| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: hijackthis editor datei erstellt, was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.02.2013, 19:54
| #1 |
 |  hijackthis editor datei erstellt, was nun? nach etlicher recherche bin ich zu dem entschluss gekommen, dass meine brwoser deswegen so langsam arbeiten, weil ich einen trojaner auf dem rechner habe... hijackthis hat mir folgende editor datei erstellt, siehe anhang... wie geht es nun weiter? welche einträge muss ich "fixen"?? bitte helft mir :-) vielen dank schon jetzt!!! |
|
04.02.2013, 21:41
| #2 |
| /// Malware-holic   |  hijackthis editor datei erstellt, was nun? hi
__________________hijackthis kannst du gleich aus deinem Gedächtniss streichen, das wird nicht mehr weiterentwickelt und deshalb nicht mehr verwendet. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
04.02.2013, 23:12
| #3 |
| | hijackthis editor datei erstellt, was nun? Vielen, vielen Dank für deine Unterstützung :-)
__________________OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 04/02/2013 22:22:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\J\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy 1,87 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 33,17% Memory free 3,74 Gb Paging File | 2,43 Gb Available in Paging File | 64,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 152,31 Gb Free Space | 65,43% Space Free | Partition Type: NTFS Computer Name: JULIUS | User Name: J | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/04 22:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\J\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/12/04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/12/04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/12/04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/06/08 16:02:06 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe PRC - [2012/05/11 16:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2012/04/13 09:12:00 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011/12/16 12:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2011/11/04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011/07/12 17:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011/01/27 19:09:08 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe PRC - [2010/04/26 12:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2010/04/20 12:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2010/04/20 12:23:28 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe PRC - [2010/04/20 12:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2009/08/07 04:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/08/07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2011/01/27 19:09:08 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010/10/01 13:06:52 | 002,278,912 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\QtCore4.dll MOD - [2010/09/10 15:07:26 | 000,416,256 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\plugins\sqldrivers\qsqlite4.dll MOD - [2010/09/10 12:20:48 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\QtGui4.dll MOD - [2010/09/10 12:06:58 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\QtSql4.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/04/11 15:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2009/10/09 11:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/01/19 11:37:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/09 07:12:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/12/04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/06/08 16:02:06 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService) SRV - [2012/05/11 16:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2012/04/13 09:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011/07/12 15:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011/07/12 15:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010/08/25 02:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2010/04/20 12:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2010/04/20 12:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/05 09:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010/03/05 09:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2009/08/07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/12/03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/11/16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/04/11 15:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/27 02:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/09/27 13:49:05 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/09/07 13:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010/08/25 02:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010/04/22 16:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/03/17 21:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009/11/27 16:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/10/09 11:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2009/10/09 11:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2009/08/07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/28 14:35:52 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/26 03:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009/05/18 13:23:42 | 000,143,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2010/05/07 20:52:20 | 000,024,560 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020000}_0) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2001/08/18 10:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\winsock.dll -- (Winsock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 39 E0 E9 BE 00 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/02 10:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 11:36:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/11 16:34:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/11 16:34:24 | 000,000,000 | ---D | M] [2011/01/14 19:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\mozilla\Extensions [2011/01/14 19:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/09/03 19:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\vs35w62k.Geheim\extensions [2012/09/23 13:19:45 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\vs35w62k.Geheim\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2013/02/02 08:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\xhtgp919.default\extensions [2012/12/19 18:41:14 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\xhtgp919.default\extensions\zotero@chnm.gmu.edu [2013/01/27 19:48:26 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\Profiles\xhtgp919.default\extensions\zoteroWinWordIntegration@zotero.org [2011/10/17 09:16:46 | 000,002,548 | ---- | M] () -- C:\Users\J\AppData\Roaming\mozilla\firefox\profiles\xhtgp919.default\searchplugins\alibaba.xml [2013/02/02 10:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/01/16 21:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.89\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Google Docs = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: Google Mail = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [phonostarTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe () O4 - Startup: C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\J\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\J\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\J\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4695B1B1-EC87-49C8-A964-25D56BA6429F}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{eb8f61cf-ca35-11df-9c1f-c80aa9db7be5}\Shell - "" = AutoRun O33 - MountPoints2\{eb8f61cf-ca35-11df-9c1f-c80aa9db7be5}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/02/04 22:28:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013/02/04 22:26:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013/02/04 22:26:19 | 000,000,000 | ---D | C] -- C:\91b63a62ef8c53e02864 [2013/02/04 22:18:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe [2013/02/04 19:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013/02/04 19:33:59 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013/02/04 19:12:04 | 000,000,000 | ---D | C] -- C:\Users\J\Documents\Simply Super Software [2013/02/04 19:12:04 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Simply Super Software [2013/02/04 19:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013/02/04 19:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013/02/04 19:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2013/02/02 21:41:29 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2013/02/02 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Avira [2013/02/02 21:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/02/02 21:31:35 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/02/02 21:31:35 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/02/02 21:31:35 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/02/02 21:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/02/02 21:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013/02/02 13:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/02/02 13:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013/02/02 11:43:49 | 000,000,000 | ---D | C] -- C:\Users\J\Desktop\Sicherung [2013/02/02 10:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/02/02 09:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/01/19 11:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/11 16:34:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2010/11/30 19:57:34 | 000,216,576 | ---- | C] (Newtonsoft) -- C:\Users\J\Newtonsoft.Json.Compact.dll [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/04 22:18:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe [2013/02/04 22:11:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/04 21:48:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/04 21:22:05 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/04 21:22:05 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/04 21:16:22 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/04 21:16:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/04 21:16:01 | 1504,333,824 | -HS- | M] () -- C:\hiberfil.sys [2013/02/04 19:33:59 | 000,002,955 | ---- | M] () -- C:\Users\J\Desktop\HiJackThis.lnk [2013/02/04 07:31:20 | 000,339,179 | ---- | M] () -- C:\Users\J\Desktop\Inkasso.pdf [2013/02/04 07:25:14 | 000,001,246 | ---- | M] () -- C:\Users\J\Desktop\Frozen Throne - Verknüpfung.lnk [2013/02/04 07:24:56 | 001,866,407 | ---- | M] () -- C:\Users\J\Desktop\7B25DDFC-3313-43DC-9258-1C11C43214FA.jpg [2013/02/03 10:02:55 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013/02/02 21:31:53 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/02 20:15:52 | 000,036,296 | ---- | M] () -- C:\Users\J\Desktop\cc_20130202_201532.reg [2013/02/02 19:13:59 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/02 19:13:59 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/02 19:13:59 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/02 19:13:59 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/02 19:13:59 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/02 17:49:58 | 000,001,667 | ---- | M] () -- C:\Users\J\Desktop\Hotkey Tool - Verknüpfung (2).lnk [2013/02/02 17:39:42 | 000,465,140 | ---- | M] () -- C:\Users\J\Desktop\qpjyrir.jpg [2013/02/02 16:18:52 | 000,296,050 | ---- | M] () -- C:\Users\J\Desktop\tx3bftk.jpg [2013/02/02 13:36:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/02/02 13:23:45 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/02/02 13:23:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/02/02 10:42:08 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/02/02 10:41:28 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/02/02 10:33:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/02/02 08:49:15 | 000,416,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/27 04:24:35 | 000,001,007 | ---- | M] () -- C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/01/27 04:24:26 | 000,000,967 | ---- | M] () -- C:\Users\J\Desktop\Dropbox.lnk [2013/01/26 15:02:38 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/04 19:33:59 | 000,002,955 | ---- | C] () -- C:\Users\J\Desktop\HiJackThis.lnk [2013/02/04 07:31:40 | 000,339,179 | ---- | C] () -- C:\Users\J\Desktop\Inkasso.pdf [2013/02/04 07:24:53 | 001,866,407 | ---- | C] () -- C:\Users\J\Desktop\7B25DDFC-3313-43DC-9258-1C11C43214FA.jpg [2013/02/02 21:31:53 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/02/02 20:15:39 | 000,036,296 | ---- | C] () -- C:\Users\J\Desktop\cc_20130202_201532.reg [2013/02/02 17:49:58 | 000,001,667 | ---- | C] () -- C:\Users\J\Desktop\Hotkey Tool - Verknüpfung (2).lnk [2013/02/02 17:38:33 | 000,465,140 | ---- | C] () -- C:\Users\J\Desktop\qpjyrir.jpg [2013/02/02 16:18:41 | 000,296,050 | ---- | C] () -- C:\Users\J\Desktop\tx3bftk.jpg [2013/02/02 14:24:33 | 000,001,246 | ---- | C] () -- C:\Users\J\Desktop\Frozen Throne - Verknüpfung.lnk [2013/02/02 13:36:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/02/02 13:23:45 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/02/02 13:23:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/02/02 10:42:08 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/02/02 10:41:28 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/02/02 10:41:28 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/02/02 10:37:03 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/02 10:37:02 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/02 00:14:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/02/01 23:06:16 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/09/03 19:42:37 | 000,001,481 | ---- | C] () -- C:\Users\J\AppData\Local\RecConfig.xml [2012/07/16 17:57:12 | 000,060,864 | ---- | C] () -- C:\Users\J\g2mdlhlpx.exe [2011/09/17 08:56:21 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011/09/17 08:56:21 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011/09/17 08:56:21 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011/06/05 18:51:26 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011/06/05 18:51:18 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011/06/05 18:51:18 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011/06/05 18:51:17 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2011/06/05 18:51:17 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2011/06/05 18:51:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat [2011/05/22 14:54:43 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI [2011/01/28 17:20:37 | 000,004,608 | ---- | C] () -- C:\Users\J\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/30 19:57:34 | 000,335,872 | ---- | C] () -- C:\Users\J\SciLors GrooveDownloader.exe [2010/11/30 19:57:34 | 000,027,648 | ---- | C] () -- C:\Users\J\SciLorsGroovesharkAPI.dll [2010/11/30 19:57:34 | 000,011,264 | ---- | C] () -- C:\Users\J\SciLors UpdateCheck.dll [2010/11/30 19:57:34 | 000,000,280 | ---- | C] () -- C:\Users\J\config.xml [2010/11/30 19:57:34 | 000,000,240 | ---- | C] () -- C:\Users\J\GrooveFix.xml [2010/11/19 19:33:22 | 000,198,543 | ---- | C] () -- C:\Users\J\Foto 0369.jpg [2010/11/19 19:33:22 | 000,190,949 | ---- | C] () -- C:\Users\J\Foto 0368.jpg [2010/09/19 19:43:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/02/12 17:42:40 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Audio Record Edit Toolbox [2012/09/03 19:34:40 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Audio Recorder for Free [2010/12/24 15:50:38 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Audio Recorder for Free 2010 [2013/02/02 13:41:00 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\DAEMON Tools Lite [2010/11/29 17:45:59 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Das Fussball Studio [2013/02/04 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Dropbox [2011/09/01 20:05:28 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\DVDVideoSoft [2011/02/18 19:06:49 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\DVDVideoSoftIEHelpers [2012/01/02 14:23:36 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Eduny [2012/06/20 21:31:11 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Heucx [2012/08/03 22:14:39 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\HTC [2012/08/03 22:14:43 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\HTC Sync [2011/09/14 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\ICQ [2011/12/30 17:24:49 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Ivp [2012/06/20 21:31:11 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Iwveum [2011/09/14 17:21:28 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\kikin [2011/06/02 11:23:56 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\LolClient [2011/02/12 17:58:54 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\phonostar GmbH [2011/02/12 17:48:41 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\REAPER [2013/02/04 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Simply Super Software [2011/01/14 19:25:19 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Thunderbird [2011/06/17 18:15:17 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\TS3Client [2012/09/28 13:34:00 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Update [2011/09/24 09:11:26 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Wise Registry Cleaner ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010/09/18 11:59:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012/09/03 19:06:00 | 000,000,000 | ---D | M] -- C:\AudioSuite [2012/08/23 07:29:04 | 000,000,000 | ---D | M] -- C:\Betfair [2012/02/09 23:41:02 | 000,000,000 | ---D | M] -- C:\Betfair JPC [2012/04/21 09:12:21 | 000,000,000 | -H-D | M] -- C:\CanoScan [2011/05/22 14:34:31 | 000,000,000 | ---D | M] -- C:\desktop [2012/07/15 19:36:29 | 000,000,000 | ---D | M] -- C:\Diablo II [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/09/18 11:56:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011/04/15 22:24:34 | 000,000,000 | ---D | M] -- C:\DOSPROY [2010/09/18 12:48:15 | 000,000,000 | ---D | M] -- C:\DRIVERS [2010/09/18 19:38:55 | 000,000,000 | ---D | M] -- C:\Intel [2010/09/27 13:56:17 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013/02/02 13:36:20 | 000,000,000 | R--D | M] -- C:\Program Files [2013/02/04 19:33:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013/02/04 19:11:55 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010/09/18 11:56:09 | 000,000,000 | -HSD | M] -- C:\Programme [2011/11/30 19:39:54 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/09/28 13:54:40 | 000,000,000 | ---D | M] -- C:\SWTOOLS [2013/02/04 22:28:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/09/18 11:59:18 | 000,000,000 | R--D | M] -- C:\Users [2013/02/04 21:16:17 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009/07/14 02:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/09/18 19:37:34 | 000,000,332 | ---- | C] () -- C:\Windows\Tasks\SystemToolsDailyTest.job [2010/09/18 19:37:36 | 000,000,528 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012/09/15 12:25:55 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013/02/02 10:37:02 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013/02/02 10:37:03 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1f6d6691df50b157\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009/08/07 04:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/08/07 04:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files (x86)\Lenovo\System Update\session\6ji107ww\WIN32\IaStor.sys [2009/08/07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/08/07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys [2009/08/07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2010/12/24 15:39:02 | 000,000,280 | ---- | M] () -- C:\Users\J\config.xml [2010/11/19 19:33:46 | 000,190,949 | ---- | M] () -- C:\Users\J\Foto 0368.jpg [2010/11/19 19:33:46 | 000,198,543 | ---- | M] () -- C:\Users\J\Foto 0369.jpg [2012/07/16 17:57:14 | 000,060,864 | ---- | M] () -- C:\Users\J\g2mdlhlpx.exe [2010/11/30 19:57:35 | 000,000,240 | ---- | M] () -- C:\Users\J\GrooveFix.xml [2010/11/30 19:57:37 | 000,216,576 | ---- | M] (Newtonsoft) -- C:\Users\J\Newtonsoft.Json.Compact.dll [2013/02/04 23:02:57 | 002,621,440 | -HS- | M] () -- C:\Users\J\ntuser.dat [2013/02/04 23:02:57 | 000,262,144 | -HS- | M] () -- C:\Users\J\ntuser.dat.LOG1 [2010/09/18 11:59:19 | 000,000,000 | -HS- | M] () -- C:\Users\J\ntuser.dat.LOG2 [2010/09/18 12:08:12 | 000,065,536 | -HS- | M] () -- C:\Users\J\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010/09/18 12:08:12 | 000,524,288 | -HS- | M] () -- C:\Users\J\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010/09/18 12:08:12 | 000,524,288 | -HS- | M] () -- C:\Users\J\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011/02/05 12:34:23 | 000,065,536 | -HS- | M] () -- C:\Users\J\ntuser.dat{40064ec7-311b-11e0-8d9d-c80aa9db7be5}.TM.blf [2011/02/05 12:34:23 | 000,524,288 | -HS- | M] () -- C:\Users\J\ntuser.dat{40064ec7-311b-11e0-8d9d-c80aa9db7be5}.TMContainer00000000000000000001.regtrans-ms [2011/02/05 12:34:23 | 000,524,288 | -HS- | M] () -- C:\Users\J\ntuser.dat{40064ec7-311b-11e0-8d9d-c80aa9db7be5}.TMContainer00000000000000000002.regtrans-ms [2011/01/27 19:33:01 | 000,065,536 | -HS- | M] () -- C:\Users\J\ntuser.dat{cf28c0e5-2a33-11e0-a20c-c80aa9db7be5}.TM.blf [2011/01/27 19:33:01 | 000,524,288 | -HS- | M] () -- C:\Users\J\ntuser.dat{cf28c0e5-2a33-11e0-a20c-c80aa9db7be5}.TMContainer00000000000000000001.regtrans-ms [2011/01/27 19:33:01 | 000,524,288 | -HS- | M] () -- C:\Users\J\ntuser.dat{cf28c0e5-2a33-11e0-a20c-c80aa9db7be5}.TMContainer00000000000000000002.regtrans-ms [2010/09/18 11:59:20 | 000,000,020 | -HS- | M] () -- C:\Users\J\ntuser.ini [2010/11/30 19:57:37 | 000,335,872 | ---- | M] () -- C:\Users\J\SciLors GrooveDownloader.exe [2010/11/30 19:57:35 | 000,011,264 | ---- | M] () -- C:\Users\J\SciLors UpdateCheck.dll [2010/11/30 19:57:35 | 000,027,648 | ---- | M] () -- C:\Users\J\SciLorsGroovesharkAPI.dll [2012/04/21 09:35:47 | 000,002,190 | ---- | M] () -- C:\Users\J\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Extras.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04/02/2013 22:22:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\J\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
1,87 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 33,17% Memory free
3,74 Gb Paging File | 2,43 Gb Available in Paging File | 64,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 152,31 Gb Free Space | 65,43% Space Free | Partition Type: NTFS
Computer Name: JULIUS | User Name: J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0326B2E0-F599-420B-A027-755F2C7AC35B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E75DD3C-2E0A-41F0-86A3-024C868A79AB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{173EDD94-99F8-4C0A-B020-639B5CCFA64E}" = lport=445 | protocol=6 | dir=in | app=system |
"{19A23CF7-6D5A-47D0-BDE1-92C8F22ABD52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EF5963D-30AF-4676-84A7-0A02BE11C991}" = lport=10243 | protocol=6 | dir=in | app=system |
"{233E2A45-2EB9-4136-BB31-0439182EB515}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{348747A5-95EA-4EEA-9ECE-C1D2A2633585}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{367FADA0-282D-4946-8C45-BA80A10E6D9F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B7AA945-3B78-4E08-ABCD-287AEB5C27E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{500D6168-018F-467A-964C-95761FE79004}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{5698D6EA-5B69-40A8-B0ED-706B19546D2F}" = rport=137 | protocol=17 | dir=out | app=system |
"{5DD065F9-F3E3-4D53-A4F8-FEBF898FF96D}" = lport=139 | protocol=6 | dir=in | app=system |
"{6F37E1B5-1AFF-45A7-B642-FE26110BA8FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{776A3761-9CE8-4DCE-86EF-82A1DA27C48B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D43E507-D503-4127-B456-6D60FC89AB93}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91F32826-0990-484A-A3ED-1FD437BF9C31}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95CAAC24-89A2-4A20-8F71-9E151BE1B2DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{996C0123-0D68-4430-929B-C508E66ED388}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D0C4B5E-3640-456D-BFB2-95783ABB171D}" = lport=138 | protocol=17 | dir=in | app=system |
"{A2251930-8249-4325-B3F3-302E64A8C383}" = rport=445 | protocol=6 | dir=out | app=system |
"{AC3011C9-443A-4C1E-B97C-8DD576869410}" = lport=58560 | protocol=17 | dir=in | name=pando media booster |
"{B0E83FD1-748B-411C-B7EA-F54FE9F372FA}" = lport=58560 | protocol=6 | dir=in | name=pando media booster |
"{B84B80D1-9845-4B29-8CCF-472670B3C137}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BC792852-D8A5-4F73-AD41-219D8CE90DA1}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5680525-67BB-4DF3-8AFF-2CA854080CAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8F17E89-B5DE-4885-8DAA-52089E19BEB4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C91E5442-D7DD-4DD7-BB77-537BDEA4A4B6}" = rport=139 | protocol=6 | dir=out | app=system |
"{CA17BE9E-1C2C-424A-8E0B-0CB0DD7418D8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB765254-115C-4F3E-A42B-BAA8C2D46D19}" = rport=138 | protocol=17 | dir=out | app=system |
"{CBFF4623-9D30-4AA6-BAA3-8E12428A2B30}" = lport=58560 | protocol=17 | dir=in | name=pando media booster |
"{D7BA61FA-84E9-462B-B6EB-968A6EA24DBE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8E31D87-B868-432A-9CE1-A13EBC68AA6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA137DC1-1E4E-4880-8668-608318DF28B1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DA6D8B26-7C4F-47AE-A4ED-2B02E95032B0}" = lport=58560 | protocol=6 | dir=in | name=pando media booster |
"{E42378E2-E6A9-43A6-9336-357728C97A6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F1C7FEE7-8F34-4A28-A4FC-1D034CF1529B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0238C68D-AE57-4C34-B4FD-5514DCE5020F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{061CD883-2B8A-4474-B3CF-E86F033E4FD9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{14C34197-C789-4803-A2DE-78D08877E03F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1ECE9C1C-6F7C-4751-A4F0-04399FAAFAA6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2A8FE839-5C2B-4D02-859F-58A6D8461E5B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2EAA455E-02F5-4B3F-A939-BC5D1FDF7E28}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FA68786-C463-456A-ACA2-F509059CA162}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3955EF77-300E-4F1F-A1CD-2BA34ACCDA48}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{47676F34-6491-491C-9A3C-C12F0F103165}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htc sync\htcsyncloader.exe |
"{4C68DCD0-F27A-4AC5-9F2D-ABBAB2B256E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{509D4AEB-4ACF-4688-B564-F3B2901934EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51497F8F-4FF1-42BF-AD27-C84CAD61D9F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{56585AEB-C902-4389-AD71-92E5628EC522}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6457EAB1-37A9-4962-96AB-951201AA9EC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{680ABB94-BFE8-405C-BAF0-19846A0D3A95}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6B7BA729-6ED4-4A9F-915F-7973ED4AA2C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B8F150E-944C-4C2F-B1FC-8639F8EF1940}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6E6DECD9-AF99-43A4-83BA-D371908A8FBE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{78CDEC7C-B5F1-446E-828B-5BD89D59FC3C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7DCD863B-154B-4736-954B-8B67AE06F779}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8232B417-D688-43D8-A5F6-966CB8B0D1F5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{84AD0EEE-791A-4FA6-9C30-7D9FFF39E337}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{885831B8-9DB9-424F-8A3F-CFE0FCB8102C}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{9225A394-3EA7-44C3-A447-23E4CE5F4A22}" = protocol=6 | dir=out | app=system |
"{93270212-FFFD-4192-A760-4798FE25DC1C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{97B2D916-0B4C-423A-9E9A-B0170C60683D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{97C28406-946B-46B2-ADBA-313E92FE0038}" = protocol=17 | dir=in | app=c:\users\j\appdata\roaming\dropbox\bin\dropbox.exe |
"{9B0513B5-5933-4DE2-9B6B-BF2BEE544445}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9E43849F-E09A-4943-9560-169D594D279D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B4C101DF-8D4C-4188-B7BE-F799F5BA10D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B7FB05C8-0777-4111-9C89-D22B36253F4E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BC5AB652-FC86-4253-9308-C585E05B6C7F}" = protocol=6 | dir=in | app=c:\users\j\appdata\roaming\dropbox\bin\dropbox.exe |
"{C41DB41C-5641-49B1-B665-F69D277D419E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D90AAD03-3BE8-4B34-8712-5641D770862D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB7C40B3-3904-4E03-BB54-5C442B9BACF2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EAE725D5-BAAB-487B-83C7-3F677CB5024F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1C0A0FA-63B0-4F8A-957D-BCB64C614AB6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F872DE47-A6E0-4044-8308-32A767F40B91}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi-Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = Lenovo Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{41CE67B3-7766-4CC0-9E5A-D28DF12072E7}" = HTC Sync Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A5458F0-0F3A-486E-8436-6CF05977093F}" = E3MC - Windows Shutdown Timer v5.7 Full
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D2C60-A55F-4fed-B2B9-17394396DF01}" = ThinkPad Wireless LAN Adapter Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D2F71606-715F-4BDB-864A-69318E36B5CE}" = Brother HL-2030
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audio Recorder for Free_is1" = Audio Recorder for Free v12.9.8
"Avira AntiVir Desktop" = Avira Free Antivirus
"DotAlicious Gaming Client" = DotAlicious Gaming Client
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"Google Chrome" = Google Chrome
"kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.0
"Trojan Remover_is1" = Trojan Remover 6.8.5
"VLC media player" = VLC media player 1.1.5
"WinZip" = WinZip
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.3.0.978
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04/02/2013 16:17:48 | Computer Name = Julius | Source = Windows Search Service | ID = 9000
Description =
Error - 04/02/2013 16:17:50 | Computer Name = Julius | Source = Windows Search Service | ID = 7040
Description =
Error - 04/02/2013 16:17:50 | Computer Name = Julius | Source = Windows Search Service | ID = 7042
Description =
Error - 04/02/2013 16:17:50 | Computer Name = Julius | Source = Windows Search Service | ID = 9002
Description =
Error - 04/02/2013 16:17:50 | Computer Name = Julius | Source = Windows Search Service | ID = 3029
Description =
Error - 04/02/2013 16:17:52 | Computer Name = Julius | Source = Windows Search Service | ID = 3029
Description =
Error - 04/02/2013 16:17:52 | Computer Name = Julius | Source = Windows Search Service | ID = 3028
Description =
Error - 04/02/2013 16:17:52 | Computer Name = Julius | Source = Windows Search Service | ID = 3058
Description =
Error - 04/02/2013 16:17:52 | Computer Name = Julius | Source = Windows Search Service | ID = 7010
Description =
Error - 04/02/2013 17:27:00 | Computer Name = Julius | Source = VSS | ID = 12305
Description =
[ System Events ]
Error - 02/02/2013 15:06:09 | Computer Name = Julius | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473503.
Error - 02/02/2013 15:06:09 | Computer Name = Julius | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 04/02/2013 02:15:41 | Computer Name = Julius | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 04/02/2013 02:15:42 | Computer Name = Julius | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 04/02/2013 13:05:32 | Computer Name = Julius | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 04/02/2013 14:01:09 | Computer Name = Julius | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 04/02/2013 14:04:02 | Computer Name = Julius | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 04/02/2013 14:04:53 | Computer Name = Julius | Source = DCOM | ID = 10010
Description =
Error - 04/02/2013 16:17:54 | Computer Name = Julius | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 04/02/2013 16:17:54 | Computer Name = Julius | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
|
|
05.02.2013, 14:45
| #4 |
| /// Malware-holic | hijackthis editor datei erstellt, was nun? öffne bitte trojan remover und poste bisher erstellte Berichte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 17:36
| #5 |
| | hijackthis editor datei erstellt, was nun? habe den trojan remover laufen lassen, kam auch eine fehlermeldung... habe das dann in "quarantäne! verschoben... hier das ergebnis, die log datei: ***** THE SYSTEM HAS BEEN RESTARTED ***** 05/02/2013 17:29:21: Trojan Remover has been restarted ======================================================= Removing the following registry keys: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sptd.sys - already removed (or did not exist) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sptd.sys - already removed (or did not exist) ======================================================= ======================================================= Deleting the following registry value(s): HKLM\SYSTEM\CurrentControlSet\Services\sptd\[ImagePath] - already deleted ======================================================= 05/02/2013 17:29:21: Trojan Remover closed ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.5.2611. For information, email support@simplysup.com [Unregistered version] Scan started at: 17:10:55 05 Feb 2013 Using Database v7958 Operating System: Windows 7 x64 Ultimate [Build: 6.1.7600] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\J\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\J\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files (x86)\Trojan Remover\ Running with Administrator privileges ************************************************************ 17:10:55: ----- CHECKING DEFAULT FILE ASSOCIATIONS ----- No modified default file associations detected ************************************************************ 17:10:55: ----- SCANNING FOR ROOTKIT SERVICES ----- Geändert von yazid (05.02.2013 um 18:04 Uhr) |
|
05.02.2013, 17:56
| #6 |
| /// Malware-holic | hijackthis editor datei erstellt, was nun? ich hab doch nicht von einem neuen Log geschrieben, oder?
__________________ --> hijackthis editor datei erstellt, was nun? |
|
05.02.2013, 18:10
| #7 |
| | hijackthis editor datei erstellt, was nun? sry, dann hab ich da was falsch verstanden... aber dass ich den log geschrieben habe ist der tatsache geschuldet dass ich keine anderen "berichte" bekommen habe bzw gefunden habe... vllt stehe ich auch auf dem schlauch... -.- |
|
05.02.2013, 18:11
| #8 |
| /// Malware-holic | hijackthis editor datei erstellt, was nun? hi und was hatte dich gehindert, das gleich so zu sagen? :-) ok weiter. Trojan Hunter weg, hat zu viele Fehlalarme und kaum Erkennung. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 18:19
| #9 |
| | hijackthis editor datei erstellt, was nun? besser spät als nie :-) hier der inhalt der .txt 18:14:55.0002 4140 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 18:14:55.0392 4140 ============================================================ 18:14:55.0392 4140 Current date / time: 2013/02/05 18:14:55.0392 18:14:55.0392 4140 SystemInfo: 18:14:55.0392 4140 18:14:55.0392 4140 OS Version: 6.1.7600 ServicePack: 0.0 18:14:55.0392 4140 Product type: Workstation 18:14:55.0392 4140 ComputerName: JULIUS 18:14:55.0392 4140 UserName: J 18:14:55.0392 4140 Windows directory: C:\Windows 18:14:55.0392 4140 System windows directory: C:\Windows 18:14:55.0392 4140 Running under WOW64 18:14:55.0392 4140 Processor architecture: Intel x64 18:14:55.0392 4140 Number of processors: 2 18:14:55.0392 4140 Page size: 0x1000 18:14:55.0392 4140 Boot type: Normal boot 18:14:55.0392 4140 ============================================================ 18:14:56.0608 4140 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:14:56.0624 4140 ============================================================ 18:14:56.0624 4140 \Device\Harddisk0\DR0: 18:14:56.0624 4140 MBR partitions: 18:14:56.0624 4140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:14:56.0624 4140 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800 18:14:56.0624 4140 ============================================================ 18:14:56.0686 4140 C: <-> \Device\Harddisk0\DR0\Partition2 18:14:56.0702 4140 ============================================================ 18:14:56.0702 4140 Initialize success 18:14:56.0702 4140 ============================================================ 18:15:02.0443 1300 ============================================================ 18:15:02.0443 1300 Scan started 18:15:02.0443 1300 Mode: Manual; SigCheck; TDLFS; 18:15:02.0443 1300 ============================================================ 18:15:03.0441 1300 ================ Scan system memory ======================== 18:15:03.0441 1300 System memory - ok 18:15:03.0441 1300 ================ Scan services ============================= 18:15:03.0628 1300 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 18:15:03.0894 1300 1394ohci - ok 18:15:03.0940 1300 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 18:15:03.0972 1300 ACPI - ok 18:15:03.0987 1300 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 18:15:04.0081 1300 AcpiPmi - ok 18:15:04.0221 1300 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:15:04.0237 1300 AdobeFlashPlayerUpdateSvc - ok 18:15:04.0377 1300 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 18:15:04.0611 1300 adp94xx - ok 18:15:04.0642 1300 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 18:15:04.0674 1300 adpahci - ok 18:15:04.0736 1300 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 18:15:04.0783 1300 adpu320 - ok 18:15:04.0814 1300 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:15:05.0001 1300 AeLookupSvc - ok 18:15:05.0048 1300 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys 18:15:05.0157 1300 AFD - ok 18:15:05.0188 1300 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 18:15:05.0204 1300 agp440 - ok 18:15:05.0251 1300 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:15:05.0313 1300 ALG - ok 18:15:05.0344 1300 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 18:15:05.0376 1300 aliide - ok 18:15:05.0407 1300 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys 18:15:05.0422 1300 amdide - ok 18:15:05.0454 1300 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 18:15:05.0532 1300 AmdK8 - ok 18:15:05.0547 1300 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:15:05.0594 1300 AmdPPM - ok 18:15:05.0625 1300 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:15:05.0688 1300 amdsata - ok 18:15:05.0719 1300 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 18:15:05.0750 1300 amdsbs - ok 18:15:05.0766 1300 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:15:05.0797 1300 amdxata - ok 18:15:06.0031 1300 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 18:15:06.0078 1300 AntiVirSchedulerService - ok 18:15:06.0171 1300 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 18:15:06.0202 1300 AntiVirService - ok 18:15:06.0249 1300 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys 18:15:06.0358 1300 AppID - ok 18:15:06.0390 1300 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:15:06.0452 1300 AppIDSvc - ok 18:15:06.0468 1300 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll 18:15:06.0561 1300 Appinfo - ok 18:15:06.0655 1300 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:15:06.0702 1300 Apple Mobile Device - ok 18:15:06.0733 1300 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 18:15:06.0811 1300 AppMgmt - ok 18:15:06.0842 1300 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 18:15:06.0889 1300 arc - ok 18:15:07.0263 1300 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 18:15:07.0294 1300 arcsas - ok 18:15:07.0326 1300 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:15:07.0388 1300 AsyncMac - ok 18:15:07.0435 1300 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys 18:15:07.0466 1300 atapi - ok 18:15:07.0513 1300 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:15:07.0638 1300 AudioEndpointBuilder - ok 18:15:07.0653 1300 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:15:07.0700 1300 AudioSrv - ok 18:15:07.0716 1300 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 18:15:07.0840 1300 avgntflt - ok 18:15:07.0887 1300 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 18:15:07.0918 1300 avipbb - ok 18:15:07.0934 1300 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 18:15:07.0965 1300 avkmgr - ok 18:15:07.0996 1300 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:15:08.0121 1300 AxInstSV - ok 18:15:08.0152 1300 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 18:15:08.0230 1300 b06bdrv - ok 18:15:08.0262 1300 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:15:08.0340 1300 b57nd60a - ok 18:15:08.0371 1300 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:15:08.0449 1300 BDESVC - ok 18:15:08.0480 1300 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:15:08.0542 1300 Beep - ok 18:15:08.0589 1300 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll 18:15:08.0714 1300 BFE - ok 18:15:08.0776 1300 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll 18:15:08.0917 1300 BITS - ok 18:15:08.0932 1300 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:15:08.0964 1300 blbdrive - ok 18:15:09.0010 1300 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe 18:15:09.0057 1300 Bonjour Service - ok 18:15:09.0088 1300 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:15:09.0166 1300 bowser - ok 18:15:09.0198 1300 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:15:09.0244 1300 BrFiltLo - ok 18:15:09.0276 1300 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:15:09.0307 1300 BrFiltUp - ok 18:15:09.0338 1300 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll 18:15:09.0416 1300 Browser - ok 18:15:09.0463 1300 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:15:09.0541 1300 Brserid - ok 18:15:09.0556 1300 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:15:09.0603 1300 BrSerWdm - ok 18:15:09.0650 1300 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:15:09.0681 1300 BrUsbMdm - ok 18:15:09.0681 1300 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:15:09.0728 1300 BrUsbSer - ok 18:15:09.0759 1300 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 18:15:09.0837 1300 BthEnum - ok 18:15:09.0868 1300 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 18:15:09.0931 1300 BTHMODEM - ok 18:15:09.0946 1300 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 18:15:09.0993 1300 BthPan - ok 18:15:10.0040 1300 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 18:15:10.0134 1300 BTHPORT - ok 18:15:10.0165 1300 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:15:10.0243 1300 bthserv - ok 18:15:10.0290 1300 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 18:15:10.0321 1300 BTHUSB - ok 18:15:10.0352 1300 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:15:10.0414 1300 cdfs - ok 18:15:10.0430 1300 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:15:10.0477 1300 cdrom - ok 18:15:10.0508 1300 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll 18:15:10.0570 1300 CertPropSvc - ok 18:15:10.0602 1300 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 18:15:10.0648 1300 circlass - ok 18:15:10.0680 1300 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:15:10.0695 1300 CLFS - ok 18:15:10.0773 1300 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:15:10.0820 1300 clr_optimization_v2.0.50727_32 - ok 18:15:10.0882 1300 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:15:10.0898 1300 clr_optimization_v2.0.50727_64 - ok 18:15:11.0101 1300 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:15:11.0241 1300 clr_optimization_v4.0.30319_32 - ok 18:15:11.0460 1300 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:15:11.0553 1300 clr_optimization_v4.0.30319_64 - ok 18:15:11.0569 1300 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:15:11.0616 1300 CmBatt - ok 18:15:11.0662 1300 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 18:15:11.0694 1300 cmdide - ok 18:15:11.0740 1300 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys 18:15:11.0850 1300 CNG - ok 18:15:11.0865 1300 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 18:15:11.0896 1300 Compbatt - ok 18:15:11.0928 1300 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 18:15:11.0959 1300 CompositeBus - ok 18:15:11.0974 1300 COMSysApp - ok 18:15:12.0006 1300 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 18:15:12.0052 1300 crcdisk - ok 18:15:12.0099 1300 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:15:12.0224 1300 CryptSvc - ok 18:15:12.0271 1300 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys 18:15:12.0380 1300 CSC - ok 18:15:12.0411 1300 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll 18:15:12.0474 1300 CscService - ok 18:15:12.0520 1300 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:15:12.0583 1300 DcomLaunch - ok 18:15:12.0630 1300 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:15:12.0723 1300 defragsvc - ok 18:15:12.0754 1300 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:15:12.0817 1300 DfsC - ok 18:15:12.0879 1300 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll 18:15:13.0004 1300 Dhcp - ok 18:15:13.0035 1300 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:15:13.0098 1300 discache - ok 18:15:13.0113 1300 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 18:15:13.0144 1300 Disk - ok 18:15:13.0191 1300 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:15:13.0238 1300 Dnscache - ok 18:15:13.0285 1300 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll 18:15:13.0347 1300 dot3svc - ok 18:15:13.0378 1300 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll 18:15:13.0425 1300 DPS - ok 18:15:13.0456 1300 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:15:13.0488 1300 drmkaud - ok 18:15:13.0534 1300 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:15:13.0581 1300 DXGKrnl - ok 18:15:13.0628 1300 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:15:13.0706 1300 EapHost - ok 18:15:13.0800 1300 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 18:15:13.0940 1300 ebdrv - ok 18:15:13.0971 1300 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe 18:15:14.0049 1300 EFS - ok 18:15:14.0112 1300 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:15:14.0205 1300 ehRecvr - ok 18:15:14.0236 1300 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:15:14.0330 1300 ehSched - ok 18:15:14.0361 1300 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 18:15:14.0392 1300 elxstor - ok 18:15:14.0424 1300 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 18:15:14.0455 1300 ErrDev - ok 18:15:14.0502 1300 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:15:14.0595 1300 EventSystem - ok 18:15:14.0689 1300 [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 18:15:14.0798 1300 EvtEng - ok 18:15:14.0814 1300 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:15:14.0876 1300 exfat - ok 18:15:14.0907 1300 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:15:14.0985 1300 fastfat - ok 18:15:15.0032 1300 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe 18:15:15.0126 1300 Fax - ok 18:15:15.0141 1300 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 18:15:15.0188 1300 fdc - ok 18:15:15.0219 1300 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:15:15.0282 1300 fdPHost - ok 18:15:15.0297 1300 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:15:15.0360 1300 FDResPub - ok 18:15:15.0391 1300 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:15:15.0422 1300 FileInfo - ok 18:15:15.0438 1300 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:15:15.0516 1300 Filetrace - ok 18:15:15.0547 1300 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 18:15:15.0578 1300 flpydisk - ok 18:15:15.0609 1300 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:15:15.0640 1300 FltMgr - ok 18:15:15.0703 1300 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll 18:15:15.0812 1300 FontCache - ok 18:15:15.0874 1300 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:15:15.0921 1300 FontCache3.0.0.0 - ok 18:15:15.0968 1300 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:15:15.0984 1300 FsDepends - ok 18:15:16.0015 1300 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:15:16.0046 1300 Fs_Rec - ok 18:15:16.0077 1300 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:15:16.0108 1300 fvevol - ok 18:15:16.0140 1300 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 18:15:16.0155 1300 gagp30kx - ok 18:15:16.0202 1300 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:15:16.0218 1300 GEARAspiWDM - ok 18:15:16.0218 1300 GGSAFERDriver - ok 18:15:16.0264 1300 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll 18:15:16.0358 1300 gpsvc - ok 18:15:16.0467 1300 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:15:16.0483 1300 gupdate - ok 18:15:16.0498 1300 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:15:16.0498 1300 gupdatem - ok 18:15:16.0530 1300 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:15:16.0623 1300 hcw85cir - ok 18:15:16.0654 1300 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:15:16.0701 1300 HdAudAddService - ok 18:15:16.0732 1300 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 18:15:16.0764 1300 HDAudBus - ok 18:15:16.0795 1300 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 18:15:16.0826 1300 HidBatt - ok 18:15:16.0842 1300 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 18:15:16.0888 1300 HidBth - ok 18:15:16.0904 1300 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 18:15:16.0935 1300 HidIr - ok 18:15:16.0982 1300 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:15:17.0013 1300 hidserv - ok 18:15:17.0044 1300 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:15:17.0091 1300 HidUsb - ok 18:15:17.0138 1300 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:15:17.0216 1300 hkmsvc - ok 18:15:17.0232 1300 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:15:17.0356 1300 HomeGroupListener - ok 18:15:17.0388 1300 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:15:17.0434 1300 HomeGroupProvider - ok 18:15:17.0466 1300 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 18:15:17.0497 1300 HpSAMD - ok 18:15:17.0559 1300 [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe 18:15:17.0590 1300 HTCMonitorService - ok 18:15:17.0622 1300 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys 18:15:17.0637 1300 htcnprot - ok 18:15:17.0668 1300 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:15:17.0762 1300 HTTP - ok 18:15:17.0793 1300 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:15:17.0809 1300 hwpolicy - ok 18:15:17.0809 1300 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 18:15:17.0856 1300 i8042prt - ok 18:15:17.0902 1300 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 18:15:17.0980 1300 IAANTMON - ok 18:15:18.0012 1300 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 18:15:18.0027 1300 iaStor - ok 18:15:18.0074 1300 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:15:18.0121 1300 iaStorV - ok 18:15:18.0152 1300 [ 22FEF6D8DDC3452EE5EC6FBD9920C74D ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys 18:15:18.0168 1300 IBMPMDRV - ok 18:15:18.0183 1300 [ 8D61BB5A7D6E08E278C84F852D07D516 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe 18:15:18.0214 1300 IBMPMSVC - ok 18:15:18.0292 1300 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:15:18.0448 1300 idsvc - ok 18:15:18.0620 1300 [ DFEAF0A1D98D397035012C8E28D1520F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:15:18.0916 1300 igfx - ok 18:15:18.0948 1300 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 18:15:18.0963 1300 iirsp - ok 18:15:18.0994 1300 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll 18:15:19.0135 1300 IKEEXT - ok 18:15:19.0197 1300 [ 28CEEFBD2C63F91DC17DED3E8D27ECF5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:15:19.0353 1300 IntcAzAudAddService - ok 18:15:19.0384 1300 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys 18:15:19.0447 1300 IntcHdmiAddService - ok 18:15:19.0462 1300 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys 18:15:19.0494 1300 intelide - ok 18:15:19.0509 1300 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:15:19.0556 1300 intelppm - ok 18:15:19.0587 1300 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:15:19.0650 1300 IPBusEnum - ok 18:15:19.0665 1300 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:15:19.0728 1300 IpFilterDriver - ok 18:15:19.0759 1300 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:15:19.0884 1300 iphlpsvc - ok 18:15:19.0915 1300 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 18:15:19.0962 1300 IPMIDRV - ok 18:15:19.0977 1300 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:15:20.0040 1300 IPNAT - ok 18:15:20.0086 1300 [ 3D62FE4FEFE9C67DAFEC52B534DFA1FB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 18:15:20.0133 1300 iPod Service - ok 18:15:20.0164 1300 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:15:20.0180 1300 IRENUM - ok 18:15:20.0196 1300 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 18:15:20.0227 1300 isapnp - ok 18:15:20.0242 1300 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 18:15:20.0274 1300 iScsiPrt - ok 18:15:20.0305 1300 [ 80A1DE467ADF200390134D63E359937A ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 18:15:20.0398 1300 JMCR - ok 18:15:20.0430 1300 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:15:20.0445 1300 kbdclass - ok 18:15:20.0445 1300 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:15:20.0476 1300 kbdhid - ok 18:15:20.0508 1300 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe 18:15:20.0523 1300 KeyIso - ok 18:15:20.0570 1300 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:15:20.0601 1300 KSecDD - ok 18:15:20.0632 1300 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:15:20.0664 1300 KSecPkg - ok 18:15:20.0695 1300 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:15:20.0757 1300 ksthunk - ok 18:15:20.0804 1300 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:15:20.0882 1300 KtmRm - ok 18:15:20.0913 1300 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:15:21.0007 1300 LanmanServer - ok 18:15:21.0038 1300 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:15:21.0100 1300 LanmanWorkstation - ok 18:15:21.0147 1300 [ 70481DABD9ADAB51A6933C5893B82925 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 18:15:21.0178 1300 LENOVO.CAMMUTE - ok 18:15:21.0210 1300 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 18:15:21.0241 1300 LENOVO.MICMUTE - ok 18:15:21.0256 1300 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys 18:15:21.0272 1300 lenovo.smi - ok 18:15:21.0288 1300 [ D0DAF6A22037F6DEE706A095C647AA41 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 18:15:21.0334 1300 LENOVO.TPKNRSVC - ok 18:15:21.0381 1300 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 18:15:21.0397 1300 Lenovo.VIRTSCRLSVC - ok 18:15:21.0412 1300 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:15:21.0459 1300 lltdio - ok 18:15:21.0475 1300 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:15:21.0553 1300 lltdsvc - ok 18:15:21.0600 1300 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:15:21.0631 1300 lmhosts - ok 18:15:21.0662 1300 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 18:15:21.0693 1300 LSI_FC - ok 18:15:21.0709 1300 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 18:15:21.0756 1300 LSI_SAS - ok 18:15:21.0771 1300 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:15:21.0802 1300 LSI_SAS2 - ok 18:15:21.0802 1300 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:15:21.0849 1300 LSI_SCSI - ok 18:15:21.0880 1300 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:15:21.0943 1300 luafv - ok 18:15:21.0958 1300 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:15:22.0021 1300 Mcx2Svc - ok 18:15:22.0052 1300 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 18:15:22.0083 1300 megasas - ok 18:15:22.0099 1300 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 18:15:22.0130 1300 MegaSR - ok 18:15:22.0208 1300 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 18:15:22.0239 1300 Microsoft Office Groove Audit Service - ok 18:15:22.0286 1300 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:15:22.0348 1300 MMCSS - ok 18:15:22.0380 1300 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:15:22.0426 1300 Modem - ok 18:15:22.0458 1300 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:15:22.0489 1300 monitor - ok 18:15:22.0520 1300 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:15:22.0567 1300 mouclass - ok 18:15:22.0582 1300 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:15:22.0629 1300 mouhid - ok 18:15:22.0629 1300 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:15:22.0645 1300 mountmgr - ok 18:15:22.0692 1300 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:15:22.0754 1300 MozillaMaintenance - ok 18:15:22.0785 1300 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys 18:15:22.0816 1300 mpio - ok 18:15:22.0832 1300 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:15:22.0894 1300 mpsdrv - ok 18:15:22.0941 1300 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:15:23.0035 1300 MpsSvc - ok 18:15:23.0066 1300 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:15:23.0097 1300 MRxDAV - ok 18:15:23.0128 1300 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:15:23.0191 1300 mrxsmb - ok 18:15:23.0206 1300 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:15:23.0253 1300 mrxsmb10 - ok 18:15:23.0284 1300 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:15:23.0300 1300 mrxsmb20 - ok 18:15:23.0347 1300 [ 2BA4FF3D5EB68587DD662A896F649C7D ] msahci C:\Windows\system32\DRIVERS\msahci.sys 18:15:23.0378 1300 msahci - ok 18:15:23.0425 1300 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 18:15:23.0456 1300 msdsm - ok 18:15:23.0472 1300 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:15:23.0503 1300 MSDTC - ok 18:15:23.0534 1300 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:15:23.0581 1300 Msfs - ok 18:15:23.0612 1300 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:15:23.0690 1300 mshidkmdf - ok 18:15:23.0706 1300 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 18:15:23.0721 1300 msisadrv - ok 18:15:23.0737 1300 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:15:23.0815 1300 MSiSCSI - ok 18:15:23.0830 1300 msiserver - ok 18:15:23.0846 1300 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:15:23.0924 1300 MSKSSRV - ok 18:15:23.0955 1300 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:15:24.0002 1300 MSPCLOCK - ok 18:15:24.0018 1300 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:15:24.0064 1300 MSPQM - ok 18:15:24.0096 1300 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:15:24.0142 1300 MsRPC - ok 18:15:24.0158 1300 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 18:15:24.0174 1300 mssmbios - ok 18:15:24.0189 1300 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:15:24.0267 1300 MSTEE - ok 18:15:24.0283 1300 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 18:15:24.0330 1300 MTConfig - ok 18:15:24.0361 1300 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:15:24.0408 1300 Mup - ok 18:15:24.0439 1300 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll 18:15:24.0517 1300 napagent - ok 18:15:24.0564 1300 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:15:24.0610 1300 NativeWifiP - ok 18:15:24.0642 1300 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys 18:15:24.0704 1300 NDIS - ok 18:15:24.0735 1300 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:15:24.0782 1300 NdisCap - ok 18:15:24.0798 1300 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:15:24.0876 1300 NdisTapi - ok 18:15:24.0891 1300 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:15:24.0954 1300 Ndisuio - ok 18:15:25.0000 1300 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:15:25.0063 1300 NdisWan - ok 18:15:25.0078 1300 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:15:25.0141 1300 NDProxy - ok 18:15:25.0172 1300 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:15:25.0203 1300 NetBIOS - ok 18:15:25.0234 1300 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:15:25.0297 1300 NetBT - ok 18:15:25.0312 1300 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe 18:15:25.0328 1300 Netlogon - ok 18:15:25.0390 1300 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:15:25.0453 1300 Netman - ok 18:15:25.0484 1300 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:15:25.0562 1300 netprofm - ok 18:15:25.0593 1300 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:15:25.0640 1300 NetTcpPortSharing - ok 18:15:25.0812 1300 [ 24F64343F14A119308456E1CA7507B26 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys 18:15:26.0092 1300 NETw5s64 - ok 18:15:26.0108 1300 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 18:15:26.0124 1300 nfrd960 - ok 18:15:26.0155 1300 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:15:26.0217 1300 NlaSvc - ok 18:15:26.0248 1300 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:15:26.0311 1300 Npfs - ok 18:15:26.0342 1300 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:15:26.0404 1300 nsi - ok 18:15:26.0420 1300 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:15:26.0482 1300 nsiproxy - ok 18:15:26.0545 1300 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:15:26.0654 1300 Ntfs - ok 18:15:26.0685 1300 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:15:26.0763 1300 Null - ok 18:15:26.0794 1300 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:15:26.0810 1300 nvraid - ok 18:15:26.0826 1300 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:15:26.0857 1300 nvstor - ok 18:15:26.0872 1300 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 18:15:26.0888 1300 nv_agp - ok 18:15:26.0966 1300 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:15:27.0028 1300 odserv - ok 18:15:27.0044 1300 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 18:15:27.0091 1300 ohci1394 - ok 18:15:27.0122 1300 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:15:27.0153 1300 ose - ok 18:15:27.0200 1300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:15:27.0278 1300 p2pimsvc - ok 18:15:27.0309 1300 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:15:27.0340 1300 p2psvc - ok 18:15:27.0372 1300 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 18:15:27.0403 1300 Parport - ok 18:15:27.0434 1300 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:15:27.0450 1300 partmgr - ok 18:15:27.0496 1300 [ 9987ABA0E5DD0D46C95076B157B38C06 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 18:15:27.0543 1300 PassThru Service ( UnsignedFile.Multi.Generic ) - warning 18:15:27.0543 1300 PassThru Service - detected UnsignedFile.Multi.Generic (1) 18:15:27.0574 1300 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:15:27.0637 1300 PcaSvc - ok 18:15:27.0715 1300 [ ACD84D961942E2204A4475F9AF356F2E ] PCDSRVC{127174DC-C366ED8B-06020000}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms 18:15:27.0746 1300 PCDSRVC{127174DC-C366ED8B-06020000}_0 - ok 18:15:27.0777 1300 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys 18:15:27.0808 1300 pci - ok 18:15:27.0871 1300 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys 18:15:27.0886 1300 pciide - ok 18:15:27.0918 1300 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 18:15:27.0949 1300 pcmcia - ok 18:15:27.0980 1300 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:15:28.0027 1300 pcw - ok 18:15:28.0058 1300 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:15:28.0152 1300 PEAUTH - ok 18:15:28.0198 1300 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 18:15:28.0354 1300 PeerDistSvc - ok 18:15:28.0432 1300 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:15:28.0495 1300 PerfHost - ok 18:15:28.0557 1300 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll 18:15:28.0666 1300 pla - ok 18:15:28.0729 1300 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:15:28.0791 1300 PlugPlay - ok 18:15:28.0838 1300 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:15:28.0854 1300 PNRPAutoReg - ok 18:15:28.0869 1300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:15:28.0885 1300 PNRPsvc - ok 18:15:28.0932 1300 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:15:28.0994 1300 PolicyAgent - ok 18:15:29.0041 1300 [ 6C2384E20F6EC6B9833AF80BAB607813 ] Power C:\Windows\system32\umpo.dll 18:15:29.0103 1300 Power - ok 18:15:29.0150 1300 [ BAC02775CF629E5FE80BEA952F4448EF ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 18:15:29.0181 1300 Power Manager DBC Service - ok 18:15:29.0212 1300 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:15:29.0290 1300 PptpMiniport - ok 18:15:29.0322 1300 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 18:15:29.0353 1300 Processor - ok 18:15:29.0384 1300 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll 18:15:29.0446 1300 ProfSvc - ok 18:15:29.0478 1300 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:15:29.0493 1300 ProtectedStorage - ok 18:15:29.0540 1300 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys 18:15:29.0556 1300 psadd - ok 18:15:29.0571 1300 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:15:29.0618 1300 Psched - ok 18:15:29.0680 1300 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 18:15:29.0758 1300 ql2300 - ok 18:15:29.0774 1300 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 18:15:29.0805 1300 ql40xx - ok 18:15:29.0836 1300 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:15:29.0914 1300 QWAVE - ok 18:15:29.0946 1300 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:15:29.0992 1300 QWAVEdrv - ok 18:15:30.0024 1300 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:15:30.0086 1300 RasAcd - ok 18:15:30.0117 1300 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:15:30.0148 1300 RasAgileVpn - ok 18:15:30.0195 1300 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:15:30.0242 1300 RasAuto - ok 18:15:30.0289 1300 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:15:30.0336 1300 Rasl2tp - ok 18:15:30.0351 1300 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll 18:15:30.0414 1300 RasMan - ok 18:15:30.0429 1300 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:15:30.0492 1300 RasPppoe - ok 18:15:30.0523 1300 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:15:30.0570 1300 RasSstp - ok 18:15:30.0601 1300 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:15:30.0679 1300 rdbss - ok 18:15:30.0710 1300 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 18:15:30.0757 1300 rdpbus - ok 18:15:30.0772 1300 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:15:30.0819 1300 RDPCDD - ok 18:15:30.0835 1300 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 18:15:30.0897 1300 RDPDR - ok 18:15:30.0928 1300 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:15:30.0991 1300 RDPENCDD - ok 18:15:31.0006 1300 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:15:31.0038 1300 RDPREFMP - ok 18:15:31.0084 1300 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:15:31.0147 1300 RDPWD - ok 18:15:31.0178 1300 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:15:31.0209 1300 rdyboost - ok 18:15:31.0287 1300 [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 18:15:31.0318 1300 RegSrvc - ok 18:15:31.0350 1300 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:15:31.0428 1300 RemoteAccess - ok 18:15:31.0474 1300 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:15:31.0568 1300 RemoteRegistry - ok 18:15:31.0599 1300 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 18:15:31.0630 1300 RFCOMM - ok 18:15:31.0662 1300 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:15:31.0740 1300 RpcEptMapper - ok 18:15:31.0771 1300 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:15:31.0786 1300 RpcLocator - ok 18:15:31.0818 1300 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll 18:15:31.0849 1300 RpcSs - ok 18:15:31.0896 1300 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:15:31.0942 1300 rspndr - ok 18:15:31.0989 1300 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 18:15:32.0067 1300 RTL8167 - ok 18:15:32.0098 1300 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys 18:15:32.0161 1300 s3cap - ok 18:15:32.0192 1300 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe 18:15:32.0208 1300 SamSs - ok 18:15:32.0223 1300 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 18:15:32.0254 1300 sbp2port - ok 18:15:32.0286 1300 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:15:32.0348 1300 SCardSvr - ok 18:15:32.0379 1300 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:15:32.0442 1300 scfilter - ok 18:15:32.0488 1300 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll 18:15:32.0613 1300 Schedule - ok 18:15:32.0644 1300 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:15:32.0691 1300 SCPolicySvc - ok 18:15:32.0722 1300 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 18:15:32.0738 1300 sdbus - ok 18:15:32.0785 1300 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:15:32.0863 1300 SDRSVC - ok 18:15:32.0878 1300 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:15:32.0941 1300 secdrv - ok 18:15:32.0956 1300 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll 18:15:33.0019 1300 seclogon - ok 18:15:33.0050 1300 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:15:33.0081 1300 SENS - ok 18:15:33.0097 1300 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:15:33.0159 1300 SensrSvc - ok 18:15:33.0175 1300 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 18:15:33.0222 1300 Serenum - ok 18:15:33.0253 1300 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 18:15:33.0300 1300 Serial - ok 18:15:33.0315 1300 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 18:15:33.0331 1300 sermouse - ok 18:15:33.0378 1300 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll 18:15:33.0440 1300 SessionEnv - ok 18:15:33.0487 1300 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 18:15:33.0518 1300 sffdisk - ok 18:15:33.0549 1300 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys 18:15:33.0580 1300 sffp_mmc - ok 18:15:33.0612 1300 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 18:15:33.0658 1300 sffp_sd - ok 18:15:33.0690 1300 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 18:15:33.0705 1300 sfloppy - ok 18:15:33.0736 1300 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:15:33.0830 1300 SharedAccess - ok 18:15:33.0861 1300 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:15:33.0924 1300 ShellHWDetection - ok 18:15:33.0970 1300 [ C45942985943FC4AB8A7EA7A92F29C00 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys 18:15:33.0986 1300 Shockprf - ok 18:15:34.0017 1300 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:15:34.0033 1300 SiSRaid2 - ok 18:15:34.0048 1300 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 18:15:34.0080 1300 SiSRaid4 - ok 18:15:34.0095 1300 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:15:34.0142 1300 Smb - ok 18:15:34.0189 1300 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:15:34.0220 1300 SNMPTRAP - ok 18:15:34.0251 1300 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:15:34.0267 1300 spldr - ok 18:15:34.0314 1300 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe 18:15:34.0423 1300 Spooler - ok 18:15:34.0516 1300 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe 18:15:34.0641 1300 sppsvc - ok 18:15:34.0672 1300 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:15:34.0735 1300 sppuinotify - ok 18:15:34.0750 1300 sptd - ok 18:15:34.0797 1300 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys 18:15:34.0875 1300 srv - ok 18:15:34.0906 1300 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:15:34.0969 1300 srv2 - ok 18:15:35.0000 1300 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:15:35.0047 1300 srvnet - ok 18:15:35.0094 1300 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:15:35.0172 1300 SSDPSRV - ok 18:15:35.0187 1300 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:15:35.0234 1300 SstpSvc - ok 18:15:35.0265 1300 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 18:15:35.0281 1300 stexstor - ok 18:15:35.0312 1300 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll 18:15:35.0359 1300 stisvc - ok 18:15:35.0374 1300 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys 18:15:35.0406 1300 storflt - ok 18:15:35.0421 1300 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys 18:15:35.0437 1300 storvsc - ok 18:15:35.0499 1300 [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe 18:15:35.0515 1300 SUService - ok 18:15:35.0530 1300 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 18:15:35.0562 1300 swenum - ok 18:15:35.0593 1300 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:15:35.0655 1300 swprv - ok 18:15:35.0686 1300 [ 868DFB220A18312A12CEF01BA9AC069B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 18:15:35.0718 1300 SynTP - ok 18:15:35.0780 1300 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll 18:15:35.0874 1300 SysMain - ok 18:15:35.0920 1300 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:15:35.0967 1300 TabletInputService - ok 18:15:35.0983 1300 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll 18:15:36.0045 1300 TapiSrv - ok 18:15:36.0061 1300 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:15:36.0123 1300 TBS - ok 18:15:36.0201 1300 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:15:36.0310 1300 Tcpip - ok 18:15:36.0357 1300 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:15:36.0404 1300 TCPIP6 - ok 18:15:36.0451 1300 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:15:36.0482 1300 tcpipreg - ok 18:15:36.0498 1300 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:15:36.0576 1300 TDPIPE - ok 18:15:36.0607 1300 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:15:36.0654 1300 TDTCP - ok 18:15:36.0700 1300 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:15:36.0763 1300 tdx - ok 18:15:36.0794 1300 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 18:15:36.0810 1300 TermDD - ok 18:15:36.0856 1300 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll 18:15:36.0981 1300 TermService - ok 18:15:36.0997 1300 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:15:37.0059 1300 Themes - ok 18:15:37.0090 1300 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:15:37.0122 1300 THREADORDER - ok 18:15:37.0153 1300 [ 6DB3FAE611554DC373E266ED50111B1C ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys 18:15:37.0184 1300 TPDIGIMN - ok 18:15:37.0215 1300 [ 47D2009FDC682833EE03B6DCBA23FDD2 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe 18:15:37.0231 1300 TPHDEXLGSVC - ok 18:15:37.0293 1300 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 18:15:37.0309 1300 TPHKLOAD - ok 18:15:37.0340 1300 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 18:15:37.0387 1300 TPHKSVC - ok 18:15:37.0402 1300 [ 2C067E01D6BBCCC88B233B868E210907 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys 18:15:37.0418 1300 TPPWRIF - ok 18:15:37.0449 1300 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:15:37.0512 1300 TrkWks - ok 18:15:37.0574 1300 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:15:37.0590 1300 TrustedInstaller - ok 18:15:37.0621 1300 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:15:37.0699 1300 tssecsrv - ok 18:15:37.0730 1300 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:15:37.0761 1300 tunnel - ok 18:15:37.0777 1300 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 18:15:37.0808 1300 uagp35 - ok 18:15:37.0824 1300 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:15:37.0902 1300 udfs - ok 18:15:37.0933 1300 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:15:37.0980 1300 UI0Detect - ok 18:15:38.0011 1300 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 18:15:38.0042 1300 uliagpkx - ok 18:15:38.0042 1300 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:15:38.0089 1300 umbus - ok 18:15:38.0104 1300 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 18:15:38.0120 1300 UmPass - ok 18:15:38.0167 1300 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll 18:15:38.0214 1300 UmRdpService - ok 18:15:38.0229 1300 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:15:38.0292 1300 upnphost - ok 18:15:38.0323 1300 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 18:15:38.0385 1300 USBAAPL64 - ok 18:15:38.0416 1300 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:15:38.0463 1300 usbccgp - ok 18:15:38.0494 1300 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 18:15:38.0541 1300 usbcir - ok 18:15:38.0572 1300 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 18:15:38.0588 1300 usbehci - ok 18:15:38.0619 1300 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:15:38.0650 1300 usbhub - ok 18:15:38.0666 1300 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:15:38.0697 1300 usbohci - ok 18:15:38.0728 1300 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:15:38.0775 1300 usbprint - ok 18:15:38.0822 1300 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 18:15:38.0838 1300 usbscan - ok 18:15:38.0869 1300 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS 18:15:38.0947 1300 USBSTOR - ok 18:15:38.0962 1300 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 18:15:38.0994 1300 usbuhci - ok 18:15:39.0040 1300 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 18:15:39.0103 1300 usbvideo - ok 18:15:39.0150 1300 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:15:39.0196 1300 UxSms - ok 18:15:39.0212 1300 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe 18:15:39.0228 1300 VaultSvc - ok 18:15:39.0259 1300 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 18:15:39.0290 1300 vdrvroot - ok 18:15:39.0321 1300 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe 18:15:39.0368 1300 vds - ok 18:15:39.0399 1300 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:15:39.0446 1300 vga - ok 18:15:39.0477 1300 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:15:39.0524 1300 VgaSave - ok 18:15:39.0540 1300 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 18:15:39.0586 1300 vhdmp - ok 18:15:39.0633 1300 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys 18:15:39.0649 1300 viaide - ok 18:15:39.0680 1300 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys 18:15:39.0727 1300 vmbus - ok 18:15:39.0727 1300 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys 18:15:39.0774 1300 VMBusHID - ok 18:15:39.0789 1300 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 18:15:39.0805 1300 volmgr - ok 18:15:39.0836 1300 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:15:39.0867 1300 volmgrx - ok 18:15:39.0914 1300 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys 18:15:39.0945 1300 volsnap - ok 18:15:39.0976 1300 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 18:15:40.0008 1300 vsmraid - ok 18:15:40.0086 1300 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe 18:15:40.0195 1300 VSS - ok 18:15:40.0210 1300 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:15:40.0257 1300 vwifibus - ok 18:15:40.0288 1300 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:15:40.0320 1300 vwififlt - ok 18:15:40.0351 1300 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:15:40.0413 1300 W32Time - ok 18:15:40.0444 1300 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 18:15:40.0507 1300 WacomPen - ok 18:15:40.0522 1300 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:15:40.0600 1300 WANARP - ok 18:15:40.0600 1300 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:15:40.0632 1300 Wanarpv6 - ok 18:15:40.0694 1300 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe 18:15:40.0819 1300 wbengine - ok 18:15:40.0850 1300 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:15:40.0897 1300 WbioSrvc - ok 18:15:40.0928 1300 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:15:40.0990 1300 wcncsvc - ok 18:15:41.0006 1300 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:15:41.0053 1300 WcsPlugInService - ok 18:15:41.0084 1300 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 18:15:41.0100 1300 Wd - ok 18:15:41.0146 1300 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:15:41.0209 1300 Wdf01000 - ok 18:15:41.0240 1300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:15:41.0271 1300 WdiServiceHost - ok 18:15:41.0287 1300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:15:41.0302 1300 WdiSystemHost - ok 18:15:41.0334 1300 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll 18:15:41.0396 1300 WebClient - ok 18:15:41.0427 1300 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:15:41.0505 1300 Wecsvc - ok 18:15:41.0536 1300 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:15:41.0583 1300 wercplsupport - ok 18:15:41.0599 1300 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:15:41.0661 1300 WerSvc - ok 18:15:41.0692 1300 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:15:41.0739 1300 WfpLwf - ok 18:15:41.0755 1300 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:15:41.0770 1300 WIMMount - ok 18:15:41.0786 1300 WinDefend - ok 18:15:41.0786 1300 WinHttpAutoProxySvc - ok 18:15:41.0848 1300 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:15:41.0911 1300 Winmgmt - ok 18:15:41.0973 1300 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll 18:15:42.0114 1300 WinRM - ok 18:15:42.0145 1300 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:15:42.0238 1300 WinUsb - ok 18:15:42.0270 1300 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:15:42.0379 1300 Wlansvc - ok 18:15:42.0410 1300 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 18:15:42.0441 1300 WmiAcpi - ok 18:15:42.0488 1300 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:15:42.0535 1300 wmiApSrv - ok 18:15:42.0550 1300 WMPNetworkSvc - ok 18:15:42.0582 1300 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:15:42.0628 1300 WPCSvc - ok 18:15:42.0644 1300 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:15:42.0722 1300 WPDBusEnum - ok 18:15:42.0753 1300 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:15:42.0816 1300 ws2ifsl - ok 18:15:42.0862 1300 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll 18:15:42.0894 1300 wscsvc - ok 18:15:42.0894 1300 WSearch - ok 18:15:42.0987 1300 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:15:43.0081 1300 wuauserv - ok 18:15:43.0128 1300 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:15:43.0190 1300 WudfPf - ok 18:15:43.0206 1300 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:15:43.0252 1300 WUDFRd - ok 18:15:43.0299 1300 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:15:43.0362 1300 wudfsvc - ok 18:15:43.0393 1300 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:15:43.0455 1300 WwanSvc - ok 18:15:43.0486 1300 ================ Scan global =============================== 18:15:43.0518 1300 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:15:43.0564 1300 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll 18:15:43.0580 1300 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll 18:15:43.0611 1300 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:15:43.0658 1300 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:15:43.0658 1300 [Global] - ok 18:15:43.0658 1300 ================ Scan MBR ================================== 18:15:43.0658 1300 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:15:43.0954 1300 \Device\Harddisk0\DR0 - ok 18:15:43.0954 1300 ================ Scan VBR ================================== 18:15:43.0954 1300 [ CA815C8AB73DF843329B72CFBC58868C ] \Device\Harddisk0\DR0\Partition1 18:15:43.0954 1300 \Device\Harddisk0\DR0\Partition1 - ok 18:15:43.0970 1300 [ FFF971761463257B271246B175AC5E9B ] \Device\Harddisk0\DR0\Partition2 18:15:43.0970 1300 \Device\Harddisk0\DR0\Partition2 - ok 18:15:43.0970 1300 ============================================================ 18:15:43.0970 1300 Scan finished 18:15:43.0970 1300 ============================================================ 18:15:43.0986 0700 Detected object count: 1 18:15:43.0986 0700 Actual detected object count: 1 18:15:54.0001 0700 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user 18:15:54.0001 0700 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
05.02.2013, 18:20
| #10 |
| /// Malware-holic | hijackthis editor datei erstellt, was nun? nein, Anweisungen schreibe ich nicht ohne Grund. also nur das machen, was hier steht, danke. Combofix: Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 20:46
| #11 |
| | hijackthis editor datei erstellt, was nun? hi ;-) also hat etwas gedauert... hier das ergebnis Combofix Logfile: Code:
ATTFilter ComboFix 13-02-03.03 - J 05/02/2013 19:55:34.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1913.882 [GMT 1:00]
ausgeführt von:: c:\users\J\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\file_list.txt
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\kikin.ico
c:\program files (x86)\kikin\kikin_updater_2.0.0.11.exe
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\users\J\AppData\Roaming\kikin
c:\users\J\AppData\Roaming\kikin\ff_configuration.xml
c:\users\J\AppData\Roaming\kikin\ff_kkes.xml
c:\users\J\AppData\Roaming\kikin\ff_settings.xml
c:\users\J\AppData\Roaming\kikin\ie_configuration.xml
c:\users\J\AppData\Roaming\kikin\ie_kkes.xml
c:\users\J\AppData\Roaming\kikin\ie_settings.xml
c:\users\J\g2mdlhlpx.exe
c:\windows\IsUn0407.exe
c:\windows\SysWow64\is-L1MHO.tmp
c:\windows\SysWow64\is-TAVC0.tmp
c:\windows\SysWow64\is-TEHIG.tmp
c:\windows\SysWow64\start.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-05 bis 2013-02-05 ))))))))))))))))))))))))))))))
.
.
2013-02-05 19:07 . 2013-02-05 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-04 21:28 . 2013-02-04 21:28 -------- d-----w- c:\windows\system32\SPReview
2013-02-04 21:26 . 2013-02-04 21:26 -------- d-----w- c:\windows\system32\EventProviders
2013-02-04 18:33 . 2013-02-04 18:33 388096 ----a-r- c:\users\J\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-04 18:33 . 2013-02-04 18:33 -------- d-----w- c:\program files (x86)\Trend Micro
2013-02-04 18:12 . 2013-02-04 18:12 -------- d-----w- c:\users\J\AppData\Roaming\Simply Super Software
2013-02-04 18:11 . 2013-02-04 18:11 -------- d-----w- c:\programdata\Simply Super Software
2013-02-04 18:11 . 2013-02-04 18:11 -------- d-----w- c:\program files (x86)\Trojan Remover
2013-02-02 20:41 . 2013-02-02 20:41 -------- d-----w- c:\windows\Internet Logs
2013-02-02 20:31 . 2013-02-02 20:31 -------- d-----w- c:\program files (x86)\Avira
2013-02-02 16:08 . 2012-07-06 19:58 552448 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-02-02 16:08 . 2011-04-28 03:58 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-02-02 16:08 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-02-02 16:08 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-02-02 16:08 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-02-02 16:08 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-02-02 16:08 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-02-02 16:08 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-02-02 16:08 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-02-02 16:07 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-02-02 16:07 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-02-02 16:07 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2013-02-02 16:07 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-02-02 16:07 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2013-02-02 16:07 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2013-02-02 16:07 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-02-02 16:07 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-02-02 16:07 . 2011-03-11 04:31 91136 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2013-02-02 16:07 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2013-02-02 16:07 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2013-02-02 12:36 . 2013-02-02 12:36 -------- d-----w- c:\program files\CCleaner
2013-02-02 12:28 . 2013-02-02 12:28 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-02-02 12:28 . 2013-02-02 12:28 -------- d-----w- c:\windows\system32\wbem\en-US
2013-02-02 12:25 . 2013-02-02 12:25 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-02-02 08:36 . 2013-02-02 08:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-02 08:35 . 2013-02-02 08:34 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-01 23:43 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2013-02-01 23:43 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2013-02-01 23:23 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2013-02-01 23:23 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2013-02-01 23:19 . 2013-01-18 11:15 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA931529-8E13-46AB-A2F4-BFC58D242412}\mpengine.dll
2013-02-01 23:14 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-02-01 23:14 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-02-01 23:14 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-02-01 23:14 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-02-01 23:12 . 2012-12-16 16:31 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-02-01 22:45 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2013-02-01 22:45 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2013-02-01 22:45 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2013-02-01 22:45 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2013-02-01 22:45 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2013-02-01 22:45 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-02-01 22:45 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2013-02-01 22:45 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2013-02-01 22:45 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2013-02-01 22:45 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-02-01 22:44 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-02-01 22:07 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-02-01 22:07 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-02-01 22:07 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-02-01 22:07 . 2009-10-19 14:46 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-02-01 22:07 . 2009-10-19 14:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-02-01 22:07 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-02-01 22:06 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-02-01 22:06 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-02-01 22:06 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-02-01 22:06 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-02-01 22:06 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-02-01 22:06 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-02-01 22:06 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-02-01 22:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-02-01 22:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2013-02-01 22:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-02-01 22:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2013-02-01 22:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-02-01 21:58 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-02-01 21:58 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2013-02-01 21:53 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-02-01 21:52 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2013-02-01 21:52 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2013-02-01 21:52 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2013-02-01 21:52 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2013-02-01 21:51 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2013-02-01 21:46 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-01 21:45 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2013-02-01 21:45 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2013-02-01 21:45 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-02-01 21:45 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-02-01 21:45 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2013-02-01 21:45 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-02-01 21:45 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2013-02-01 21:45 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2013-02-01 21:44 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2013-02-01 21:44 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2013-02-01 21:44 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-01 21:42 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2013-02-01 21:40 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2013-02-01 21:40 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2013-02-01 21:40 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-02-01 21:40 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2013-02-01 21:40 . 2010-03-05 07:42 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2013-02-01 21:35 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2013-02-01 21:35 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2013-02-01 21:35 . 2010-09-01 05:21 14627840 ----a-w- c:\windows\system32\wmp.dll
2013-02-01 21:35 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-02-01 21:35 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-02-01 21:33 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2013-02-01 21:32 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2013-02-01 21:32 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-02-01 21:32 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-02-01 21:32 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2013-02-01 21:32 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-02-01 21:32 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2013-02-01 21:32 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2013-02-01 21:32 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2013-02-01 21:32 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2013-02-01 21:32 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2013-02-01 21:32 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2013-02-01 21:28 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2013-02-01 21:27 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-02-01 21:27 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2013-02-01 21:27 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2013-02-01 21:27 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2013-02-01 21:27 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2013-02-01 21:27 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 08:34 . 2012-09-16 08:22 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-02 08:34 . 2010-12-03 19:05 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-17 00:28 . 2010-09-18 17:50 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 06:12 . 2012-09-15 11:25 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 06:12 . 2011-08-14 02:16 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-30 04:56 . 2013-02-01 21:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"phonostarTimer"="c:\program files (x86)\phonostar-Player\phonostarTimer.exe" [2011-01-27 39936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-25 1129832]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-12-16 220744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-09-14 1247504]
.
c:\users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\J\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 PCDSRVC{127174DC-C366ED8B-06020000}_0;PCDSRVC{127174DC-C366ED8B-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-05-07 24560]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-25 75112]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-12-14 51712]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-10-09 23592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-06-08 87368]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-04-13 88576]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 143320]
S3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-17 7680512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-27 295424]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 42186681
*Deregistered* - 42186681
*Deregistered* - avipbb
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 09:41 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 06:12]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02 09:36]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-02 09:36]
.
2013-01-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-09-08 22:15]
.
2013-02-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-09-08 22:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\J\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-19 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-19 365592]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\J\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\J\AppData\Roaming\Mozilla\Firefox\Profiles\xhtgp919.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-kikin Plugin (NO23 Edition) - c:\program files (x86)\kikin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-05 20:24:30
ComboFix-quarantined-files.txt 2013-02-05 19:24
.
Vor Suchlauf: 15 Verzeichnis(se), 173.412.450.304 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 173.271.420.928 Bytes frei
.
- - End Of File - - 85FAA3EDA5320CF79491D9CD3B93ACEE
|
|
05.02.2013, 21:41
| #12 |
| /// Malware-holic | hijackthis editor datei erstellt, was nun? hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 08:23
| #13 |
| | hijackthis editor datei erstellt, was nun? 5 dateien wurden gefunden, markiert und entfernt... :-) hier das ergebnis: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.06.03 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 J :: JULIUS [Administrator] Schutz: Aktiviert 06/02/2013 07:34:18 mbam-log-2013-02-06 (07-34-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 385221 Laufzeit: 44 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\J\Desktop\Sicherung\DVD 1, fertig\Daten\Projekt\FrontPage 2003 (Portable)\FrontPage2003-Thinstall\1000000b00002i\rundll32.exe (Rootkit.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\J\Desktop\Sicherung\DVD 1, fertig\Daten\Projekt\FrontPage 2003 (Portable)\FrontPage2003-Thinstall\1000000b00002i\verclsid.exe (Rootkit.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\J\Desktop\Sicherung\DVD 1, fertig\Daten\Projekt\FrontPage 2003 (Portable)\FrontPage2003-Thinstall\300000003400002i\dwwin.exe (Rootkit.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\J\Downloads\historie\SoftonicDownloader_fuer_no23-recorder.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\J\Downloads\historie\SoftonicDownloader_fuer_reaper.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
06.02.2013, 11:58
| #14 |
| /// Malware-holic | hijackthis editor datei erstellt, was nun? hi finger bitte weg von Softonic, lade Software nur beim hersteller. Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. wenn fertig, klicke auf Computer, Eigenschaften, dort prüfe ob das Servicepack 1 instaliert ist, sobald das der Fall ist, melden, bei Problemen natürlich auch.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 19:34
| #15 |
| | hijackthis editor datei erstellt, was nun? hello again  also service pack 1 ist drauf und automatische updates aktiviert... |
|
| Themen zu hijackthis editor datei erstellt, was nun? |
| arbeiten, datei, editor, einträge, erstell, erstellt, fixen, folge, folgende, helft, hijack, hijackthis, langsam, pup.offerbundler.st, rechner, rootkit.dropper, troja, trojaner, träge |
WARNUNG an die MITLESER: 
Linear-Darstellung
