| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Pc / INternet langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.12.2012, 10:51
| #1 |
 |  Pc / INternet langsam Hallo Leute , Mein Pc wird zunehmend langsamer und iwo habe ich das gefühl , dass bei mir allerhand durchs netz geht , da mein Internet in gewisser Weise extreme Schwankungen hat . Zudem sagt google.de , dass bei mir iwas schief läuft , seiten werden nicht geöffnet ( genauen text weiß ich nicht ) . Code:
ATTFilter OTL logfile created on: 21.12.2012 09:41:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dustin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 5,72 Gb Available Physical Memory | 71,85% Memory free 15,92 Gb Paging File | 13,54 Gb Available in Paging File | 85,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,29 Gb Total Space | 697,56 Gb Free Space | 74,90% Space Free | Partition Type: NTFS Drive E: | 3,77 Gb Total Space | 3,60 Gb Free Space | 95,42% Space Free | Partition Type: FAT32 Computer Name: DUSTIN-PC | User Name: Dustin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.21 09:40:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Downloads\OTL.exe PRC - [2012.12.21 09:25:45 | 000,041,912 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\patch_d.exe PRC - [2012.12.21 09:25:37 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe PRC - [2012.12.06 23:27:46 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.10.27 10:27:29 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Dustin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.08.31 21:48:38 | 000,111,664 | ---- | M] (TMRG, Inc.) -- C:\Program Files (x86)\RelevantKnowledge\rlservice.exe PRC - [2012.08.31 21:48:34 | 003,345,456 | ---- | M] (TMRG, Inc.) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.02 16:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011.04.01 16:08:50 | 010,918,400 | ---- | M] (TP-LINK Technology, Corp.) -- C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe PRC - [2011.03.14 14:25:48 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ========== Modules (No Company Name) ========== MOD - [2012.12.06 23:27:46 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.17 11:52:24 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll MOD - [2012.11.17 11:51:30 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 11:51:24 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll MOD - [2012.11.15 23:20:39 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll MOD - [2012.11.15 23:20:31 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll MOD - [2012.11.15 23:20:26 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll MOD - [2012.11.15 23:20:24 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll MOD - [2012.11.15 23:18:01 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll MOD - [2012.11.15 23:17:59 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll MOD - [2012.11.15 23:17:57 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll MOD - [2012.11.15 23:17:56 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll MOD - [2012.11.15 23:17:55 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll MOD - [2012.11.15 23:17:51 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll MOD - [2012.08.24 08:58:11 | 000,115,137 | ---- | M] () -- C:\Users\Dustin\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll MOD - [2012.08.17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll MOD - [2012.07.02 16:12:50 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.03.14 14:20:20 | 001,033,568 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\COMMON\RaWLAPI.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.12.11 08:44:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr) SRV - [2012.12.21 09:25:37 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP) SRV - [2012.12.11 21:49:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.06 23:27:46 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws) SRV - [2012.10.28 11:35:48 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.08.31 21:48:38 | 000,111,664 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files (x86)\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge) SRV - [2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011.03.14 14:25:48 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe -- (RalinkRegistryWriter64) SRV - [2011.03.14 14:25:48 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2011.03.14 14:20:16 | 000,619,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe -- (TpMediaServer) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.21 09:40:36 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2012.12.21 09:40:36 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2012.12.21 09:40:36 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.12.21 09:40:35 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.09.04 09:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2012.08.21 11:12:08 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2012.03.23 12:54:38 | 000,027,288 | ---- | M] (Ekahau Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ekaprot6.sys -- (EkaProt6) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.27 10:39:33 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.27 10:39:33 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.06 09:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.01.06 09:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.08.11 23:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.06.02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.03.14 14:25:18 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.12.11 09:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2009.12.11 07:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://rautemusik-club.radio.de/" FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..network.proxy.ftp: "193.17.184.49" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "193.17.184.49" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "193.17.184.49" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "193.17.184.49" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox [2012.12.11 10:54:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 09:40:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 09:40:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 09:40:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 23:27:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.06 23:27:44 | 000,000,000 | ---D | M] [2012.08.22 17:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\Extensions [2012.11.24 09:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\4a9djrri.default\extensions [2012.11.24 09:41:58 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\firefox\profiles\4a9djrri.default\extensions\stealthyextension@gmail.com.xpi [2012.11.23 14:28:17 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\firefox\profiles\4a9djrri.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.06 23:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.06 23:27:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.06 23:27:46 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 12:31:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - Extension: Skype Click to Call = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ CHR - Extension: AVG Do Not Track = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE File not found O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dustin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B99958A8-88BB-4642-8142-C82918C29600}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll () O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{48542547-d7c6-11e1-a5a9-00078721bca3}\Shell - "" = AutoRun O33 - MountPoints2\{48542547-d7c6-11e1-a5a9-00078721bca3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.21 09:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012.12.21 09:31:20 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.12.21 09:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge [2012.12.21 09:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013 [2012.12.21 09:19:29 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2012.12.21 09:18:36 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2012.12.21 09:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.12.21 09:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2012.12.21 09:18:21 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.12.21 09:18:21 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2012.12.19 13:26:11 | 000,000,000 | R--D | C] -- C:\Users\Dustin\Desktop\Videos [2012.12.19 13:14:29 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Musik [2012.12.10 19:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RelevantKnowledge [2012.12.10 19:39:11 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Documents\Audio Recorder for Free [2012.12.10 19:39:11 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Audio Recorder for Free [2012.12.10 19:38:36 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll [2012.12.10 19:38:36 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll [2012.12.10 19:38:36 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll [2012.12.10 19:38:36 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll [2012.12.10 19:38:36 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll [2012.12.10 19:38:36 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioVisualization2.dll [2012.12.10 19:38:36 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll [2012.12.10 19:38:36 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll [2012.12.10 19:38:36 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTTextToAudio2.dll [2012.12.10 19:38:36 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTWMAFile2.dll [2012.12.10 19:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Recorder for Free [2012.12.10 19:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audio Recorder for Free [2012.12.10 19:38:03 | 008,093,512 | ---- | C] (Copyright© 2006-2012 AudioToolMedia Software. ) -- C:\Users\Dustin\Desktop\AudioRecorderforFree_12.9.8.exe [2012.12.09 13:38:20 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Ekahau Site Survey [2012.12.09 13:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ekahau [2012.12.09 13:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Ekahau [2012.12.06 23:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.29 20:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2012.11.29 20:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2012.11.21 12:53:18 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Apps ========== Files - Modified Within 30 Days ========== [2012.12.21 09:42:51 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.12.21 09:40:36 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys [2012.12.21 09:40:36 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys [2012.12.21 09:40:36 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys [2012.12.21 09:40:35 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2012.12.21 09:35:03 | 000,000,000 | ---- | M] () -- C:\Users\Dustin\defogger_reenable [2012.12.21 09:31:20 | 000,002,981 | ---- | M] () -- C:\Users\Dustin\Desktop\HiJackThis.lnk [2012.12.21 09:29:13 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 09:29:13 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 09:21:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.21 09:21:09 | 2117,570,559 | -HS- | M] () -- C:\hiberfil.sys [2012.12.21 09:19:29 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk [2012.12.21 08:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.20 20:54:29 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.20 20:54:29 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.20 20:54:29 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.20 20:54:29 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.20 20:54:29 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.18 13:46:29 | 000,276,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.10 19:38:37 | 000,001,076 | ---- | M] () -- C:\Users\Dustin\Desktop\Audio Recorder for Free.lnk [2012.12.10 19:38:16 | 008,093,512 | ---- | M] (Copyright© 2006-2012 AudioToolMedia Software. ) -- C:\Users\Dustin\Desktop\AudioRecorderforFree_12.9.8.exe [2012.12.09 13:40:07 | 000,117,497 | ---- | M] () -- C:\Users\Dustin\Documents\grid.png [2012.12.06 09:46:04 | 000,001,000 | ---- | M] () -- C:\Users\Dustin\Desktop\21112012_Kokosmakronencreme mit Himbeersauce.lnk [2012.12.06 09:46:00 | 000,000,930 | ---- | M] () -- C:\Users\Dustin\Desktop\21112012_Möhren-Orangen-Kuchen.lnk [2012.12.03 09:31:11 | 000,172,346 | ---- | M] () -- C:\Users\Dustin\Desktop\1 PDF-Brief_ZZ und KB on top_neutralv2.pdf [2012.11.29 20:38:08 | 000,006,928 | ---- | M] () -- C:\Users\Dustin\Desktop\73016(1).pdf [2012.11.29 20:38:03 | 000,054,261 | ---- | M] () -- C:\Users\Dustin\Desktop\73016.pdf [2012.11.29 20:33:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2012.11.22 02:07:16 | 001,284,847 | ---- | M] () -- C:\Users\Dustin\Desktop\2012-11-22 01.07.17.jpg [2012.11.22 01:48:00 | 001,378,544 | ---- | M] () -- C:\Users\Dustin\Desktop\2012-11-22 00.48.00.jpg [2012.11.22 01:47:38 | 001,275,324 | ---- | M] () -- C:\Users\Dustin\Desktop\2012-11-22 00.47.38.jpg ========== Files Created - No Company Name ========== [2012.12.21 09:35:03 | 000,000,000 | ---- | C] () -- C:\Users\Dustin\defogger_reenable [2012.12.21 09:31:20 | 000,002,981 | ---- | C] () -- C:\Users\Dustin\Desktop\HiJackThis.lnk [2012.12.21 09:19:47 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk [2012.12.10 19:38:37 | 000,001,076 | ---- | C] () -- C:\Users\Dustin\Desktop\Audio Recorder for Free.lnk [2012.12.10 19:38:36 | 000,113,486 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx [2012.12.09 13:40:06 | 000,117,497 | ---- | C] () -- C:\Users\Dustin\Documents\grid.png [2012.12.03 09:31:11 | 000,172,346 | ---- | C] () -- C:\Users\Dustin\Desktop\1 PDF-Brief_ZZ und KB on top_neutralv2.pdf [2012.12.03 09:28:44 | 000,001,000 | ---- | C] () -- C:\Users\Dustin\Desktop\21112012_Kokosmakronencreme mit Himbeersauce.lnk [2012.12.03 09:28:41 | 000,000,930 | ---- | C] () -- C:\Users\Dustin\Desktop\21112012_Möhren-Orangen-Kuchen.lnk [2012.11.29 20:38:07 | 000,006,928 | ---- | C] () -- C:\Users\Dustin\Desktop\73016(1).pdf [2012.11.29 20:38:02 | 000,054,261 | ---- | C] () -- C:\Users\Dustin\Desktop\73016.pdf [2012.11.29 20:33:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2012.11.22 01:11:38 | 001,378,544 | ---- | C] () -- C:\Users\Dustin\Desktop\2012-11-22 00.48.00.jpg [2012.11.22 01:11:38 | 001,284,847 | ---- | C] () -- C:\Users\Dustin\Desktop\2012-11-22 01.07.17.jpg [2012.11.22 01:11:38 | 001,275,324 | ---- | C] () -- C:\Users\Dustin\Desktop\2012-11-22 00.47.38.jpg [2012.09.05 15:19:21 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.09.05 15:18:59 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2012.09.05 15:18:59 | 000,000,452 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2012.08.30 12:18:43 | 000,000,450 | ---- | C] () -- C:\Program Files (x86)\release [2012.08.30 12:18:18 | 000,003,409 | ---- | C] () -- C:\Program Files (x86)\COPYRIGHT [2012.08.30 12:18:18 | 000,000,983 | ---- | C] () -- C:\Program Files (x86)\Welcome.html [2012.08.30 12:18:18 | 000,000,041 | ---- | C] () -- C:\Program Files (x86)\LICENSE [2012.07.03 08:42:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.03 08:40:07 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.10 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Audio Recorder for Free [2012.10.26 14:42:00 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\AVG2013 [2012.11.21 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\ICQ [2012.07.22 13:21:39 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\ICQ Search [2012.07.03 11:34:23 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\LolClient [2012.07.27 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Samsung [2012.12.20 15:44:09 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Spotify [2012.08.29 16:15:44 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\TS3Client [2012.10.26 13:56:51 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\TuneUp Software [2012.07.28 19:28:53 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Wireshark ========== Purity Check ========== < End of report > Relevant knowledge : ich habe es mal deinstalliert , aber ich kann die dateien aus Proramm files/Relvant knowldege nicht deinstallieren ^bzw. nicht löscheh ( deinstaliieren xD ) |
|
21.12.2012, 12:53
| #2 |
| /// Malware-holic   | Pc / INternet langsam hi
__________________was heißt irgendwas, mit solchen "Aussagen" kann niemand arbeiten, prüfe es, und poste genau was passiert. bitte verzichte auf den Einsatz von Hijackthis, wird nicht mehr weiterentwickelt und kann unter neuen Systemen Probleme machen, ich hoffe, du hast mit dem Programm nicht schon selbst Hand angelegt? Bitte lösche nicht wild drauf los, es wird bitte nur das gemacht, was hier steht. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ |
|
21.12.2012, 13:05
| #3 |
| | Pc / INternet langsam So hat gut geklappt , noch ein Windows update hat sich nebenbei installiert
__________________ Code:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Dustin
->Flash cache emptied: 36476 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dustin
->Temp folder emptied: 80294132 bytes
->Temporary Internet Files folder emptied: 234831302 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 415267133 bytes
->Google Chrome cache emptied: 6782476 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52611226 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 45031126 bytes
Total Files Cleaned = 796,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12212012_125915
Files\Folders moved on Reboot...
C:\Users\Dustin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dustin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MRKVHFSX\128408-pc-internet-langsam[1].htm moved successfully.
C:\Users\Dustin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
21.12.2012, 13:32
| #4 |
| /// Malware-holic | Pc / INternet langsam Hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 13:59
| #5 |
| | Pc / INternet langsam Why macht man da nen log ? Suspicious IDriverT (UnsignedFile.Multi.Generic) Skipped by user IDriverT (UnsignedFile.Multi.Generic) dass waren die beiden angezeigten wer lesen kann ist klar im Vorteil xD Code:
ATTFilter 13:54:22.0286 3484 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:54:22.0287 3484 UEFI system
13:54:22.0480 3484 ============================================================
13:54:22.0480 3484 Current date / time: 2012/12/21 13:54:22.0480
13:54:22.0480 3484 SystemInfo:
13:54:22.0480 3484
13:54:22.0480 3484 OS Version: 6.1.7601 ServicePack: 1.0
13:54:22.0480 3484 Product type: Workstation
13:54:22.0481 3484 ComputerName: DUSTIN-PC
13:54:22.0481 3484 UserName: Dustin
13:54:22.0481 3484 Windows directory: C:\Windows
13:54:22.0481 3484 System windows directory: C:\Windows
13:54:22.0481 3484 Running under WOW64
13:54:22.0481 3484 Processor architecture: Intel x64
13:54:22.0481 3484 Number of processors: 4
13:54:22.0481 3484 Page size: 0x1000
13:54:22.0481 3484 Boot type: Normal boot
13:54:22.0481 3484 ============================================================
13:54:23.0383 3484 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:54:23.0386 3484 Drive \Device\Harddisk1\DR1 - Size: 0xF1C00000 (3.78 Gb), SectorSize: 0x200, Cylinders: 0x1ED, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:54:23.0388 3484 ============================================================
13:54:23.0388 3484 \Device\Harddisk0\DR0:
13:54:23.0388 3484 GPT partitions:
13:54:23.0388 3484 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {6A4DBCE5-F91A-4725-BE1E-D55C41656AE7}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
13:54:23.0388 3484 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4B04E50A-4140-41DD-852E-2D16CE32A6D1}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
13:54:23.0388 3484 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DDBF5510-21A0-4BB1-95A7-9562B682FBC6}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x74694000
13:54:23.0388 3484 MBR partitions:
13:54:23.0388 3484 \Device\Harddisk1\DR1:
13:54:23.0389 3484 MBR partitions:
13:54:23.0389 3484 ============================================================
13:54:23.0412 3484 C: <-> \Device\Harddisk0\DR0\Partition3
13:54:23.0413 3484 ============================================================
13:54:23.0413 3484 Initialize success
13:54:23.0413 3484 ============================================================
13:54:52.0432 4760 ============================================================
13:54:52.0432 4760 Scan started
13:54:52.0432 4760 Mode: Manual; SigCheck; TDLFS;
13:54:52.0432 4760 ============================================================
13:54:52.0906 4760 ================ Scan system memory ========================
13:54:52.0906 4760 System memory - ok
13:54:52.0906 4760 ================ Scan services =============================
13:54:53.0024 4760 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:54:53.0098 4760 1394ohci - ok
13:54:53.0118 4760 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:54:53.0129 4760 ACPI - ok
13:54:53.0141 4760 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:54:53.0210 4760 AcpiPmi - ok
13:54:53.0269 4760 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:54:53.0277 4760 AdobeARMservice - ok
13:54:53.0346 4760 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:54:53.0355 4760 AdobeFlashPlayerUpdateSvc - ok
13:54:53.0384 4760 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:54:53.0405 4760 adp94xx - ok
13:54:53.0417 4760 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:54:53.0436 4760 adpahci - ok
13:54:53.0444 4760 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:54:53.0459 4760 adpu320 - ok
13:54:53.0482 4760 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:54:53.0576 4760 AeLookupSvc - ok
13:54:53.0605 4760 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:54:53.0635 4760 AFD - ok
13:54:53.0661 4760 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:54:53.0674 4760 agp440 - ok
13:54:53.0677 4760 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:54:53.0707 4760 ALG - ok
13:54:53.0724 4760 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:54:53.0736 4760 aliide - ok
13:54:53.0766 4760 [ E886A4DB908F4184BA24431A41AD76B7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:54:53.0800 4760 AMD External Events Utility - ok
13:54:53.0818 4760 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:54:53.0830 4760 amdide - ok
13:54:53.0844 4760 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:54:53.0874 4760 AmdK8 - ok
13:54:54.0070 4760 [ A497FF5AE4D0C93DA2CFB98E6A355C1F ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
13:54:54.0221 4760 amdkmdag - ok
13:54:54.0278 4760 [ 91B89BE832D436AF257B91666BC32C30 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:54:54.0307 4760 amdkmdap - ok
13:54:54.0327 4760 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:54:54.0359 4760 AmdPPM - ok
13:54:54.0406 4760 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:54:54.0416 4760 amdsata - ok
13:54:54.0427 4760 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:54:54.0443 4760 amdsbs - ok
13:54:54.0458 4760 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:54:54.0466 4760 amdxata - ok
13:54:54.0492 4760 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
13:54:54.0523 4760 androidusb - ok
13:54:54.0561 4760 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:54:54.0675 4760 AppID - ok
13:54:54.0698 4760 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:54:54.0741 4760 AppIDSvc - ok
13:54:54.0778 4760 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:54:54.0815 4760 Appinfo - ok
13:54:54.0829 4760 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:54:54.0842 4760 arc - ok
13:54:54.0854 4760 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:54:54.0868 4760 arcsas - ok
13:54:54.0884 4760 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:54:54.0929 4760 AsyncMac - ok
13:54:54.0946 4760 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:54:54.0954 4760 atapi - ok
13:54:54.0995 4760 [ D481083348138B4933ACFE95812DB71C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:54:55.0003 4760 AtiHdmiService - ok
13:54:55.0028 4760 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:54:55.0054 4760 AudioEndpointBuilder - ok
13:54:55.0062 4760 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:54:55.0088 4760 AudioSrv - ok
13:54:55.0129 4760 [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
13:54:55.0135 4760 Avgfwfd - ok
13:54:55.0184 4760 [ 733D86815BEB34E2982BC7F561C35AE3 ] avgfws C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
13:54:55.0203 4760 avgfws - ok
13:54:55.0303 4760 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
13:54:55.0364 4760 AVGIDSAgent - ok
13:54:55.0387 4760 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:54:55.0395 4760 AVGIDSDriver - ok
13:54:55.0415 4760 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
13:54:55.0423 4760 AVGIDSHA - ok
13:54:55.0441 4760 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
13:54:55.0450 4760 Avgldx64 - ok
13:54:55.0462 4760 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
13:54:55.0471 4760 Avgloga - ok
13:54:55.0484 4760 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
13:54:55.0491 4760 Avgmfx64 - ok
13:54:55.0497 4760 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
13:54:55.0504 4760 Avgrkx64 - ok
13:54:55.0518 4760 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
13:54:55.0527 4760 Avgtdia - ok
13:54:55.0536 4760 [ E964EA70249DDE1343C8F694B52575EE ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
13:54:55.0543 4760 avgtp - ok
13:54:55.0559 4760 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
13:54:55.0568 4760 avgwd - ok
13:54:55.0723 4760 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
13:54:55.0733 4760 AVP - ok
13:54:55.0759 4760 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:54:55.0820 4760 AxInstSV - ok
13:54:55.0854 4760 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:54:55.0894 4760 b06bdrv - ok
13:54:55.0926 4760 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:54:55.0958 4760 b57nd60a - ok
13:54:56.0007 4760 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:54:56.0016 4760 BDESVC - ok
13:54:56.0039 4760 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:54:56.0080 4760 Beep - ok
13:54:56.0130 4760 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:54:56.0159 4760 BFE - ok
13:54:56.0177 4760 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:54:56.0219 4760 BITS - ok
13:54:56.0245 4760 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:54:56.0268 4760 blbdrive - ok
13:54:56.0294 4760 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:54:56.0303 4760 bowser - ok
13:54:56.0313 4760 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:54:56.0376 4760 BrFiltLo - ok
13:54:56.0386 4760 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:54:56.0423 4760 BrFiltUp - ok
13:54:56.0458 4760 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:54:56.0486 4760 Browser - ok
13:54:56.0508 4760 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:54:56.0550 4760 Brserid - ok
13:54:56.0575 4760 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:54:56.0607 4760 BrSerWdm - ok
13:54:56.0626 4760 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:54:56.0660 4760 BrUsbMdm - ok
13:54:56.0701 4760 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:54:56.0714 4760 BrUsbSer - ok
13:54:56.0721 4760 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:54:56.0755 4760 BTHMODEM - ok
13:54:56.0793 4760 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:54:56.0832 4760 bthserv - ok
13:54:56.0861 4760 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:54:56.0890 4760 cdfs - ok
13:54:56.0916 4760 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:54:56.0945 4760 cdrom - ok
13:54:56.0974 4760 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:54:56.0998 4760 CertPropSvc - ok
13:54:57.0007 4760 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:54:57.0041 4760 circlass - ok
13:54:57.0069 4760 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:54:57.0079 4760 CLFS - ok
13:54:57.0131 4760 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:54:57.0159 4760 clr_optimization_v2.0.50727_32 - ok
13:54:57.0205 4760 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:54:57.0223 4760 clr_optimization_v2.0.50727_64 - ok
13:54:57.0266 4760 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:54:57.0276 4760 clr_optimization_v4.0.30319_32 - ok
13:54:57.0287 4760 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:54:57.0296 4760 clr_optimization_v4.0.30319_64 - ok
13:54:57.0309 4760 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:54:57.0324 4760 CmBatt - ok
13:54:57.0334 4760 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:54:57.0347 4760 cmdide - ok
13:54:57.0370 4760 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:54:57.0386 4760 CNG - ok
13:54:57.0399 4760 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:54:57.0410 4760 Compbatt - ok
13:54:57.0428 4760 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:54:57.0456 4760 CompositeBus - ok
13:54:57.0458 4760 COMSysApp - ok
13:54:57.0480 4760 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:54:57.0492 4760 crcdisk - ok
13:54:57.0524 4760 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:54:57.0558 4760 CryptSvc - ok
13:54:57.0604 4760 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:54:57.0662 4760 DcomLaunch - ok
13:54:57.0692 4760 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:54:57.0739 4760 defragsvc - ok
13:54:57.0770 4760 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:54:57.0813 4760 DfsC - ok
13:54:57.0848 4760 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:54:57.0859 4760 Dhcp - ok
13:54:57.0868 4760 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:54:57.0892 4760 discache - ok
13:54:57.0902 4760 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:54:57.0910 4760 Disk - ok
13:54:57.0935 4760 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:54:57.0960 4760 Dnscache - ok
13:54:57.0989 4760 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:54:58.0013 4760 dot3svc - ok
13:54:58.0064 4760 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:54:58.0109 4760 DPS - ok
13:54:58.0135 4760 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:54:58.0171 4760 drmkaud - ok
13:54:58.0204 4760 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:54:58.0219 4760 DXGKrnl - ok
13:54:58.0252 4760 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:54:58.0276 4760 EapHost - ok
13:54:58.0328 4760 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:54:58.0401 4760 ebdrv - ok
13:54:58.0421 4760 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:54:58.0445 4760 EFS - ok
13:54:58.0478 4760 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:54:58.0491 4760 ehRecvr - ok
13:54:58.0515 4760 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:54:58.0527 4760 ehSched - ok
13:54:58.0550 4760 [ 44CE3346DBB530FB4A529854CC68DBFC ] EkaProt6 C:\Windows\system32\DRIVERS\ekaprot6.sys
13:54:58.0561 4760 EkaProt6 - ok
13:54:58.0584 4760 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:54:58.0605 4760 elxstor - ok
13:54:58.0623 4760 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:54:58.0654 4760 ErrDev - ok
13:54:58.0696 4760 [ F4845B5EECA94D200F621BBAAF7946C1 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
13:54:58.0718 4760 EtronHub3 - ok
13:54:58.0742 4760 [ 4A5945B5CDCF8EC3F842AE8AAA146A1F ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
13:54:58.0765 4760 EtronXHCI - ok
13:54:58.0796 4760 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:54:58.0821 4760 EventSystem - ok
13:54:58.0833 4760 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:54:58.0864 4760 exfat - ok
13:54:58.0881 4760 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:54:58.0925 4760 fastfat - ok
13:54:58.0970 4760 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:54:59.0005 4760 Fax - ok
13:54:59.0029 4760 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:54:59.0042 4760 fdc - ok
13:54:59.0059 4760 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:54:59.0100 4760 fdPHost - ok
13:54:59.0122 4760 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:54:59.0170 4760 FDResPub - ok
13:54:59.0172 4760 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:54:59.0180 4760 FileInfo - ok
13:54:59.0219 4760 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:54:59.0276 4760 Filetrace - ok
13:54:59.0287 4760 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:54:59.0301 4760 flpydisk - ok
13:54:59.0305 4760 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:54:59.0314 4760 FltMgr - ok
13:54:59.0355 4760 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:54:59.0388 4760 FontCache - ok
13:54:59.0423 4760 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:54:59.0436 4760 FontCache3.0.0.0 - ok
13:54:59.0447 4760 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:54:59.0455 4760 FsDepends - ok
13:54:59.0469 4760 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:54:59.0476 4760 Fs_Rec - ok
13:54:59.0494 4760 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:54:59.0505 4760 fvevol - ok
13:54:59.0523 4760 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:54:59.0536 4760 gagp30kx - ok
13:54:59.0561 4760 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:54:59.0606 4760 gpsvc - ok
13:54:59.0630 4760 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:54:59.0657 4760 hcw85cir - ok
13:54:59.0699 4760 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:54:59.0711 4760 HdAudAddService - ok
13:54:59.0729 4760 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:54:59.0739 4760 HDAudBus - ok
13:54:59.0752 4760 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:54:59.0765 4760 HidBatt - ok
13:54:59.0778 4760 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:54:59.0790 4760 HidBth - ok
13:54:59.0804 4760 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:54:59.0819 4760 HidIr - ok
13:54:59.0833 4760 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:54:59.0872 4760 hidserv - ok
13:54:59.0894 4760 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:54:59.0903 4760 HidUsb - ok
13:54:59.0950 4760 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:55:00.0004 4760 hkmsvc - ok
13:55:00.0037 4760 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:55:00.0069 4760 HomeGroupListener - ok
13:55:00.0090 4760 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:55:00.0117 4760 HomeGroupProvider - ok
13:55:00.0149 4760 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:55:00.0163 4760 HpSAMD - ok
13:55:00.0187 4760 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:55:00.0231 4760 HTTP - ok
13:55:00.0248 4760 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:55:00.0255 4760 hwpolicy - ok
13:55:00.0269 4760 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:55:00.0278 4760 i8042prt - ok
13:55:00.0294 4760 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:55:00.0313 4760 iaStorV - ok
13:55:00.0379 4760 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:55:00.0414 4760 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:55:00.0414 4760 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:55:00.0444 4760 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:55:00.0476 4760 idsvc - ok
13:55:00.0492 4760 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:55:00.0504 4760 iirsp - ok
13:55:00.0525 4760 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:55:00.0569 4760 IKEEXT - ok
13:55:00.0594 4760 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:55:00.0605 4760 intelide - ok
13:55:00.0620 4760 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:55:00.0630 4760 intelppm - ok
13:55:00.0646 4760 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:55:00.0669 4760 IPBusEnum - ok
13:55:00.0688 4760 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:55:00.0737 4760 IpFilterDriver - ok
13:55:00.0776 4760 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:55:00.0789 4760 iphlpsvc - ok
13:55:00.0804 4760 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:55:00.0815 4760 IPMIDRV - ok
13:55:00.0825 4760 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:55:00.0872 4760 IPNAT - ok
13:55:00.0894 4760 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:55:00.0925 4760 IRENUM - ok
13:55:00.0944 4760 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:55:00.0957 4760 isapnp - ok
13:55:00.0968 4760 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:55:00.0985 4760 iScsiPrt - ok
13:55:01.0020 4760 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
13:55:01.0030 4760 iusb3hub - ok
13:55:01.0047 4760 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
13:55:01.0061 4760 iusb3xhc - ok
13:55:01.0078 4760 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:55:01.0086 4760 kbdclass - ok
13:55:01.0126 4760 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:55:01.0165 4760 kbdhid - ok
13:55:01.0186 4760 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:55:01.0195 4760 KeyIso - ok
13:55:01.0251 4760 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
13:55:01.0263 4760 kl1 - ok
13:55:01.0334 4760 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
13:55:01.0346 4760 KLIF - ok
13:55:01.0406 4760 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
13:55:01.0413 4760 KLIM6 - ok
13:55:01.0450 4760 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
13:55:01.0457 4760 klkbdflt - ok
13:55:01.0472 4760 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
13:55:01.0479 4760 klmouflt - ok
13:55:01.0491 4760 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
13:55:01.0498 4760 kltdi - ok
13:55:01.0513 4760 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
13:55:01.0521 4760 kneps - ok
13:55:01.0554 4760 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:55:01.0561 4760 KSecDD - ok
13:55:01.0569 4760 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:55:01.0578 4760 KSecPkg - ok
13:55:01.0590 4760 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:55:01.0630 4760 ksthunk - ok
13:55:01.0659 4760 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:55:01.0694 4760 KtmRm - ok
13:55:01.0729 4760 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
13:55:01.0743 4760 L1C - ok
13:55:01.0763 4760 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:55:01.0804 4760 LanmanServer - ok
13:55:01.0828 4760 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:55:01.0873 4760 LanmanWorkstation - ok
13:55:01.0905 4760 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:55:01.0949 4760 lltdio - ok
13:55:01.0978 4760 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:55:02.0030 4760 lltdsvc - ok
13:55:02.0050 4760 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:55:02.0072 4760 lmhosts - ok
13:55:02.0090 4760 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:55:02.0104 4760 LSI_FC - ok
13:55:02.0107 4760 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:55:02.0121 4760 LSI_SAS - ok
13:55:02.0139 4760 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:55:02.0152 4760 LSI_SAS2 - ok
13:55:02.0159 4760 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:55:02.0173 4760 LSI_SCSI - ok
13:55:02.0194 4760 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:55:02.0216 4760 luafv - ok
13:55:02.0258 4760 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
13:55:02.0284 4760 McComponentHostService - ok
13:55:02.0307 4760 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:55:02.0323 4760 Mcx2Svc - ok
13:55:02.0336 4760 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:55:02.0343 4760 megasas - ok
13:55:02.0358 4760 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:55:02.0370 4760 MegaSR - ok
13:55:02.0402 4760 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:55:02.0409 4760 MEIx64 - ok
13:55:02.0428 4760 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:55:02.0473 4760 MMCSS - ok
13:55:02.0493 4760 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:55:02.0534 4760 Modem - ok
13:55:02.0561 4760 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:55:02.0588 4760 monitor - ok
13:55:02.0616 4760 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:55:02.0624 4760 mouclass - ok
13:55:02.0644 4760 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:55:02.0674 4760 mouhid - ok
13:55:02.0716 4760 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:55:02.0724 4760 mountmgr - ok
13:55:02.0761 4760 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:55:02.0783 4760 MozillaMaintenance - ok
13:55:02.0793 4760 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:55:02.0808 4760 mpio - ok
13:55:02.0824 4760 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:55:02.0847 4760 mpsdrv - ok
13:55:02.0874 4760 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:55:02.0923 4760 MpsSvc - ok
13:55:02.0954 4760 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:55:02.0988 4760 MRxDAV - ok
13:55:03.0019 4760 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:55:03.0046 4760 mrxsmb - ok
13:55:03.0066 4760 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:55:03.0093 4760 mrxsmb10 - ok
13:55:03.0123 4760 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:55:03.0153 4760 mrxsmb20 - ok
13:55:03.0177 4760 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:55:03.0195 4760 msahci - ok
13:55:03.0222 4760 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:55:03.0244 4760 msdsm - ok
13:55:03.0256 4760 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:55:03.0276 4760 MSDTC - ok
13:55:03.0293 4760 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:55:03.0321 4760 Msfs - ok
13:55:03.0339 4760 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:55:03.0378 4760 mshidkmdf - ok
13:55:03.0394 4760 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:55:03.0402 4760 msisadrv - ok
13:55:03.0419 4760 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:55:03.0449 4760 MSiSCSI - ok
13:55:03.0451 4760 msiserver - ok
13:55:03.0473 4760 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:55:03.0500 4760 MSKSSRV - ok
13:55:03.0512 4760 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:55:03.0555 4760 MSPCLOCK - ok
13:55:03.0574 4760 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:55:03.0617 4760 MSPQM - ok
13:55:03.0648 4760 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:55:03.0658 4760 MsRPC - ok
13:55:03.0668 4760 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:55:03.0675 4760 mssmbios - ok
13:55:03.0687 4760 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:55:03.0737 4760 MSTEE - ok
13:55:03.0756 4760 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:55:03.0768 4760 MTConfig - ok
13:55:03.0782 4760 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:55:03.0790 4760 Mup - ok
13:55:03.0809 4760 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:55:03.0853 4760 napagent - ok
13:55:03.0882 4760 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:55:03.0912 4760 NativeWifiP - ok
13:55:03.0949 4760 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:55:03.0965 4760 NDIS - ok
13:55:03.0997 4760 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:55:04.0020 4760 NdisCap - ok
13:55:04.0057 4760 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:55:04.0119 4760 NdisTapi - ok
13:55:04.0159 4760 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:55:04.0182 4760 Ndisuio - ok
13:55:04.0202 4760 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:55:04.0243 4760 NdisWan - ok
13:55:04.0274 4760 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:55:04.0315 4760 NDProxy - ok
13:55:04.0349 4760 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:55:04.0436 4760 NetBIOS - ok
13:55:04.0467 4760 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:55:04.0555 4760 NetBT - ok
13:55:04.0599 4760 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:55:04.0616 4760 Netlogon - ok
13:55:04.0638 4760 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:55:04.0691 4760 Netman - ok
13:55:04.0698 4760 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:55:04.0782 4760 netprofm - ok
13:55:04.0828 4760 [ 53D7442AA919C91D055DBD44635F32B1 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
13:55:04.0848 4760 netr28ux - ok
13:55:04.0869 4760 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:55:04.0878 4760 NetTcpPortSharing - ok
13:55:04.0902 4760 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:55:04.0914 4760 nfrd960 - ok
13:55:04.0931 4760 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:55:04.0965 4760 NlaSvc - ok
13:55:05.0012 4760 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
13:55:05.0019 4760 NPF - ok
13:55:05.0023 4760 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:55:05.0062 4760 Npfs - ok
13:55:05.0091 4760 npggsvc - ok
13:55:05.0113 4760 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:55:05.0174 4760 nsi - ok
13:55:05.0186 4760 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:55:05.0233 4760 nsiproxy - ok
13:55:05.0275 4760 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:55:05.0315 4760 Ntfs - ok
13:55:05.0322 4760 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:55:05.0358 4760 Null - ok
13:55:05.0405 4760 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:55:05.0420 4760 nvraid - ok
13:55:05.0428 4760 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:55:05.0439 4760 nvstor - ok
13:55:05.0446 4760 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:55:05.0461 4760 nv_agp - ok
13:55:05.0474 4760 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:55:05.0499 4760 ohci1394 - ok
13:55:05.0523 4760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:55:05.0534 4760 p2pimsvc - ok
13:55:05.0548 4760 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:55:05.0559 4760 p2psvc - ok
13:55:05.0577 4760 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:55:05.0592 4760 Parport - ok
13:55:05.0609 4760 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:55:05.0617 4760 partmgr - ok
13:55:05.0629 4760 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:55:05.0663 4760 PcaSvc - ok
13:55:05.0687 4760 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:55:05.0696 4760 pci - ok
13:55:05.0699 4760 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:55:05.0706 4760 pciide - ok
13:55:05.0725 4760 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:55:05.0742 4760 pcmcia - ok
13:55:05.0755 4760 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:55:05.0763 4760 pcw - ok
13:55:05.0778 4760 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:55:05.0814 4760 PEAUTH - ok
13:55:05.0864 4760 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:55:05.0913 4760 PerfHost - ok
13:55:06.0032 4760 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:55:06.0091 4760 pla - ok
13:55:06.0133 4760 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:55:06.0144 4760 PlugPlay - ok
13:55:06.0156 4760 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:55:06.0184 4760 PNRPAutoReg - ok
13:55:06.0214 4760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:55:06.0226 4760 PNRPsvc - ok
13:55:06.0250 4760 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
13:55:06.0262 4760 Point64 - ok
13:55:06.0278 4760 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:55:06.0325 4760 PolicyAgent - ok
13:55:06.0349 4760 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:55:06.0395 4760 Power - ok
13:55:06.0432 4760 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:55:06.0488 4760 PptpMiniport - ok
13:55:06.0505 4760 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:55:06.0535 4760 Processor - ok
13:55:06.0580 4760 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:55:06.0607 4760 ProfSvc - ok
13:55:06.0630 4760 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:55:06.0639 4760 ProtectedStorage - ok
13:55:06.0668 4760 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:55:06.0710 4760 Psched - ok
13:55:06.0763 4760 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:55:06.0822 4760 ql2300 - ok
13:55:06.0836 4760 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:55:06.0846 4760 ql40xx - ok
13:55:06.0862 4760 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:55:06.0874 4760 QWAVE - ok
13:55:06.0884 4760 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:55:06.0910 4760 QWAVEdrv - ok
13:55:06.0970 4760 [ 3FC8252625F2574036777D2981F839EE ] RalinkRegistryWriter C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
13:55:06.0978 4760 RalinkRegistryWriter - ok
13:55:07.0005 4760 [ 3A6F58A249DF7466F9844F70499627F7 ] RalinkRegistryWriter64 C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
13:55:07.0014 4760 RalinkRegistryWriter64 - ok
13:55:07.0021 4760 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:55:07.0048 4760 RasAcd - ok
13:55:07.0074 4760 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:55:07.0116 4760 RasAgileVpn - ok
13:55:07.0130 4760 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:55:07.0175 4760 RasAuto - ok
13:55:07.0197 4760 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:55:07.0237 4760 Rasl2tp - ok
13:55:07.0268 4760 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:55:07.0293 4760 RasMan - ok
13:55:07.0304 4760 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:55:07.0347 4760 RasPppoe - ok
13:55:07.0368 4760 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:55:07.0426 4760 RasSstp - ok
13:55:07.0458 4760 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:55:07.0483 4760 rdbss - ok
13:55:07.0493 4760 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:55:07.0507 4760 rdpbus - ok
13:55:07.0513 4760 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:55:07.0535 4760 RDPCDD - ok
13:55:07.0551 4760 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:55:07.0572 4760 RDPENCDD - ok
13:55:07.0581 4760 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:55:07.0603 4760 RDPREFMP - ok
13:55:07.0621 4760 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:55:07.0649 4760 RDPWD - ok
13:55:07.0672 4760 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:55:07.0681 4760 rdyboost - ok
13:55:07.0701 4760 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:55:07.0742 4760 RemoteAccess - ok
13:55:07.0763 4760 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:55:07.0807 4760 RemoteRegistry - ok
13:55:07.0842 4760 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
13:55:07.0851 4760 rpcapd - ok
13:55:07.0874 4760 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:55:07.0898 4760 RpcEptMapper - ok
13:55:07.0906 4760 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:55:07.0938 4760 RpcLocator - ok
13:55:07.0961 4760 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:55:07.0986 4760 RpcSs - ok
13:55:08.0026 4760 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:55:08.0049 4760 rspndr - ok
13:55:08.0079 4760 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:55:08.0088 4760 SamSs - ok
13:55:08.0104 4760 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:55:08.0114 4760 sbp2port - ok
13:55:08.0132 4760 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:55:08.0174 4760 SCardSvr - ok
13:55:08.0205 4760 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:55:08.0244 4760 scfilter - ok
13:55:08.0280 4760 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:55:08.0328 4760 Schedule - ok
13:55:08.0356 4760 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:55:08.0378 4760 SCPolicySvc - ok
13:55:08.0397 4760 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:55:08.0427 4760 SDRSVC - ok
13:55:08.0453 4760 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:55:08.0493 4760 secdrv - ok
13:55:08.0513 4760 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:55:08.0535 4760 seclogon - ok
13:55:08.0559 4760 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:55:08.0582 4760 SENS - ok
13:55:08.0590 4760 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:55:08.0611 4760 SensrSvc - ok
13:55:08.0627 4760 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:55:08.0661 4760 Serenum - ok
13:55:08.0697 4760 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:55:08.0725 4760 Serial - ok
13:55:08.0755 4760 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:55:08.0786 4760 sermouse - ok
13:55:08.0817 4760 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:55:08.0841 4760 SessionEnv - ok
13:55:08.0856 4760 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:55:08.0894 4760 sffdisk - ok
13:55:08.0918 4760 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:55:08.0932 4760 sffp_mmc - ok
13:55:08.0939 4760 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:55:08.0970 4760 sffp_sd - ok
13:55:08.0993 4760 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:55:09.0026 4760 sfloppy - ok
13:55:09.0085 4760 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:55:09.0116 4760 SharedAccess - ok
13:55:09.0127 4760 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:55:09.0169 4760 ShellHWDetection - ok
13:55:09.0187 4760 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:55:09.0198 4760 SiSRaid2 - ok
13:55:09.0211 4760 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:55:09.0220 4760 SiSRaid4 - ok
13:55:09.0297 4760 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:55:09.0410 4760 Skype C2C Service - ok
13:55:09.0449 4760 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:55:09.0526 4760 SkypeUpdate - ok
13:55:09.0552 4760 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:55:09.0593 4760 Smb - ok
13:55:09.0640 4760 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:55:09.0695 4760 SNMPTRAP - ok
13:55:09.0730 4760 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:55:09.0737 4760 spldr - ok
13:55:09.0852 4760 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:55:09.0891 4760 Spooler - ok
13:55:09.0948 4760 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:55:10.0003 4760 sppsvc - ok
13:55:10.0024 4760 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:55:10.0085 4760 sppuinotify - ok
13:55:10.0122 4760 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:55:10.0151 4760 srv - ok
13:55:10.0188 4760 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:55:10.0215 4760 srv2 - ok
13:55:10.0244 4760 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:55:10.0278 4760 srvnet - ok
13:55:10.0313 4760 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
13:55:10.0326 4760 ssadbus - ok
13:55:10.0334 4760 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:55:10.0343 4760 ssadmdfl - ok
13:55:10.0355 4760 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
13:55:10.0392 4760 ssadmdm - ok
13:55:10.0422 4760 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
13:55:10.0454 4760 ssadserd - ok
13:55:10.0475 4760 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:55:10.0524 4760 SSDPSRV - ok
13:55:10.0546 4760 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:55:10.0569 4760 SstpSvc - ok
13:55:10.0585 4760 Steam Client Service - ok
13:55:10.0599 4760 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:55:10.0610 4760 stexstor - ok
13:55:10.0661 4760 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:55:10.0710 4760 stisvc - ok
13:55:10.0732 4760 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:55:10.0740 4760 swenum - ok
13:55:10.0758 4760 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:55:10.0799 4760 swprv - ok
13:55:10.0851 4760 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:55:10.0892 4760 SysMain - ok
13:55:10.0928 4760 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:55:10.0942 4760 TabletInputService - ok
13:55:10.0956 4760 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:55:10.0998 4760 TapiSrv - ok
13:55:11.0017 4760 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:55:11.0056 4760 TBS - ok
13:55:11.0125 4760 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:55:11.0166 4760 Tcpip - ok
13:55:11.0200 4760 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:55:11.0225 4760 TCPIP6 - ok
13:55:11.0238 4760 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:55:11.0264 4760 tcpipreg - ok
13:55:11.0287 4760 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:55:11.0316 4760 TDPIPE - ok
13:55:11.0344 4760 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:55:11.0357 4760 TDTCP - ok
13:55:11.0388 4760 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:55:11.0410 4760 tdx - ok
13:55:11.0421 4760 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:55:11.0429 4760 TermDD - ok
13:55:11.0447 4760 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:55:11.0474 4760 TermService - ok
13:55:11.0487 4760 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:55:11.0514 4760 Themes - ok
13:55:11.0544 4760 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:55:11.0567 4760 THREADORDER - ok
13:55:11.0586 4760 [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr C:\Windows\System32\tlntsvr.exe
13:55:11.0614 4760 TlntSvr - ok
13:55:11.0652 4760 [ 25F16B72A7CC494EAC01A90A44218456 ] TpMediaServer C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe
13:55:11.0666 4760 TpMediaServer - ok
13:55:11.0676 4760 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:55:11.0700 4760 TrkWks - ok
13:55:11.0730 4760 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:55:11.0761 4760 TrustedInstaller - ok
13:55:11.0783 4760 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:55:11.0805 4760 tssecsrv - ok
13:55:11.0848 4760 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:55:11.0878 4760 TsUsbFlt - ok
13:55:11.0915 4760 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:55:11.0955 4760 tunnel - ok
13:55:11.0991 4760 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:55:12.0013 4760 uagp35 - ok
13:55:12.0060 4760 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:55:12.0095 4760 udfs - ok
13:55:12.0151 4760 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:55:12.0180 4760 UI0Detect - ok
13:55:12.0215 4760 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:55:12.0224 4760 uliagpkx - ok
13:55:12.0253 4760 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:55:12.0284 4760 umbus - ok
13:55:12.0304 4760 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:55:12.0314 4760 UmPass - ok
13:55:12.0339 4760 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:55:12.0382 4760 upnphost - ok
13:55:12.0407 4760 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:55:12.0435 4760 usbccgp - ok
13:55:12.0453 4760 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:55:12.0486 4760 usbcir - ok
13:55:12.0508 4760 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:55:12.0536 4760 usbehci - ok
13:55:12.0558 4760 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:55:12.0587 4760 usbhub - ok
13:55:12.0604 4760 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:55:12.0633 4760 usbohci - ok
13:55:12.0655 4760 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:55:12.0690 4760 usbprint - ok
13:55:12.0710 4760 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:55:12.0719 4760 USBSTOR - ok
13:55:12.0729 4760 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:55:12.0778 4760 usbuhci - ok
13:55:12.0804 4760 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:55:12.0848 4760 UxSms - ok
13:55:12.0874 4760 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:55:12.0883 4760 VaultSvc - ok
13:55:12.0932 4760 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:55:12.0940 4760 vdrvroot - ok
13:55:12.0961 4760 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:55:13.0003 4760 vds - ok
13:55:13.0025 4760 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:55:13.0040 4760 vga - ok
13:55:13.0067 4760 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:55:13.0090 4760 VgaSave - ok
13:55:13.0106 4760 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:55:13.0115 4760 vhdmp - ok
13:55:13.0123 4760 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:55:13.0135 4760 viaide - ok
13:55:13.0145 4760 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:55:13.0153 4760 volmgr - ok
13:55:13.0172 4760 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:55:13.0183 4760 volmgrx - ok
13:55:13.0197 4760 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:55:13.0206 4760 volsnap - ok
13:55:13.0230 4760 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:55:13.0244 4760 vsmraid - ok
13:55:13.0288 4760 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:55:13.0323 4760 VSS - ok
13:55:13.0336 4760 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:55:13.0346 4760 vwifibus - ok
13:55:13.0354 4760 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:55:13.0392 4760 vwififlt - ok
13:55:13.0434 4760 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:55:13.0472 4760 vwifimp - ok
13:55:13.0513 4760 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:55:13.0556 4760 W32Time - ok
13:55:13.0580 4760 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:55:13.0608 4760 WacomPen - ok
13:55:13.0644 4760 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:55:13.0689 4760 WANARP - ok
13:55:13.0707 4760 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:55:13.0730 4760 Wanarpv6 - ok
13:55:13.0753 4760 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:55:13.0786 4760 wbengine - ok
13:55:13.0791 4760 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:55:13.0804 4760 WbioSrvc - ok
13:55:13.0834 4760 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:55:13.0848 4760 wcncsvc - ok
13:55:13.0861 4760 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:55:13.0870 4760 WcsPlugInService - ok
13:55:13.0881 4760 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:55:13.0889 4760 Wd - ok
13:55:13.0926 4760 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:55:13.0940 4760 Wdf01000 - ok
13:55:13.0950 4760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:55:14.0005 4760 WdiServiceHost - ok
13:55:14.0009 4760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:55:14.0022 4760 WdiSystemHost - ok
13:55:14.0056 4760 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:55:14.0088 4760 WebClient - ok
13:55:14.0114 4760 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:55:14.0159 4760 Wecsvc - ok
13:55:14.0185 4760 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:55:14.0226 4760 wercplsupport - ok
13:55:14.0259 4760 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:55:14.0282 4760 WerSvc - ok
13:55:14.0291 4760 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:55:14.0313 4760 WfpLwf - ok
13:55:14.0325 4760 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:55:14.0333 4760 WIMMount - ok
13:55:14.0346 4760 WinDefend - ok
13:55:14.0349 4760 WinHttpAutoProxySvc - ok
13:55:14.0380 4760 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:55:14.0404 4760 Winmgmt - ok
13:55:14.0441 4760 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:55:14.0477 4760 WinRM - ok
13:55:14.0498 4760 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:55:14.0517 4760 Wlansvc - ok
13:55:14.0535 4760 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:55:14.0568 4760 WmiAcpi - ok
13:55:14.0596 4760 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:55:14.0624 4760 wmiApSrv - ok
13:55:14.0648 4760 WMPNetworkSvc - ok
13:55:14.0665 4760 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:55:14.0674 4760 WPCSvc - ok
13:55:14.0696 4760 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:55:14.0707 4760 WPDBusEnum - ok
13:55:14.0715 4760 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:55:14.0760 4760 ws2ifsl - ok
13:55:14.0783 4760 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:55:14.0817 4760 wscsvc - ok
13:55:14.0819 4760 WSearch - ok
13:55:14.0894 4760 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:55:14.0944 4760 wuauserv - ok
13:55:14.0960 4760 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:55:14.0972 4760 WudfPf - ok
13:55:15.0003 4760 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:55:15.0015 4760 WUDFRd - ok
13:55:15.0023 4760 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:55:15.0050 4760 wudfsvc - ok
13:55:15.0070 4760 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:55:15.0102 4760 WwanSvc - ok
13:55:15.0125 4760 ================ Scan global ===============================
13:55:15.0143 4760 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:55:15.0169 4760 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:55:15.0177 4760 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:55:15.0201 4760 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:55:15.0214 4760 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:55:15.0217 4760 [Global] - ok
13:55:15.0217 4760 ================ Scan MBR ==================================
13:55:15.0227 4760 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:55:15.0303 4760 \Device\Harddisk0\DR0 - ok
13:55:15.0306 4760 [ 0FC924A0DCA9AE3DECE7129BEE4D474B ] \Device\Harddisk1\DR1
13:55:18.0687 4760 \Device\Harddisk1\DR1 - ok
13:55:18.0687 4760 ================ Scan VBR ==================================
13:55:18.0707 4760 [ 54ED33547CC659018B00F5002531AD76 ] \Device\Harddisk0\DR0\Partition1
13:55:18.0707 4760 \Device\Harddisk0\DR0\Partition1 - ok
13:55:18.0713 4760 [ 8ACA1D6651261D00377F09D39DE6554B ] \Device\Harddisk0\DR0\Partition2
13:55:18.0714 4760 \Device\Harddisk0\DR0\Partition2 - ok
13:55:18.0719 4760 [ 3059E20963AFA8B418CCBC82DAB956C9 ] \Device\Harddisk0\DR0\Partition3
13:55:18.0721 4760 \Device\Harddisk0\DR0\Partition3 - ok
13:55:18.0721 4760 ============================================================
13:55:18.0721 4760 Scan finished
13:55:18.0721 4760 ============================================================
13:55:18.0727 2868 Detected object count: 1
13:55:18.0727 2868 Actual detected object count: 1
13:55:24.0800 2868 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:24.0800 2868 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.12.2012, 14:26
| #6 | |
| /// Malware-holic | Pc / INternet langsam Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Pc / INternet langsam |
|
21.12.2012, 15:23
| #7 |
| | Pc / INternet langsamCode:
ATTFilter ComboFix 12-12-20.02 - Dustin 21.12.2012 15:08:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8154.6585 [GMT 1:00]
ausgeführt von:: c:\users\Dustin\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Anti-Virus *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\RelevantKnowledge
c:\program files (x86)\RelevantKnowledge\explorer (2).exe
c:\program files (x86)\RelevantKnowledge\explorer.exe
c:\users\Dustin\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-21 bis 2012-12-21 ))))))))))))))))))))))))))))))
.
.
2012-12-21 11:59 . 2012-12-21 11:59 -------- d-----w- C:\_OTL
2012-12-21 08:31 . 2012-12-21 08:31 388096 ----a-r- c:\users\Dustin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-21 08:31 . 2012-12-21 08:31 -------- d-----w- c:\program files (x86)\Trend Micro
2012-12-21 08:26 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 08:26 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 08:26 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 08:26 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 08:19 . 2012-07-11 16:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2012-12-21 08:18 . 2012-12-21 08:18 -------- d-----w- c:\windows\ELAMBKUP
2012-12-21 08:18 . 2012-12-21 14:12 -------- d-----w- c:\programdata\Kaspersky Lab
2012-12-21 08:18 . 2012-12-21 08:18 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-12-21 08:18 . 2012-12-21 08:40 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2012-12-21 08:18 . 2012-08-13 17:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-12-21 07:25 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4453D7B-E248-421F-BB95-21116704D11D}\mpengine.dll
2012-12-15 18:57 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-15 18:57 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-15 18:57 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-10 18:39 . 2012-12-10 18:39 -------- d-----w- c:\users\Dustin\AppData\Roaming\Audio Recorder for Free
2012-12-10 18:38 . 2012-12-10 18:38 -------- d-----w- c:\program files (x86)\Audio Recorder for Free
2012-12-10 18:38 . 2005-05-18 10:52 1212416 ----a-w- c:\windows\SysWow64\NCTAudioInformation2.dll
2012-12-10 18:38 . 2005-05-17 11:37 1986560 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll
2012-12-10 18:38 . 2005-04-25 12:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioRecord2.dll
2012-12-10 18:38 . 2005-04-25 12:01 458752 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll
2012-12-10 18:38 . 2005-04-15 11:08 880640 ----a-w- c:\windows\SysWow64\NCTAudioEditor2.dll
2012-12-10 18:38 . 2005-04-04 16:21 602112 ----a-w- c:\windows\SysWow64\NCTAudioTransform2.dll
2012-12-10 18:38 . 2005-03-28 14:54 479232 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2012-12-10 18:38 . 2005-03-28 14:52 417792 ----a-w- c:\windows\SysWow64\NCTTextToAudio2.dll
2012-12-10 18:38 . 2005-02-24 10:51 348160 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll
2012-12-10 18:38 . 2004-11-04 12:31 835584 ----a-w- c:\windows\SysWow64\NCTAudioCDGrabber2.dll
2012-12-10 18:38 . 2002-01-05 15:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-12-09 12:38 . 2012-12-09 12:46 -------- d-----w- c:\users\Dustin\Ekahau Site Survey
2012-12-09 12:36 . 2012-12-09 12:36 -------- d-----w- c:\program files\Ekahau
2012-11-29 19:33 . 2012-11-29 19:33 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2012-11-28 17:49 . 2012-05-31 11:25 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-21 08:40 . 2012-07-25 13:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-12-21 08:40 . 2012-06-08 10:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-12-21 08:40 . 2012-05-25 18:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-12-15 20:51 . 2012-07-03 06:42 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 20:49 . 2012-07-03 13:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 20:49 . 2012-07-03 13:13 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-02 14:38 . 2012-11-02 14:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-11-02 14:38 . 2012-11-02 14:38 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-11-02 14:38 . 2012-11-02 14:38 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-11-02 14:38 . 2012-11-02 14:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-11-02 14:38 . 2012-11-02 14:38 50856 ----a-w- c:\windows\system32\drivers\point64.sys
2012-11-02 14:38 . 2012-11-02 14:38 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-11-02 14:38 . 2012-11-02 14:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-11-02 14:38 . 2012-11-02 14:38 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 13:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:33 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 02:48 . 2012-10-15 02:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-09 18:17 . 2012-11-15 22:01 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 22:01 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 22:01 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 22:01 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-05 02:32 . 2012-10-05 02:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-15 18:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 22:01 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 22:01 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 22:01 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 22:01 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 22:01 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 22:01 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 22:01 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 22:01 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 22:01 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 22:01 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 22:01 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 01:30 . 2012-10-02 01:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-28 21:32 . 2012-09-28 21:32 2177688 ----a-w- c:\windows\system32\coin92.dll
2012-09-25 22:47 . 2012-11-15 22:00 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 22:00 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-02 21432]
"Spotify Web Helper"="c:\users\Dustin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-12-21 356376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
TP-LINK Wireless Client Utility.lnk - c:\program files (x86)\TP-LINK\COMMON\TWCU.exe [2012-9-5 10918400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-01 1340976]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 TpMediaServer;TpMediaServer;c:\program files (x86)\TP-LINK\COMMON\RaMediaServer.exe [2011-03-14 619872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-21 31080]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-12-21 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [2012-03-23 27288]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\TP-LINK\COMMON\RaRegistry64.exe [2011-03-14 451936]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-01-06 59392]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-01-06 84608]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-12-21 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-12-21 29528]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 20:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchnu.com/406
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\4a9djrri.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://rautemusik-club.radio.de/
FF - prefs.js: network.proxy.ftp - 213.197.182.78
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 213.197.182.78
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 213.197.182.78
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 213.197.182.78
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-09 22:01; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\4a9djrri.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-11-24 09:41; stealthyextension@gmail.com; c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\4a9djrri.default\extensions\stealthyextension@gmail.com.xpi
FF - ExtSQL: 2012-12-21 09:18; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2012-12-21 09:18; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2012-12-21 09:18; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\SEARCH~1\Datamngr\BROWSE~1.DLL
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\SEARCH~1\Datamngr\DATAMN~1.EXE
AddRemove-Searchqu Toolbar - c:\program files (x86)\Searchqu Toolbar\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\TP-LINK\COMMON\RaRegistry.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-21 15:18:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-21 14:18
.
Vor Suchlauf: 9 Verzeichnis(se), 750.055.473.152 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 749.927.976.960 Bytes frei
.
- - End Of File - - AEAD7CB9BACB2EF42906EEE7FBF4684E
|
|
21.12.2012, 15:35
| #8 |
| /// Malware-holic | Pc / INternet langsam Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 17:04
| #9 |
| | Pc / INternet langsamCode:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.21.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dustin :: DUSTIN-PC [Administrator] 21.12.2012 16:14:40 mbam-log-2012-12-21 (16-14-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 363029 Laufzeit: 31 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\explorer (2).exe.vir (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\explorer.exe.vir (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
21.12.2012, 17:12
| #10 |
| /// Malware-holic | Pc / INternet langsam Hi, lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 19:01
| #11 |
| | Pc / INternet langsam Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.12.2012 6,00MB 11.5.502.135 notwedig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.12.2012 6,00MB 11.5.502.135 notwedig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 30.08.2012 121MB 10.1.4 notwedig ATI Catalyst Install Manager ATI Technologies, Inc. 03.07.2012 22,1MB 3.0.758.0 Notwedig Audio Recorder for Free v12.9.8 Copyright(C) 2006-2012 AudioToolMedia Software. 10.12.2012 23,5MB ? AVG 2013 AVG Technologies 08.11.2012 2013.0.2793 notwedig ? ( eventuell bessere ? ) CCleaner Piriform 25.11.2012 3.25 Notwendig Cisco EAP-FAST Module Cisco Systems, Inc. 05.09.2012 1,55MB 2.2.14 ? Cisco LEAP Module Cisco Systems, Inc. 05.09.2012 644KB 1.0.19 ? Cisco PEAP Module Cisco Systems, Inc. 05.09.2012 1,23MB 1.1.6 ? Ekahau HeatMapper Ekahau Inc. 09.12.2012 131MB 1.1.4.39795 notwedig Flyff Gala Networks Europe Limited 09.11.2012 Flyff notwedig HiJackThis Trend Micro 21.12.2012 369KB 1.0.0 nicht notwedig ICQ7M ICQ 22.07.2012 7.8 notwedig Java 7 Update 6 Oracle 30.08.2012 128MB 7.0.60 (denke) notwedig Kaspersky Anti-Virus 2013 Kaspersky Lab 21.12.2012 13.0.1.4190 heute installliert für virus League of Legends Riot Games 03.07.2012 1.3 notwedig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 21.12.2012 19,4MB 1.65.1.1000 heute installiert McAfee Security Scan Plus McAfee, Inc. 31.08.2012 10,2MB 3.0.207.4 nicht notwedig ? Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.07.2012 38,8MB 4.0.30320 ???? Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.07.2012 2,93MB 4.0.30320 ???? Microsoft Office Excel Viewer Microsoft Corporation 04.11.2012 71,0MB 12.0.6219.1000 notwedig Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 05.09.2012 90,8MB 12.0.4518.1014 ???? Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.07.2012 428KB 8.0.56336 ???? Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 03.07.2012 780KB 9.0.30729.4148 ???? Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.07.2012 240KB 9.0.30729 ???? Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 03.07.2012 596KB 9.0.30729.4148 ???? Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 26.10.2012 11,1MB 10.0.40219 ???? Microsoft-Maus- und Tastatur-Center Microsoft Corporation 29.11.2012 2.0.162.0 nicht notwedig Mozilla Firefox 17.0.1 (x86 de) Mozilla 07.12.2012 46,3MB 17.0.1 notwedig Mozilla Maintenance Service Mozilla 07.12.2012 329KB 17.0.1 ???? Pando Media Booster Pando Networks Inc. 31.08.2012 5,46MB 2.6.0.8 notwedig Realtek Ethernet Controller Driver Realtek 03.07.2012 7.49.927.2011 ?`????? Samsung Kies Samsung Electronics Co., Ltd. 27.07.2012 210MB 2.3.2.12064_9 notwedig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 27.07.2012 42,9MB 1.5.6.0 notwedig Skype Click to Call Skype Technologies S.A. 22.08.2012 29,2MB 6.2.10687 notwedig Skype™ 5.10 Skype Technologies S.A. 22.08.2012 19,4MB 5.10.116 notwedig Spotify Spotify AB 27.10.2012 0.8.5.1333.g822e0de8 notwedig StarCraft II Blizzard Entertainment 27.10.2012 1.5.3.23260 notwedig Steam Valve 23.07.2012 42,1MB 1.0.0.0 notwedig TeamSpeak 3 Client TeamSpeak Systems GmbH 31.08.2012 3.0.8.1 notwedig Technitium MAC Address Changer v6.0.3 Technitium 31.08.2012 6.0.3 notwedig TP-LINK Wireless Client Utility TP-LINK 05.09.2012 1.0.0.0 notwedig Visual Studio 2008 x64 Redistributables AVG Technologies 03.07.2012 11,7MB 10.0.0.2 ????? Visual Studio 2010 x64 Redistributables AVG Technologies 26.10.2012 12,4MB 13.0.0.1 ?????? Warcraft III Blizzard Entertainment 31.08.2012 notwedig Windows Media Player Firefox Plugin Microsoft Corp 31.08.2012 296KB 1.0.0.8 notwedig WinPcap 4.1.2 CACE Technologies 31.08.2012 4.1.0.2001 ??????? WinRAR 4.20 (32-Bit) win.rar GmbH 31.08.2012 4.20.0 notwedig Wireshark 1.8.1 (32-bit) The Wireshark developer community, hxxp://www.wireshark.org 31.08.2012 83,5MB 1.8.1 ? ?????? |
|
21.12.2012, 19:06
| #12 |
| /// Malware-holic | Pc / INternet langsam Hi deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Audio Recorder HiJackThis : finger weg von HJT unter win7 das Programm wird nicht mehr weiterentwickelt, und es kann zu Fehlern bei der Analyse kommen Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: McAfee WinPcap Wireshark Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 21:31
| #13 |
| | Pc / INternet langsamCode:
ATTFilter # AdwCleaner v2.101 - Datei am 21/12/2012 um 21:30:46 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dustin - DUSTIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dustin\Downloads\adwcleaner(1).exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\Users\Dustin\AppData\LocalLow\Searchqutoolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\IGearSettings
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\Software\SearchquMediabarTb
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\4a9djrri.default\prefs.js
Gefunden : user_pref("CT3242337.1000082.isPlayDisplay", "true");
Gefunden : user_pref("CT3242337.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gefunden : user_pref("CT3242337.1000234.TWC_TMP_city", "");
Gefunden : user_pref("CT3242337.1000234.TWC_TMP_country", "DE");
Gefunden : user_pref("CT3242337.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT3242337.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT3242337.FirstTime", "true");
Gefunden : user_pref("CT3242337.FirstTimeFF3", "true");
Gefunden : user_pref("CT3242337.UserID", "UN15653781204450368");
Gefunden : user_pref("CT3242337.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT3242337.embeddedsData", "[{\"appId\":\"129888260050636624\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT3242337.enableAlerts", "never");
Gefunden : user_pref("CT3242337.event_data", "%5B%5D");
Gefunden : user_pref("CT3242337.fired_events", "");
Gefunden : user_pref("CT3242337.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT3242337.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT3242337.fixUrls", true);
Gefunden : user_pref("CT3242337.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT3242337.isNewTabEnabled", true);
Gefunden : user_pref("CT3242337.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT3242337.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT3242337.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT3242337.key_date", "23");
Gefunden : user_pref("CT3242337.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fforum.sysprofile[...]
Gefunden : user_pref("CT3242337.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gefunden : user_pref("CT3242337.search.searchAppId", "129888260050636624");
Gefunden : user_pref("CT3242337.search.searchCount", "0");
Gefunden : user_pref("CT3242337.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT3242337.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT3242337.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT3242337.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gefunden : user_pref("CT3242337.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345146818965");
Gefunden : user_pref("CT3242337.serviceLayer_services_appTracking_lastUpdate", "1345146821967");
Gefunden : user_pref("CT3242337.serviceLayer_services_appsMetadata_lastUpdate", "1345671662218");
Gefunden : user_pref("CT3242337.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345146820870");
Gefunden : user_pref("CT3242337.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345585747206");
Gefunden : user_pref("CT3242337.serviceLayer_services_login_10.10.27.6_lastUpdate", "1345735754050");
Gefunden : user_pref("CT3242337.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13456[...]
Gefunden : user_pref("CT3242337.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13456[...]
Gefunden : user_pref("CT3242337.serviceLayer_services_optimizer_lastUpdate", "1345671662991");
Gefunden : user_pref("CT3242337.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345146820895");
Gefunden : user_pref("CT3242337.serviceLayer_services_searchAPI_lastUpdate", "1345670667824");
Gefunden : user_pref("CT3242337.serviceLayer_services_serviceMap_lastUpdate", "1345735753517");
Gefunden : user_pref("CT3242337.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345146820792");
Gefunden : user_pref("CT3242337.serviceLayer_services_toolbarSettings_lastUpdate", "1345735753604");
Gefunden : user_pref("CT3242337.serviceLayer_services_translation_lastUpdate", "1345735753665");
Gefunden : user_pref("CT3242337.settingsINI", true);
Gefunden : user_pref("CT3242337.smartbar.CTID", "CT3242337");
Gefunden : user_pref("CT3242337.smartbar.Uninstall", "0");
Gefunden : user_pref("CT3242337.smartbar.toolbarName", "WiseConvert 1.3 ");
Gefunden : user_pref("CT3242337.toolbarBornServerTime", "16-8-2012");
Gefunden : user_pref("CT3242337.toolbarCurrentServerTime", "23-8-2012");
Gefunden : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.0.5");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [12268 octets] - [21/12/2012 21:30:46]
AdwCleaner[S1].txt - [13162 octets] - [24/08/2012 22:32:55]
AdwCleaner[S2].txt - [1142 octets] - [24/08/2012 22:42:54]
########## EOF - C:\AdwCleaner[R2].txt - [12450 octets] ##########
|
|
21.12.2012, 22:11
| #14 |
| /// Malware-holic | Pc / INternet langsam Hi,
Neustarten, teste bitte, wie der PC und Programme laufen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Pc / INternet langsam |
| adobe, autorun, avg, avg secure search, bho, desktop, explorer, firefox, flash player, format, hijack, home, internet, internet langsam, kaspersky, langsam, logfile, mozilla, object, plug-in, port, scan, secure search, security, software, spotify web helper, tastatur, temp, windows |
Linear-Darstellung
