox.exe | 
"{75C1B91E-8462-423F-AB05-A012DD0DB3A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B823326-D1A0-4350-B7CA-72561DFC057B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0D8748A-AC3C-46BD-9E9A-B1AEFD86C7DB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3667A76-41EA-4CBF-B70A-F5DDEC5B776B}" = protocol=6 | dir=out | app=system | 
"{A82CF210-DC3E-4537-909B-91DC7DEC502F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD629368-A925-494F-80A3-4461701FC1C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF6BD625-9D61-4973-A6E4-C3468D1F9277}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{B1AF5E07-6823-431B-8180-485CFD572622}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0924184-870E-4724-8588-D99F476A37E0}" = protocol=6 | dir=in | app=c:\users\be\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C2CE37F0-DD4E-4C60-9241-B5C14006088F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8DD0AF1-DEE1-41F0-BF2D-C65F04E6BC16}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E7248393-18C6-4EEE-80A2-4224C0900599}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EE21B2DA-5371-484C-96CC-8669242F1C0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F4EA565A-27C6-48B3-B1A7-F60777CCBD57}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F9606CAB-523A-4399-8426-B5E9C75D5275}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FAE50A51-A573-4736-B7F2-1E8F80CBE619}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FE29C93C-19D2-4945-8F99-6F105D853342}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1FECBE70-A6CD-4901-933A-69F7CA6CD90B}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"TCP Query User{4E7EDBB8-D634-49D2-867D-CC4020EAA10B}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{861981C3-FB82-44DB-85DB-7B74A5D96B22}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E7A76741-1391-4071-9E5C-E03AD1084933}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{F360C0C2-5F75-4AFA-B2F8-C26A0CB4AD59}C:\users\be\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\be\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8DC987DA-FAE4-4F2C-8E56-28C183510FEA}C:\users\be\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\be\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{A6252F87-371C-48E7-A72A-6C71ED3B677F}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{B915872B-38D3-444B-BD87-DEC33332E4BA}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{C6CDD6C0-1C56-4631-B42D-19D4910A9F61}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{FC84C83A-14CC-4D4B-B4A3-E35CEE334763}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09D72100-CAC9-42BF-AD52-47F784C92DB6}" = LibreOffice 3.5
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1148C874-13B5-48FE-B5AE-F8AB2D6F06C8}" = LibreOffice 3.5 Help Pack (German)
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{49DC7D87-B9F9-4782-9386-B7F13BC75E48}" = Adobe Creative Suite 5 Design Standard
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A00E26B-BFDE-4182-BF6C-6A1EBB07E2CA}" = Geldtipps Homebanking 2010 AAV
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33447B6-F49A-41FC-AF0A-D27BDCAC2E23}" = Easy Phone Tunes
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{BFF26589-2D8A-4E24-BAEA-E8E3D40A491B}" = Intel(R) Desktop Utilities
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel(R) Network Connections 15.3.68.0
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CUEcards 2000" = CUEcards 2000
"FormatFactory" = FormatFactory 2.20
"FreeOnlineRadioPlayerRecorder Toolbar" = FreeOnlineRadioPlayerRecorder Toolbar
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"InstallShield_{BFF26589-2D8A-4E24-BAEA-E8E3D40A491B}" = Intel(R) Desktop Utilities
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 16.0 (x86 de)" = Mozilla Thunderbird 16.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Music Editor Free" = Music Editor Free
"Notepad++" = Notepad++
"PROSetDX" = Intel(R) Network Connections 15.3.68.0
"Totalcmd" = Total Commander (Remove or Repair)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.10.2012 12:17:22 | Computer Name = BE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.10.2012 12:17:22 | Computer Name = BE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10594
 
Error - 08.10.2012 12:17:22 | Computer Name = BE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10594
 
Error - 08.10.2012 12:17:24 | Computer Name = BE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.10.2012 12:17:24 | Computer Name = BE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12547
 
Error - 08.10.2012 12:17:24 | Computer Name = BE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12547
 
Error - 09.10.2012 11:39:35 | Computer Name = BE | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 09.10.2012 11:41:43 | Computer Name = BE | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Adobe\adobe
 media encoder cs5\PhotoshopServer.exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\Adobe\adobe media encoder cs5\PhotoshopServer.exe" in Zeile 2.
Mehrere
 requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 10.10.2012 11:08:45 | Computer Name = BE | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 10.10.2012 11:10:55 | Computer Name = BE | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Adobe\adobe
 media encoder cs5\PhotoshopServer.exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\Adobe\adobe media encoder cs5\PhotoshopServer.exe" in Zeile 2.
Mehrere
 requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
[ System Events ]
Error - 24.09.2012 09:13:27 | Computer Name = BE | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 24.09.2012 12:32:20 | Computer Name = BE | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 24.09.2012 16:07:28 | Computer Name = BE | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IduService erreicht.
 
Error - 25.09.2012 08:22:44 | Computer Name = BE | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Desktop Utilities Service erreicht.
 
Error - 25.09.2012 11:51:47 | Computer Name = BE | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 26.09.2012 08:19:52 | Computer Name = BE | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IduService erreicht.
 
Error - 26.09.2012 15:34:40 | Computer Name = BE | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 26.09.2012 15:36:40 | Computer Name = BE | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 29.09.2012 04:40:21 | Computer Name = BE | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 29.09.2012 06:34:01 | Computer Name = BE | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IduService erreicht.
 
 
< End of report >

--- --- ---
----------------------------------------------

bevaupe · 11.10.2012, 13:23

07:58:04.0999 5060 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
07:58:05.0181 5060 ============================================================
07:58:05.0181 5060 Current date / time: 2012/10/11 07:58:05.0181
07:58:05.0189 5060 SystemInfo:
07:58:05.0189 5060
07:58:05.0189 5060 OS Version: 6.1.7601 ServicePack: 1.0
07:58:05.0189 5060 Product type: Workstation
07:58:05.0189 5060 ComputerName: BE
07:58:05.0189 5060 UserName: be
07:58:05.0189 5060 Windows directory: C:\Windows
07:58:05.0189 5060 System windows directory: C:\Windows
07:58:05.0189 5060 Processor architecture: Intel x86
07:58:05.0189 5060 Number of processors: 2
07:58:05.0189 5060 Page size: 0x1000
07:58:05.0189 5060 Boot type: Normal boot
07:58:05.0189 5060 ============================================================
07:58:06.0765 5060 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x22AEA, SectorsPerTrack: 0x12, TracksPerCylinder: 0xBF, Type 'K0', Flags 0x00000050
07:58:06.0789 5060 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:58:06.0796 5060 ============================================================
07:58:06.0796 5060 \Device\Harddisk0\DR0:
07:58:06.0812 5060 MBR partitions:
07:58:06.0812 5060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
07:58:06.0812 5060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0xA000000
07:58:06.0812 5060 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA0AF800, BlocksNum 0x13115000
07:58:06.0812 5060 \Device\Harddisk1\DR1:
07:58:06.0820 5060 MBR partitions:
07:58:06.0820 5060 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E849D80
07:58:06.0820 5060 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1E849DBF, BlocksNum 0x1BB3AE82
07:58:06.0820 5060 ============================================================
07:58:06.0921 5060 C: <-> \Device\Harddisk0\DR0\Partition2
07:58:06.0953 5060 D: <-> \Device\Harddisk0\DR0\Partition3
07:58:06.0968 5060 F: <-> \Device\Harddisk1\DR1\Partition1
07:58:07.0015 5060 G: <-> \Device\Harddisk1\DR1\Partition2
07:58:07.0015 5060 ============================================================
07:58:07.0015 5060 Initialize success
07:58:07.0015 5060 ============================================================
07:58:59.0946 5868 ============================================================
07:58:59.0946 5868 Scan started
07:58:59.0946 5868 Mode: Manual; SigCheck; TDLFS;
07:58:59.0946 5868 ============================================================
07:59:01.0182 5868 ================ Scan services =============================
07:59:01.0307 5868 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:59:01.0416 5868 1394ohci - ok
07:59:01.0495 5868 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
07:59:01.0518 5868 AAV UpdateService - ok
07:59:01.0565 5868 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:59:01.0581 5868 ACPI - ok
07:59:01.0604 5868 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:59:01.0666 5868 AcpiPmi - ok
07:59:01.0779 5868 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:59:01.0794 5868 AdobeARMservice - ok
07:59:01.0849 5868 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:59:01.0865 5868 AdobeFlashPlayerUpdateSvc - ok
07:59:01.0912 5868 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:59:01.0966 5868 adp94xx - ok
07:59:01.0982 5868 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:59:02.0029 5868 adpahci - ok
07:59:02.0044 5868 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:59:02.0068 5868 adpu320 - ok
07:59:02.0099 5868 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:59:02.0232 5868 AeLookupSvc - ok
07:59:02.0271 5868 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
07:59:02.0365 5868 AFD - ok
07:59:02.0404 5868 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
07:59:02.0427 5868 agp440 - ok
07:59:02.0474 5868 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
07:59:02.0505 5868 aic78xx - ok
07:59:02.0552 5868 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
07:59:02.0607 5868 ALG - ok
07:59:02.0646 5868 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
07:59:02.0662 5868 aliide - ok
07:59:02.0701 5868 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
07:59:02.0724 5868 amdagp - ok
07:59:02.0765 5868 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
07:59:02.0796 5868 amdide - ok
07:59:02.0828 5868 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:59:02.0867 5868 AmdK8 - ok
07:59:02.0875 5868 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:59:02.0914 5868 AmdPPM - ok
07:59:02.0953 5868 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:59:02.0968 5868 amdsata - ok
07:59:03.0000 5868 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:59:03.0031 5868 amdsbs - ok
07:59:03.0054 5868 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:59:03.0078 5868 amdxata - ok
07:59:03.0140 5868 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
07:59:03.0179 5868 AntiVirSchedulerService - ok
07:59:03.0218 5868 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
07:59:03.0234 5868 AntiVirService - ok
07:59:03.0265 5868 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
07:59:03.0320 5868 AppID - ok
07:59:03.0351 5868 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:59:03.0390 5868 AppIDSvc - ok
07:59:03.0414 5868 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
07:59:03.0453 5868 Appinfo - ok
07:59:03.0500 5868 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:59:03.0507 5868 Apple Mobile Device - ok
07:59:03.0531 5868 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
07:59:03.0570 5868 arc - ok
07:59:03.0585 5868 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:59:03.0617 5868 arcsas - ok
07:59:03.0648 5868 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:59:03.0742 5868 AsyncMac - ok
07:59:03.0806 5868 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
07:59:03.0837 5868 atapi - ok
07:59:03.0876 5868 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:59:03.0908 5868 AudioEndpointBuilder - ok
07:59:03.0923 5868 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
07:59:03.0947 5868 Audiosrv - ok
07:59:03.0970 5868 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
07:59:03.0994 5868 avgntflt - ok
07:59:04.0017 5868 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
07:59:04.0041 5868 avipbb - ok
07:59:04.0056 5868 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
07:59:04.0072 5868 avkmgr - ok
07:59:04.0103 5868 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:59:04.0158 5868 AxInstSV - ok
07:59:04.0189 5868 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
07:59:04.0251 5868 b06bdrv - ok
07:59:04.0291 5868 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
07:59:04.0353 5868 b57nd60x - ok
07:59:04.0384 5868 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
07:59:04.0470 5868 BDESVC - ok
07:59:04.0501 5868 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
07:59:04.0564 5868 Beep - ok
07:59:04.0595 5868 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
07:59:04.0650 5868 BFE - ok
07:59:04.0681 5868 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
07:59:04.0712 5868 BITS - ok
07:59:04.0736 5868 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:59:04.0775 5868 blbdrive - ok
07:59:04.0834 5868 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:59:04.0858 5868 Bonjour Service - ok
07:59:04.0881 5868 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:59:04.0913 5868 bowser - ok
07:59:04.0920 5868 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:59:04.0959 5868 BrFiltLo - ok
07:59:04.0991 5868 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:59:05.0045 5868 BrFiltUp - ok
07:59:05.0077 5868 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
07:59:05.0131 5868 Browser - ok
07:59:05.0264 5868 [ 29E54364A884FF064B76FA1A2BEA3D60 ] Browser Manager C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
07:59:05.0319 5868 Browser Manager - ok
07:59:05.0350 5868 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:59:05.0397 5868 Brserid - ok
07:59:05.0413 5868 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:59:05.0444 5868 BrSerWdm - ok
07:59:05.0452 5868 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:59:05.0483 5868 BrUsbMdm - ok
07:59:05.0499 5868 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:59:05.0553 5868 BrUsbSer - ok
07:59:05.0569 5868 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:59:05.0608 5868 BTHMODEM - ok
07:59:05.0631 5868 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
07:59:05.0686 5868 bthserv - ok
07:59:05.0717 5868 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:59:05.0780 5868 cdfs - ok
07:59:05.0814 5868 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
07:59:05.0861 5868 cdrom - ok
07:59:05.0884 5868 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
07:59:05.0931 5868 CertPropSvc - ok
07:59:05.0955 5868 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:59:05.0978 5868 circlass - ok
07:59:06.0001 5868 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
07:59:06.0017 5868 CLFS - ok
07:59:06.0087 5868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:59:06.0126 5868 clr_optimization_v2.0.50727_32 - ok
07:59:06.0173 5868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:59:06.0205 5868 clr_optimization_v4.0.30319_32 - ok
07:59:06.0228 5868 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:59:06.0283 5868 CmBatt - ok
07:59:06.0298 5868 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:59:06.0322 5868 cmdide - ok
07:59:06.0353 5868 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
07:59:06.0439 5868 CNG - ok
07:59:06.0462 5868 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:59:06.0478 5868 Compbatt - ok
07:59:06.0517 5868 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:59:06.0541 5868 CompositeBus - ok
07:59:06.0556 5868 COMSysApp - ok
07:59:06.0580 5868 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:59:06.0595 5868 crcdisk - ok
07:59:06.0626 5868 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:59:06.0705 5868 CryptSvc - ok
07:59:06.0751 5868 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
07:59:06.0808 5868 DcomLaunch - ok
07:59:06.0847 5868 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
07:59:06.0894 5868 defragsvc - ok
07:59:06.0917 5868 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:59:06.0972 5868 DfsC - ok
07:59:06.0996 5868 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:59:07.0027 5868 Dhcp - ok
07:59:07.0050 5868 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
07:59:07.0097 5868 discache - ok
07:59:07.0113 5868 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:59:07.0144 5868 Disk - ok
07:59:07.0167 5868 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:59:07.0222 5868 Dnscache - ok
07:59:07.0246 5868 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
07:59:07.0324 5868 dot3svc - ok
07:59:07.0347 5868 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
07:59:07.0394 5868 DPS - ok
07:59:07.0425 5868 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:59:07.0472 5868 drmkaud - ok
07:59:07.0503 5868 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:59:07.0589 5868 DXGKrnl - ok
07:59:07.0621 5868 [ 339CBFFBBC29580DBC3B235F2FB74F74 ] e1express C:\Windows\system32\DRIVERS\e1e6232.sys
07:59:07.0691 5868 e1express - ok
07:59:07.0707 5868 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
07:59:07.0738 5868 EapHost - ok
07:59:07.0857 5868 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
07:59:07.0990 5868 ebdrv - ok
07:59:08.0005 5868 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
07:59:08.0068 5868 EFS - ok
07:59:08.0115 5868 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:59:08.0201 5868 ehRecvr - ok
07:59:08.0224 5868 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
07:59:08.0279 5868 ehSched - ok
07:59:08.0318 5868 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:59:08.0365 5868 elxstor - ok
07:59:08.0388 5868 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:59:08.0419 5868 ErrDev - ok
07:59:08.0443 5868 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
07:59:08.0482 5868 EventSystem - ok
07:59:08.0498 5868 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
07:59:08.0544 5868 exfat - ok
07:59:08.0560 5868 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:59:08.0615 5868 fastfat - ok
07:59:08.0654 5868 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
07:59:08.0716 5868 Fax - ok
07:59:08.0740 5868 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:59:08.0787 5868 fdc - ok
07:59:08.0810 5868 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
07:59:08.0852 5868 fdPHost - ok
07:59:08.0868 5868 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
07:59:08.0899 5868 FDResPub - ok
07:59:08.0915 5868 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:59:08.0946 5868 FileInfo - ok
07:59:08.0954 5868 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:59:09.0008 5868 Filetrace - ok
07:59:09.0055 5868 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:59:09.0102 5868 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
07:59:09.0102 5868 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
07:59:09.0125 5868 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:59:09.0165 5868 flpydisk - ok
07:59:09.0188 5868 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:59:09.0219 5868 FltMgr - ok
07:59:09.0266 5868 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
07:59:09.0313 5868 FontCache - ok
07:59:09.0344 5868 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:59:09.0375 5868 FontCache3.0.0.0 - ok
07:59:09.0407 5868 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:59:09.0438 5868 FsDepends - ok
07:59:09.0469 5868 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:59:09.0485 5868 Fs_Rec - ok
07:59:09.0516 5868 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:59:09.0555 5868 fvevol - ok
07:59:09.0579 5868 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:59:09.0610 5868 gagp30kx - ok
07:59:09.0649 5868 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:59:09.0680 5868 GEARAspiWDM - ok
07:59:09.0719 5868 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
07:59:09.0813 5868 gpsvc - ok
07:59:09.0837 5868 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:59:09.0909 5868 hcw85cir - ok
07:59:09.0948 5868 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:59:10.0026 5868 HdAudAddService - ok
07:59:10.0049 5868 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:59:10.0081 5868 HDAudBus - ok
07:59:10.0112 5868 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\Windows\system32\DRIVERS\HECI.sys
07:59:10.0143 5868 HECI - ok
07:59:10.0166 5868 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:59:10.0213 5868 HidBatt - ok
07:59:10.0237 5868 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:59:10.0276 5868 HidBth - ok
07:59:10.0299 5868 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:59:10.0323 5868 HidIr - ok
07:59:10.0346 5868 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
07:59:10.0377 5868 hidserv - ok
07:59:10.0416 5868 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:59:10.0456 5868 HidUsb - ok
07:59:10.0487 5868 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:59:10.0518 5868 hkmsvc - ok
07:59:10.0549 5868 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:59:10.0604 5868 HomeGroupListener - ok
07:59:10.0627 5868 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:59:10.0659 5868 HomeGroupProvider - ok
07:59:10.0713 5868 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:59:10.0752 5868 HpSAMD - ok
07:59:10.0791 5868 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:59:10.0878 5868 HTTP - ok
07:59:10.0894 5868 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:59:10.0925 5868 hwpolicy - ok
07:59:10.0949 5868 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:59:10.0988 5868 i8042prt - ok
07:59:11.0019 5868 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
07:59:11.0035 5868 iaStor - ok
07:59:11.0089 5868 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
07:59:11.0097 5868 IAStorDataMgrSvc - ok
07:59:11.0121 5868 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:59:11.0191 5868 iaStorV - ok
07:59:11.0253 5868 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:59:11.0324 5868 idsvc - ok
07:59:11.0378 5868 [ C15E573E39DAE08C1F1C0A4F9319417F ] IduService C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe
07:59:11.0425 5868 IduService - ok
07:59:11.0566 5868 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
07:59:11.0777 5868 igfx - ok
07:59:11.0808 5868 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:59:11.0847 5868 iirsp - ok
07:59:11.0888 5868 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
07:59:11.0935 5868 IKEEXT - ok
07:59:12.0044 5868 [ C4A01E7F7AA61256A153A1D8B463F89F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
07:59:12.0208 5868 IntcAzAudAddService - ok
07:59:12.0224 5868 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
07:59:12.0248 5868 intelide - ok
07:59:12.0279 5868 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:59:12.0294 5868 intelppm - ok
07:59:12.0318 5868 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:59:12.0373 5868 IPBusEnum - ok
07:59:12.0388 5868 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:59:12.0435 5868 IpFilterDriver - ok
07:59:12.0458 5868 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:59:12.0498 5868 iphlpsvc - ok
07:59:12.0529 5868 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:59:12.0552 5868 IPMIDRV - ok
07:59:12.0576 5868 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:59:12.0630 5868 IPNAT - ok
07:59:12.0701 5868 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:59:12.0724 5868 iPod Service - ok
07:59:12.0740 5868 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:59:12.0794 5868 IRENUM - ok
07:59:12.0818 5868 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:59:12.0833 5868 isapnp - ok
07:59:12.0857 5868 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:59:12.0930 5868 iScsiPrt - ok
07:59:12.0954 5868 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:59:12.0985 5868 kbdclass - ok
07:59:13.0016 5868 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:59:13.0040 5868 kbdhid - ok
07:59:13.0055 5868 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
07:59:13.0071 5868 KeyIso - ok
07:59:13.0102 5868 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:59:13.0133 5868 KSecDD - ok
07:59:13.0157 5868 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:59:13.0188 5868 KSecPkg - ok
07:59:13.0211 5868 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
07:59:13.0290 5868 KtmRm - ok
07:59:13.0329 5868 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
07:59:13.0352 5868 LanmanServer - ok
07:59:13.0375 5868 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:59:13.0399 5868 LanmanWorkstation - ok
07:59:13.0422 5868 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:59:13.0469 5868 lltdio - ok
07:59:13.0500 5868 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:59:13.0532 5868 lltdsvc - ok
07:59:13.0547 5868 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
07:59:13.0579 5868 lmhosts - ok
07:59:13.0602 5868 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:59:13.0633 5868 LSI_FC - ok
07:59:13.0672 5868 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:59:13.0704 5868 LSI_SAS - ok
07:59:13.0719 5868 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:59:13.0735 5868 LSI_SAS2 - ok
07:59:13.0750 5868 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:59:13.0782 5868 LSI_SCSI - ok
07:59:13.0805 5868 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
07:59:13.0844 5868 luafv - ok
07:59:13.0880 5868 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
07:59:13.0909 5868 MBAMProtector - ok
07:59:13.0956 5868 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:59:13.0979 5868 MBAMScheduler - ok
07:59:14.0010 5868 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:59:14.0034 5868 MBAMService - ok
07:59:14.0049 5868 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:59:14.0073 5868 Mcx2Svc - ok
07:59:14.0088 5868 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:59:14.0120 5868 megasas - ok
07:59:14.0143 5868 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:59:14.0174 5868 MegaSR - ok
07:59:14.0198 5868 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
07:59:14.0237 5868 MMCSS - ok
07:59:14.0252 5868 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
07:59:14.0315 5868 Modem - ok
07:59:14.0338 5868 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:59:14.0362 5868 monitor - ok
07:59:14.0393 5868 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:59:14.0432 5868 mouclass - ok
07:59:14.0448 5868 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:59:14.0487 5868 mouhid - ok
07:59:14.0510 5868 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:59:14.0549 5868 mountmgr - ok
07:59:14.0596 5868 [ F906EAAC941FA2FA67A21DF2732EA379 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:59:14.0635 5868 MozillaMaintenance - ok
07:59:14.0659 5868 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
07:59:14.0706 5868 mpio - ok
07:59:14.0729 5868 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:59:14.0791 5868 mpsdrv - ok
07:59:14.0815 5868 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:59:14.0870 5868 MpsSvc - ok
07:59:14.0911 5868 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:59:14.0965 5868 MRxDAV - ok
07:59:14.0981 5868 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:59:15.0043 5868 mrxsmb - ok
07:59:15.0059 5868 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:59:15.0098 5868 mrxsmb10 - ok
07:59:15.0114 5868 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:59:15.0145 5868 mrxsmb20 - ok
07:59:15.0176 5868 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
07:59:15.0192 5868 msahci - ok
07:59:15.0208 5868 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:59:15.0247 5868 msdsm - ok
07:59:15.0270 5868 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
07:59:15.0317 5868 MSDTC - ok
07:59:15.0348 5868 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:59:15.0379 5868 Msfs - ok
07:59:15.0395 5868 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:59:15.0450 5868 mshidkmdf - ok
07:59:15.0465 5868 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:59:15.0497 5868 msisadrv - ok
07:59:15.0520 5868 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:59:15.0590 5868 MSiSCSI - ok
07:59:15.0598 5868 msiserver - ok
07:59:15.0622 5868 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:59:15.0653 5868 MSKSSRV - ok
07:59:15.0684 5868 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:59:15.0747 5868 MSPCLOCK - ok
07:59:15.0762 5868 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:59:15.0817 5868 MSPQM - ok
07:59:15.0825 5868 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:59:15.0848 5868 MsRPC - ok
07:59:15.0872 5868 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:59:15.0879 5868 mssmbios - ok
07:59:15.0913 5868 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:59:15.0953 5868 MSTEE - ok
07:59:15.0960 5868 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:59:15.0992 5868 MTConfig - ok
07:59:16.0000 5868 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
07:59:16.0031 5868 Mup - ok
07:59:16.0062 5868 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
07:59:16.0093 5868 napagent - ok
07:59:16.0132 5868 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:59:16.0195 5868 NativeWifiP - ok
07:59:16.0226 5868 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:59:16.0257 5868 NDIS - ok
07:59:16.0296 5868 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:59:16.0328 5868 NdisCap - ok
07:59:16.0351 5868 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:59:16.0406 5868 NdisTapi - ok
07:59:16.0429 5868 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:59:16.0476 5868 Ndisuio - ok
07:59:16.0492 5868 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:59:16.0539 5868 NdisWan - ok
07:59:16.0562 5868 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:59:16.0601 5868 NDProxy - ok
07:59:16.0632 5868 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:59:16.0679 5868 NetBIOS - ok
07:59:16.0718 5868 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:59:16.0773 5868 NetBT - ok
07:59:16.0781 5868 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
07:59:16.0796 5868 Netlogon - ok
07:59:16.0835 5868 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
07:59:16.0875 5868 Netman - ok
07:59:16.0890 5868 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
07:59:16.0931 5868 netprofm - ok
07:59:16.0955 5868 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:59:16.0986 5868 NetTcpPortSharing - ok
07:59:17.0025 5868 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:59:17.0048 5868 nfrd960 - ok
07:59:17.0072 5868 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:59:17.0111 5868 NlaSvc - ok
07:59:17.0126 5868 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:59:17.0158 5868 Npfs - ok
07:59:17.0181 5868 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
07:59:17.0244 5868 nsi - ok
07:59:17.0267 5868 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:59:17.0298 5868 nsiproxy - ok
07:59:17.0345 5868 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:59:17.0416 5868 Ntfs - ok
07:59:17.0423 5868 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
07:59:17.0478 5868 Null - ok
07:59:17.0501 5868 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:59:17.0533 5868 nvraid - ok
07:59:17.0548 5868 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:59:17.0587 5868 nvstor - ok
07:59:17.0611 5868 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:59:17.0642 5868 nv_agp - ok
07:59:17.0681 5868 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:59:17.0712 5868 ohci1394 - ok
07:59:17.0744 5868 [ D7D120FD31BB8B4EC6A4F628517EDC33 ] osaio C:\Windows\system32\drivers\osaio.sys
07:59:17.0759 5868 osaio - ok
07:59:17.0767 5868 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:59:17.0822 5868 p2pimsvc - ok
07:59:17.0837 5868 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
07:59:17.0861 5868 p2psvc - ok
07:59:17.0876 5868 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:59:17.0908 5868 Parport - ok
07:59:17.0941 5868 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:59:17.0972 5868 partmgr - ok
07:59:17.0988 5868 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
07:59:18.0019 5868 Parvdm - ok
07:59:18.0027 5868 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:59:18.0050 5868 PcaSvc - ok
07:59:18.0074 5868 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
07:59:18.0113 5868 pci - ok
07:59:18.0128 5868 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
07:59:18.0144 5868 pciide - ok
07:59:18.0175 5868 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:59:18.0191 5868 pcmcia - ok
07:59:18.0207 5868 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
07:59:18.0222 5868 pcw - ok
07:59:18.0246 5868 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:59:18.0332 5868 PEAUTH - ok
07:59:18.0394 5868 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
07:59:18.0535 5868 pla - ok
07:59:18.0574 5868 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:59:18.0621 5868 PlugPlay - ok
07:59:18.0644 5868 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:59:18.0730 5868 PNRPAutoReg - ok
07:59:18.0746 5868 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:59:18.0769 5868 PNRPsvc - ok
07:59:18.0792 5868 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:59:18.0839 5868 PolicyAgent - ok
07:59:18.0855 5868 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
07:59:18.0886 5868 Power - ok
07:59:18.0910 5868 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:59:18.0953 5868 PptpMiniport - ok
07:59:18.0977 5868 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:59:19.0016 5868 Processor - ok
07:59:19.0047 5868 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
07:59:19.0102 5868 ProfSvc - ok
07:59:19.0118 5868 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:59:19.0133 5868 ProtectedStorage - ok
07:59:19.0157 5868 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:59:19.0188 5868 Psched - ok
07:59:19.0243 5868 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:59:19.0352 5868 ql2300 - ok
07:59:19.0368 5868 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:59:19.0391 5868 ql40xx - ok
07:59:19.0415 5868 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
07:59:19.0485 5868 QWAVE - ok
07:59:19.0516 5868 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:59:19.0555 5868 QWAVEdrv - ok
07:59:19.0571 5868 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:59:19.0610 5868 RasAcd - ok
07:59:19.0633 5868 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:59:19.0680 5868 RasAgileVpn - ok
07:59:19.0711 5868 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
07:59:19.0758 5868 RasAuto - ok
07:59:19.0774 5868 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:59:19.0836 5868 Rasl2tp - ok
07:59:19.0860 5868 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
07:59:19.0922 5868 RasMan - ok
07:59:19.0946 5868 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:59:19.0990 5868 RasPppoe - ok
07:59:20.0021 5868 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:59:20.0060 5868 RasSstp - ok
07:59:20.0083 5868 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:59:20.0154 5868 rdbss - ok
07:59:20.0177 5868 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:59:20.0208 5868 rdpbus - ok
07:59:20.0232 5868 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:59:20.0287 5868 RDPCDD - ok
07:59:20.0310 5868 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:59:20.0357 5868 RDPENCDD - ok
07:59:20.0373 5868 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:59:20.0427 5868 RDPREFMP - ok
07:59:20.0451 5868 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:59:20.0505 5868 RDPWD - ok
07:59:20.0544 5868 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:59:20.0599 5868 rdyboost - ok
07:59:20.0623 5868 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
07:59:20.0654 5868 RemoteAccess - ok
07:59:20.0677 5868 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:59:20.0716 5868 RemoteRegistry - ok
07:59:20.0732 5868 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:59:20.0763 5868 RpcEptMapper - ok
07:59:20.0787 5868 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
07:59:20.0802 5868 RpcLocator - ok
07:59:20.0818 5868 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
07:59:20.0841 5868 RpcSs - ok
07:59:20.0873 5868 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:59:20.0904 5868 rspndr - ok
07:59:20.0912 5868 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
07:59:20.0927 5868 SamSs - ok
07:59:20.0966 5868 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:59:21.0006 5868 sbp2port - ok
07:59:21.0030 5868 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:59:21.0069 5868 SCardSvr - ok
07:59:21.0092 5868 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:59:21.0124 5868 scfilter - ok
07:59:21.0147 5868 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
07:59:21.0217 5868 Schedule - ok
07:59:21.0233 5868 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:59:21.0256 5868 SCPolicySvc - ok
07:59:21.0280 5868 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:59:21.0350 5868 SDRSVC - ok
07:59:21.0374 5868 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:59:21.0397 5868 secdrv - ok
07:59:21.0420 5868 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
07:59:21.0459 5868 seclogon - ok
07:59:21.0475 5868 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
07:59:21.0514 5868 SENS - ok
07:59:21.0538 5868 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:59:21.0584 5868 SensrSvc - ok
07:59:21.0608 5868 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:59:21.0631 5868 Serenum - ok
07:59:21.0678 5868 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:59:21.0733 5868 Serial - ok
07:59:21.0756 5868 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:59:21.0788 5868 sermouse - ok
07:59:21.0811 5868 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
07:59:21.0850 5868 SessionEnv - ok
07:59:21.0866 5868 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:59:21.0897 5868 sffdisk - ok
07:59:21.0913 5868 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:59:21.0952 5868 sffp_mmc - ok
07:59:21.0959 5868 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:59:21.0983 5868 sffp_sd - ok
07:59:22.0015 5868 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:59:22.0063 5868 sfloppy - ok
07:59:22.0110 5868 [ C4BD2A509709248AF4F5CE9162C62ACE ] SgtSch2Svc C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
07:59:22.0141 5868 SgtSch2Svc - ok
07:59:22.0172 5868 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:59:22.0235 5868 SharedAccess - ok
07:59:22.0266 5868 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:59:22.0290 5868 ShellHWDetection - ok
07:59:22.0313 5868 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
07:59:22.0329 5868 sisagp - ok
07:59:22.0360 5868 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:59:22.0375 5868 SiSRaid2 - ok
07:59:22.0391 5868 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:59:22.0415 5868 SiSRaid4 - ok
07:59:22.0438 5868 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:59:22.0477 5868 Smb - ok
07:59:22.0516 5868 [ 98B44C15B4EED76AA8DCCB64A4CA11AF ] snapman C:\Windows\system32\DRIVERS\snapman.sys
07:59:22.0540 5868 snapman - ok
07:59:22.0555 5868 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:59:22.0579 5868 SNMPTRAP - ok
07:59:22.0602 5868 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
07:59:22.0618 5868 spldr - ok
07:59:22.0672 5868 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
07:59:22.0727 5868 Spooler - ok
07:59:22.0836 5868 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
07:59:22.0891 5868 sppsvc - ok
07:59:22.0907 5868 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:59:22.0954 5868 sppuinotify - ok
07:59:22.0977 5868 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:59:23.0033 5868 srv - ok
07:59:23.0048 5868 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:59:23.0119 5868 srv2 - ok
07:59:23.0142 5868 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:59:23.0205 5868 srvnet - ok
07:59:23.0244 5868 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:59:23.0267 5868 SSDPSRV - ok
07:59:23.0283 5868 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
07:59:23.0330 5868 ssmdrv - ok
07:59:23.0353 5868 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:59:23.0392 5868 SstpSvc - ok
07:59:23.0416 5868 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:59:23.0431 5868 stexstor - ok
07:59:23.0462 5868 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
07:59:23.0525 5868 StiSvc - ok
07:59:23.0548 5868 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
07:59:23.0564 5868 swenum - ok
07:59:23.0642 5868 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
07:59:23.0673 5868 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
07:59:23.0673 5868 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
07:59:23.0712 5868 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
07:59:23.0751 5868 swprv - ok
07:59:23.0798 5868 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
07:59:23.0853 5868 SysMain - ok
07:59:23.0869 5868 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:59:23.0916 5868 TabletInputService - ok
07:59:23.0939 5868 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
07:59:24.0010 5868 TapiSrv - ok
07:59:24.0042 5868 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
07:59:24.0074 5868 TBS - ok
07:59:24.0128 5868 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:59:24.0222 5868 Tcpip - ok
07:59:24.0269 5868 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:59:24.0308 5868 TCPIP6 - ok
07:59:24.0332 5868 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:59:24.0386 5868 tcpipreg - ok
07:59:24.0410 5868 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:59:24.0457 5868 TDPIPE - ok
07:59:24.0472 5868 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:59:24.0503 5868 TDTCP - ok
07:59:24.0527 5868 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:59:24.0558 5868 tdx - ok
07:59:24.0574 5868 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
07:59:24.0605 5868 TermDD - ok
07:59:24.0636 5868 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
07:59:24.0699 5868 TermService - ok
07:59:24.0714 5868 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
07:59:24.0730 5868 Themes - ok
07:59:24.0738 5868 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
07:59:24.0761 5868 THREADORDER - ok
07:59:24.0777 5868 [ B0B3122BFF3910E0BA97014045467778 ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys
07:59:24.0808 5868 tifsfilter - ok
07:59:24.0839 5868 [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
07:59:24.0886 5868 timounter - ok
07:59:24.0917 5868 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
07:59:24.0941 5868 TPM - ok
07:59:24.0957 5868 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
07:59:24.0996 5868 TrkWks - ok
07:59:25.0053 5868 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:59:25.0092 5868 TrustedInstaller - ok
07:59:25.0116 5868 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:59:25.0155 5868 tssecsrv - ok
07:59:25.0186 5868 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:59:25.0241 5868 TsUsbFlt - ok
07:59:25.0272 5868 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:59:25.0311 5868 tunnel - ok
07:59:25.0334 5868 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:59:25.0366 5868 uagp35 - ok
07:59:25.0389 5868 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:59:25.0467 5868 udfs - ok
07:59:25.0491 5868 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:59:25.0522 5868 UI0Detect - ok
07:59:25.0545 5868 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:59:25.0561 5868 uliagpkx - ok
07:59:25.0584 5868 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
07:59:25.0608 5868 umbus - ok
07:59:25.0624 5868 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:59:25.0686 5868 UmPass - ok
07:59:25.0733 5868 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
07:59:25.0764 5868 upnphost - ok
07:59:25.0795 5868 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
07:59:25.0811 5868 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
07:59:25.0811 5868 USBAAPL - detected UnsignedFile.Multi.Generic (1)
07:59:25.0834 5868 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:59:25.0889 5868 usbccgp - ok
07:59:25.0905 5868 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:59:25.0944 5868 usbcir - ok
07:59:25.0967 5868 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:59:25.0999 5868 usbehci - ok
07:59:26.0033 5868 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:59:26.0064 5868 usbhub - ok
07:59:26.0080 5868 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
07:59:26.0126 5868 usbohci - ok
07:59:26.0142 5868 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:59:26.0181 5868 usbprint - ok
07:59:26.0220 5868 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:59:26.0259 5868 usbscan - ok
07:59:26.0291 5868 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:59:26.0361 5868 USBSTOR - ok
07:59:26.0384 5868 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:59:26.0408 5868 usbuhci - ok
07:59:26.0416 5868 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
07:59:26.0455 5868 UxSms - ok
07:59:26.0462 5868 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
07:59:26.0486 5868 VaultSvc - ok
07:59:26.0517 5868 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:59:26.0533 5868 vdrvroot - ok
07:59:26.0564 5868 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
07:59:26.0619 5868 vds - ok
07:59:26.0673 5868 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:59:26.0697 5868 vga - ok
07:59:26.0720 5868 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:59:26.0751 5868 VgaSave - ok
07:59:26.0767 5868 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:59:26.0798 5868 vhdmp - ok
07:59:26.0830 5868 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
07:59:26.0869 5868 viaagp - ok
07:59:26.0900 5868 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
07:59:26.0939 5868 ViaC7 - ok
07:59:26.0955 5868 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
07:59:26.0986 5868 viaide - ok
07:59:27.0025 5868 [ 149EC3E217F9D11E9CA6C54CE3D70C73 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
07:59:27.0041 5868 vididr - ok
07:59:27.0083 5868 [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys
07:59:27.0098 5868 vidsflt53 - ok
07:59:27.0114 5868 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:59:27.0129 5868 volmgr - ok
07:59:27.0161 5868 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:59:27.0200 5868 volmgrx - ok
07:59:27.0215 5868 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:59:27.0278 5868 volsnap - ok
07:59:27.0340 5868 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:59:27.0372 5868 vsmraid - ok
07:59:27.0418 5868 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
07:59:27.0520 5868 VSS - ok
07:59:27.0528 5868 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
07:59:27.0551 5868 vwifibus - ok
07:59:27.0575 5868 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
07:59:27.0606 5868 W32Time - ok
07:59:27.0637 5868 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:59:27.0684 5868 WacomPen - ok
07:59:27.0731 5868 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:59:27.0793 5868 WANARP - ok
07:59:27.0793 5868 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:59:27.0809 5868 Wanarpv6 - ok
07:59:27.0856 5868 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
07:59:27.0965 5868 wbengine - ok
07:59:27.0997 5868 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:59:28.0028 5868 WbioSrvc - ok
07:59:28.0043 5868 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:59:28.0076 5868 wcncsvc - ok
07:59:28.0076 5868 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:59:28.0138 5868 WcsPlugInService - ok
07:59:28.0170 5868 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:59:28.0186 5868 Wd - ok
07:59:28.0209 5868 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:59:28.0233 5868 Wdf01000 - ok
07:59:28.0249 5868 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:59:28.0288 5868 WdiServiceHost - ok
07:59:28.0288 5868 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:59:28.0303 5868 WdiSystemHost - ok
07:59:28.0327 5868 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
07:59:28.0358 5868 WebClient - ok
07:59:28.0381 5868 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:59:28.0413 5868 Wecsvc - ok
07:59:28.0420 5868 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:59:28.0452 5868 wercplsupport - ok
07:59:28.0475 5868 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
07:59:28.0514 5868 WerSvc - ok
07:59:28.0545 5868 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:59:28.0569 5868 WfpLwf - ok
07:59:28.0584 5868 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:59:28.0616 5868 WIMMount - ok
07:59:28.0663 5868 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:59:28.0709 5868 WinDefend - ok
07:59:28.0717 5868 WinHttpAutoProxySvc - ok
07:59:28.0756 5868 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:59:28.0819 5868 Winmgmt - ok
07:59:28.0866 5868 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
07:59:28.0913 5868 WinRM - ok
07:59:28.0952 5868 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:59:28.0975 5868 WinUsb - ok
07:59:29.0006 5868 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:59:29.0069 5868 Wlansvc - ok
07:59:29.0105 5868 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:59:29.0121 5868 WmiAcpi - ok
07:59:29.0144 5868 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:59:29.0175 5868 wmiApSrv - ok
07:59:29.0230 5868 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:59:29.0285 5868 WMPNetworkSvc - ok
07:59:29.0316 5868 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:59:29.0355 5868 WPCSvc - ok
07:59:29.0371 5868 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:59:29.0394 5868 WPDBusEnum - ok
07:59:29.0417 5868 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:59:29.0472 5868 ws2ifsl - ok
07:59:29.0496 5868 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
07:59:29.0519 5868 wscsvc - ok
07:59:29.0527 5868 WSearch - ok
07:59:29.0597 5868 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
07:59:29.0636 5868 wuauserv - ok
07:59:29.0660 5868 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:59:29.0707 5868 WudfPf - ok
07:59:29.0730 5868 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:59:29.0761 5868 WUDFRd - ok
07:59:29.0777 5868 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:59:29.0816 5868 wudfsvc - ok
07:59:29.0839 5868 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
07:59:29.0871 5868 WwanSvc - ok
07:59:29.0878 5868 ================ Scan global ===============================
07:59:29.0894 5868 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
07:59:29.0925 5868 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
07:59:29.0933 5868 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
07:59:29.0957 5868 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
07:59:29.0980 5868 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
07:59:29.0996 5868 [Global] - ok
07:59:29.0996 5868 ================ Scan MBR ==================================
07:59:30.0011 5868 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:59:30.0208 5868 \Device\Harddisk0\DR0 - ok
07:59:30.0223 5868 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
07:59:30.0364 5868 \Device\Harddisk1\DR1 - ok
07:59:30.0364 5868 ================ Scan VBR ==================================
07:59:30.0395 5868 [ 5FE52D4C7174FFE059F95679E5D1EC7B ] \Device\Harddisk0\DR0\Partition1
07:59:30.0395 5868 \Device\Harddisk0\DR0\Partition1 - ok
07:59:30.0411 5868 [ 2DCC78E295831EAE2FB34673994FD73D ] \Device\Harddisk0\DR0\Partition2
07:59:30.0411 5868 \Device\Harddisk0\DR0\Partition2 - ok
07:59:30.0426 5868 [ 1ECD5AE96242AA4021AB0F68F5EE7D27 ] \Device\Harddisk0\DR0\Partition3
07:59:30.0426 5868 \Device\Harddisk0\DR0\Partition3 - ok
07:59:30.0426 5868 [ 2478F17B9FB4F605F39642BE464E6B5E ] \Device\Harddisk1\DR1\Partition1
07:59:30.0434 5868 \Device\Harddisk1\DR1\Partition1 - ok
07:59:30.0450 5868 [ 719CB9055B3DCE3852F60B2EC14A5701 ] \Device\Harddisk1\DR1\Partition2
07:59:30.0450 5868 \Device\Harddisk1\DR1\Partition2 - ok
07:59:30.0450 5868 ============================================================
07:59:30.0450 5868 Scan finished
07:59:30.0450 5868 ============================================================
07:59:30.0458 2520 Detected object count: 3
07:59:30.0458 2520 Actual detected object count: 3
08:00:07.0924 2520 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:00:07.0924 2520 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:00:07.0924 2520 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
08:00:07.0924 2520 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:00:07.0924 2520 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
08:00:07.0924 2520 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

Chris4You · 11.10.2012, 14:53

Hi,

das sieht eigentlich gut aus...

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found


:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

aswMBR
Folge den Anweisungen hier.
Kurzanleitung:
Von http://filepony.de/download-aswmbr/ die aswMBR.exe runterladen und auf dem Desktop speichern.

Doppelklick auf die aswMBR.exe.

Scan-Button anklicken

Bootsectoren (MBR) etc. werden nun untersucht.....

Log speichern und im Thread posten

Prevx:
Das Tool neigt zu Fehlalarmen und kann in der freien Version auch nichts löschen, ist aber sonst recht gut... (und läuft auch auf 64Bit-Plattformen)
Prevx 3.0 for Home and Family
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

bevaupe · 12.10.2012, 18:05

Hallo Chris,
hier kommen die drei Ergebnisse!
Grüße!

OTL:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: be
->Temp folder emptied: 1723423924 bytes
->Temporary Internet Files folder emptied: 519112390 bytes
->Java cache emptied: 628013 bytes
->FireFox cache emptied: 256626124 bytes
->Flash cache emptied: 46712 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93548651 bytes
RecycleBin emptied: 2109604912 bytes

Total Files Cleaned = 4.485,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10122012_183710

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.

---------------------
asMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-12 18:46:35
-----------------------------
18:46:35.095 OS Version: Windows 6.1.7601 Service Pack 1
18:46:35.095 Number of processors: 2 586 0x1706
18:46:35.099 ComputerName: BE UserName: be
18:46:51.008 Initialize success
18:47:14.704 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:47:14.704 Disk 0 Vendor: ST325031 3.AA Size: 238475MB BusType: 3
18:47:14.719 Disk 0 MBR read successfully
18:47:14.719 Disk 0 MBR scan
18:47:14.719 Disk 0 Windows 7 default MBR code
18:47:14.735 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
18:47:14.735 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 81920 MB offset 718848
18:47:14.750 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 156202 MB offset 168491008
18:47:14.766 Disk 0 scanning sectors +488392704
18:47:14.829 Disk 0 scanning C:\Windows\system32\drivers
18:47:24.885 Service scanning
18:47:41.850 Modules scanning
18:47:50.554 Disk 0 trace - called modules:
18:47:50.554 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys halmacpi.dll iaStor.sys
18:47:50.570 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87649030]
18:47:50.570 3 CLASSPNP.SYS[8944759e] -> nt!IofCallDriver -> [0x87648ed8]
18:47:50.570 5 vsflt53.sys[88b1fc2b] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84de4028]
18:47:50.570 Scan finished successfully
18:49:13.391 Disk 0 MBR has been saved successfully to "C:\Users\be\Desktop\MBR.dat"
18:49:13.704 The log file has been saved successfully to "C:\Users\be\Desktop\aswMBR.txt"

Chris4You · 15.10.2012, 06:59

Hi,

sieht auch ok aus...

chris

bevaupe · 15.10.2012, 13:27

Hallo Chris,
das ist eine gute Nachricht, danke!
Was ich noch gerne wissen würde: warum hat mein Antivir neulich diesen rkit/agent.36864.5 gefunden?
Ich habe gerade nochmal mit dem Antivir gescannt und diesmal hat er nichts gefunden.
Grüße!

Chris4You · 17.10.2012, 07:45

Hi,
aus dem Namen würde ich ableiten, dass das Teil zur Installation des Rootkits dienen sollte und rechtzeitig abgefangen wurde...

Rechner absichern:
Zum Surfen Firefox mit den PlugIns "WOT" (http://filepony.de/?q=WOT) und "NoScript" (http://filepony.de/download-noscript//)) verwenden,
einen "Guest"-Account (keine Adminrechte! XP: (Schritt 6: Eingeschränkte Rechte für Viren - Schritt für Schritt: Windows XP absichern - CHIP Online,
Vista/Win7: Windows-7-Anleitung: Benutzerkonten anlegen und verwalten - NETZWELT) anlegen.

ufräumen:
Backups von OTL, Avenger&Co (falls vorhanden) löschen:
Falls der Rechner einwandfrei läuft, können die Backups der
Bereinigungstools gelöscht werden (soweit vorhanden):

OLT und das Verzeichnis C:\_OTL löschen...

C:\Qoobox - loeschen und Papierkorb leeren (ComboFix Backups)

chris

rkit/agent.36864.5

Plagegeister aller Art und deren Bekämpfung: rkit/agent.36864.5