|
Plagegeister aller Art und deren Bekämpfung: Telekom Brief, ZeuS/ZBotWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.02.2013, 20:53 | #1 |
| Telekom Brief, ZeuS/ZBot Guten Abend! Mein Vater bekam heute Post von der Telekom, dass sein Computer wahrscheinlich mit dem ZeuS/ZBot infiziert wäre. Ich hab mal malwarebytes (kein Fund) und OTL drüberlaufen lassen Hier die Logs MBAM Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.14.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: ADMIN-PC [Administrator] 14.02.2013 18:34:15 mbam-log-2013-02-14 (18-34-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 302997 Laufzeit: 11 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 14.02.2013 19:57:25 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wolfgang\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 52,56% Memory free 3,50 Gb Paging File | 2,50 Gb Available in Paging File | 71,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 129,86 Gb Free Space | 43,58% Space Free | Partition Type: NTFS Drive D: | 1397,26 Gb Total Space | 1397,09 Gb Free Space | 99,99% Space Free | Partition Type: NTFS Drive G: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,71% Space Free | Partition Type: FAT32 Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Wolfgang\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) PRC - C:\Programme\WinTV\TVServer\CaptureGenPCI.exe (Hauppauge Computer Works) PRC - C:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\WinTV\TVServer\HauppaugeTVServerps.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 49 CA 76 5E EB CD 01 [binary data] IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD 10 A2 57 64 08 CE 01 [binary data] IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE466 IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.06 11:07:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel) O4 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3C7CE36-5710-42DB-96A9-ACD2EBB0D24D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{480a5126-1b19-11df-9bc0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{480a5126-1b19-11df-9bc0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTOSTARTER.EXE O33 - MountPoints2\{783af817-1fbb-11df-bd25-90e6baa29dd8}\Shell - "" = AutoRun O33 - MountPoints2\{783af817-1fbb-11df-bd25-90e6baa29dd8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.14 18:33:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2013.02.14 18:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.14 18:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.14 18:32:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.14 18:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.14 18:32:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs [2013.02.13 13:50:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.13 13:50:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.13 13:50:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.13 13:50:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.13 13:50:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.13 13:50:33 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.13 13:50:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.13 13:50:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.13 13:18:57 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.13 13:18:50 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.13 13:18:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.13 13:18:48 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.13 13:18:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.14 19:55:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.14 19:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.14 18:37:07 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 18:37:07 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 18:35:15 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.14 18:35:15 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.14 18:35:15 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.14 18:35:15 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.14 18:32:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.14 18:29:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.14 18:29:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.14 18:29:34 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys [2013.02.13 17:22:41 | 000,443,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.11 13:57:25 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000016E6.LCS [2013.02.09 14:22:53 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.09 14:22:53 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.14 18:32:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.12 16:49:11 | 000,000,265 | ---- | C] () -- C:\Windows\HCWBlast.ini [2013.01.12 16:49:03 | 000,037,639 | ---- | C] () -- C:\Windows\Irremote.ini [2013.01.12 16:48:24 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe [2013.01.12 16:44:48 | 000,007,343 | ---- | C] () -- C:\Windows\HCWPNP.INI [2013.01.05 18:29:17 | 000,007,605 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2011.08.17 15:24:59 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.07.15 09:56:41 | 000,003,402 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.07.15 09:56:41 | 000,000,008 | RHS- | C] () -- C:\ProgramData\4008E34291.sys [2011.05.07 08:02:39 | 000,000,680 | RHS- | C] () -- C:\Users\Admin\ntuser.pol [2011.04.28 13:37:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2011.04.28 13:37:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2011.04.28 13:37:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2011.04.28 13:27:34 | 000,000,694 | ---- | C] () -- C:\Windows\SIERRA.INI ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.02.2013 19:57:25 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wolfgang\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 52,56% Memory free 3,50 Gb Paging File | 2,50 Gb Available in Paging File | 71,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 129,86 Gb Free Space | 43,58% Space Free | Partition Type: NTFS Drive D: | 1397,26 Gb Total Space | 1397,09 Gb Free Space | 99,99% Space Free | Partition Type: NTFS Drive G: | 3,71 Gb Total Space | 3,70 Gb Free Space | 99,71% Space Free | Partition Type: FAT32 Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05E55156-43BE-4BB7-88D9-DCC2992E5C76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0EA918B1-80D4-4CF5-9ED5-E8F99A2947B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3DA4231A-439A-41C8-80F0-B4060A652C78}" = rport=137 | protocol=17 | dir=out | app=system | "{46718B0A-D774-4DCC-9939-C64F59DFB6D9}" = lport=10243 | protocol=6 | dir=in | app=system | "{5265CF25-52C9-4DF3-BED3-87C55564144A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{554B2446-0A73-4B4F-A976-404B00233392}" = rport=445 | protocol=6 | dir=out | app=system | "{59C0C918-C771-4BE4-AE08-425C573EC2F1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5AD9193A-742B-48CB-B569-E17758997AA1}" = lport=138 | protocol=17 | dir=in | app=system | "{5FDA5DFA-5ABF-4EE0-B518-F19B7FD68DDE}" = rport=139 | protocol=6 | dir=out | app=system | "{6166C20D-42F8-422B-840B-6C5E4C16F24F}" = rport=138 | protocol=17 | dir=out | app=system | "{6AE81469-1084-4526-A004-CD5A8EFDEB50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{73D056E4-6F50-431C-AFE6-9436F09F519E}" = rport=10243 | protocol=6 | dir=out | app=system | "{7DEED581-FF27-42FB-93FD-B7967D0B4D06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{955C9D6A-CC54-4184-976A-75FAFAD0BBE8}" = lport=445 | protocol=6 | dir=in | app=system | "{AEDC005C-7315-4250-B3CB-70D7B9A4824B}" = lport=2869 | protocol=6 | dir=in | app=system | "{BAD756AF-39AC-4D07-8160-BAC43DDC5D5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C378D541-A76A-4889-954A-BB731F1CD41B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C5575710-B667-490C-901E-973C68C5F227}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DD64EC55-DE25-4334-B7E1-5BCDB06717F6}" = lport=137 | protocol=17 | dir=in | app=system | "{DE762E4B-647F-4BBA-8F30-D2D5E04C80B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E1DC544B-4A24-4962-8E6D-49C7145011AB}" = lport=139 | protocol=6 | dir=in | app=system | "{F44C94FA-93C7-4B8E-983C-AC855FA9A237}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FA6133C5-7917-41B7-99F6-686174A772B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C77E36-A68C-49C6-9D8D-18A0FF6384B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{15BBC5FB-C776-4C10-85AF-2D8222BFCA9D}" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "{17774AC7-7420-4570-882E-A1248AF25352}" = protocol=6 | dir=out | app=system | "{17A2814B-3F48-4504-9BB7-C59F2AE2AC3F}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | "{2880F5E3-508A-43A0-97D5-0981572336ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2BDC4D7F-8495-49B7-BE50-C93C3DDCD7C9}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | "{2C328582-5DBF-4BCD-BEC3-4719220EB44D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2C7ACEDD-B50A-4029-989C-0E5DB86BC325}" = dir=in | app=c:\program files\itunes\itunes.exe | "{328E626F-97F8-409D-9F57-0BBAB14F4329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3462274B-6F55-42F6-9B7D-266C8E307879}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{52443B6E-F118-417B-86DB-3A95D78B45E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5275D8DE-74A7-4253-BF9A-50DE96D2B90D}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | "{57CD6992-4B96-47E6-BF13-B770779EDA3A}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | "{5E19C4DF-2440-4390-9E4B-79AF7587A1D8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5FEA94EC-D8B6-4E20-A6A9-AF21EF575F87}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "{61582D76-F223-45D2-ACE2-BDC3F2FC6EE8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6884AE11-0214-49E1-80F2-9FD2B4BAB4A1}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{6B4A0A4C-D024-4F44-9569-EBC7164CA01C}" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "{6BC879F9-5566-4948-B136-BE501DF089A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7A8756BD-EED9-4EE6-930D-8516AC673953}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C712863-8421-4856-89D9-7666C6CEAFA1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{85F44710-37E0-4024-8E41-9A5ACBE2376A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{88F12741-6108-49D2-A080-C915C34157B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8F73838B-88F1-490B-ADED-66D4B3759401}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{97F483E8-8E7C-4D37-BE67-BB3F594C2E9A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{998507A4-4BE2-44EF-AE1D-3AE71A68D528}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A1911F59-6641-47C1-8FBD-6124017F9A26}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "{A7A024E4-45B1-42FD-A414-5AA9154E0010}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | "{AD70B6AD-B4AC-4D2E-B8F7-A2521D68354E}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "{BED77841-4B9C-46CC-8067-B401173D0B71}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | "{C1F05630-9B1A-4BA9-B360-48F167C51574}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C3F1EA9F-94AD-4F44-9B27-1A8F685ED347}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C515CA98-8640-4E71-91A6-896F15F259B9}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | "{C5DB04A4-C7C3-48EF-B3F6-EDEDEAE0F57B}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "{CBC73E50-857A-4EA7-9144-BE6CA2AA8FBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CBFCC461-9482-4707-A809-463F262D4E9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CFE6AAF2-ADFA-4C73-81A4-431A1A136328}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D739BA42-8071-40C4-A873-88CA1A5028F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{DEC5A4E7-B905-49D0-A3CF-FE46240DFA4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E12475F0-1D3D-4C3D-9A26-7EA6349427CB}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | "{EEE16410-25A3-4DEE-A184-3C5A93A0CD5F}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3 "{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1 "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10 "{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™ "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DA41E54-9526-40C0-8456-66B09379DFCC}" = PaintShop Photo Pro X3 Registration Incentive "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II "{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works "{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F888AAB-DDAD-45A8-9A61-FFAB7521DBDD}" = Ping Flipper "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™ "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes "{C7B8E06E-EBBC-4210-93AB-DFC8760E3FC9}" = Works Suite-Betriebssystem-Pack "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup "{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA "{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents "{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD "{D8C02397-E0EF-4891-820E-1547DCC6701B}" = ContentHD "{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share "{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO "{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro "{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3 "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9 "{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro "{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW "{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent "{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3D Live Pool_is1" = 3D Live Pool "3DJongg" = 3DJongg "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AmazingMahjongg3D" = AmazingMahjongg3D "Astro Fury" = Astro Fury "AutumnMahjongg" = AutumnMahjongg "BudRedhead" = BudRedhead "CityMahjongg" = CityMahjongg "ffdshow_is1" = ffdshow [rev 497] [2006-11-04] "FrozenMahjongg" = FrozenMahjongg "Google Chrome" = Google Chrome "Hauppauge WinTV 7" = Hauppauge WinTV 7 "InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™ "InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II "InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™ "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "Mah Jongg II" = Mah Jongg II "Mah-Jongger" = Mah-Jongger "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Memento Mori 2_is1" = Memento Mori 2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1) "NeoBall" = NeoBall "NetDevil_LEGO_Universe_is1" = LEGO Universe "OpenAL" = OpenAL "Patiencen + Solitaire" = Patiencen + Solitaire "PictureIt_v9" = Microsoft Picture It! Foto Premium 9 "PrivateMahjongg" = PrivateMahjongg "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Schmidt Mahjong" = Schmidt Mahjong "Shockwave" = Shockwave "Sierra Uninstall" = Sierra On-Line Games (Remove only) "Soccerstars" = Soccerstars "Stepok's One Click Wipe Basic_is1" = One Click Wipe Basic "SuperSoli" = SuperSoli "The Great Mahjongg" = The Great Mahjongg "tvbrowser" = TV-Browser 3.2.1 "Twilight Mahjongg" = Twilight Mahjongg "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Works2004Setup" = Setup-Start von Microsoft Works 2004 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18.12.2011 13:06:38 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.12.2011 11:03:47 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.12.2011 11:03:48 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.12.2011 14:57:10 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.12.2011 14:57:10 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 20.12.2011 06:17:18 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 20.12.2011 06:17:18 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 20.12.2011 17:38:50 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 11706 Description = Error - 21.12.2011 08:07:39 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 27.12.2011 17:17:23 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 11706 Description = [ System Events ] Error - 13.02.2013 08:11:09 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 13.02.2013 08:11:09 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 13.02.2013 12:22:35 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 13.02.2013 12:22:35 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 14.02.2013 13:29:38 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 14.02.2013 13:29:38 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 14.02.2013 13:55:15 | Computer Name = Admin-PC | Source = bowser | ID = 8003 Description = Error - 14.02.2013 14:11:10 | Computer Name = Admin-PC | Source = bowser | ID = 8003 Description = Error - 14.02.2013 14:47:09 | Computer Name = Admin-PC | Source = bowser | ID = 8003 Description = Error - 14.02.2013 15:11:11 | Computer Name = Admin-PC | Source = bowser | ID = 8003 Description = < End of report > Könnt ihr mir bitte weiterhelfen? Gruß Noobie10 |
15.02.2013, 11:15 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Telekom Brief, ZeuS/ZBot Hy,
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Wenn ja bitte alle nachreichen Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Anschließend Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
15.02.2013, 15:10 | #3 |
| Telekom Brief, ZeuS/ZBot Hallo Cosinus,
__________________vielen Dank für Deine schnelle Antwort. Auf dem Rechner ist das Programm von Microsoft security essentials installiert. Ich kann hier keine logs finden, habe aber folgende Meldungen gefunden: PWS:Win32/Fareit.gen!I in Process: pid: 1264 am 11.02 und PWS:Win32/Zbot.gen!AL in am 13.02 file:C:\Users\Wolfgang\AppData\Roaming\Axini\feupic.exe regkey:HKCU@S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\{59FBAEAF-4E74-AD7F-D6A6-5574EFFD7669} runkey:HKCU@S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\{59FBAEAF-4E74-AD7F-D6A6-5574EFFD7669} beide wurden in Quarantäne verschoben von heute war die Meldung, dass das Programm folgende Dateinen in der Qurantäne hat: Backdoor:Win32/Rbot PWS:Win32/Zbot PWS:Win32/Zbot.gen!AL Hier nun das Log von GMER Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-15 14:17:20 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT721032SLA360 rev.ST2OA3AA 298,09GB Running: gmer_2.0.18454.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys ---- Kernel code sections - GMER 2.0 ---- .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E628000, 0x2D5378, 0xE8000020] .vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9CEC969D] und vom malewarebytes Anti-Rootkit Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.02.15.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: ADMIN-PC [administrator] 15.02.2013 14:48:00 mbar-log-2013-02-15 (14-48-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30704 Time elapsed: 18 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Noobie10 |
15.02.2013, 15:38 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Telekom Brief, ZeuS/ZBot aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
16.02.2013, 15:23 | #5 |
| Telekom Brief, ZeuS/ZBot Hallo Cosinus, hier nun die nächsten Logs. aswMBR.exe Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-16 14:53:08 ----------------------------- 14:53:08.933 OS Version: Windows 6.1.7601 Service Pack 1 14:53:08.933 Number of processors: 2 586 0x4303 14:53:08.933 ComputerName: ADMIN-PC UserName: Admin 14:53:49.040 Initialize success 14:57:28.617 AVAST engine defs: 13021600 14:59:53.876 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 14:59:53.876 Disk 0 Vendor: Hitachi_HDT721032SLA360 ST2OA3AA Size: 305245MB BusType: 3 14:59:53.891 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2 14:59:53.891 Disk 1 Vendor: WDC_WD15EARX-00PASB0 51.0AB51 Size: 1430799MB BusType: 3 14:59:54.110 Disk 0 MBR read successfully 14:59:54.110 Disk 0 MBR scan 14:59:54.125 Disk 0 Windows 7 default MBR code 14:59:54.141 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 14:59:54.188 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848 14:59:54.203 Disk 0 scanning sectors +625139712 14:59:54.328 Disk 0 scanning C:\Windows\system32\drivers 15:00:33.221 Service scanning 15:00:47.933 Service MpKsl432d55ac c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67FB5C3C-503F-43F8-B234-4A6D5BA5A53C}\MpKsl432d55ac.sys **LOCKED** 32 15:01:04.734 Modules scanning 15:01:34.312 Disk 0 trace - called modules: 15:01:34.374 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys 15:01:34.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858bb810] 15:01:34.405 3 CLASSPNP.SYS[8859c59e] -> nt!IofCallDriver -> [0x857dc918] 15:01:34.421 5 ACPI.sys[8802a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857c0908] 15:01:36.075 AVAST engine scan C:\Windows 15:01:55.793 AVAST engine scan C:\Windows\system32 15:06:38.140 AVAST engine scan C:\Windows\system32\drivers 15:06:51.665 AVAST engine scan C:\Users\Admin 15:08:53.221 AVAST engine scan C:\ProgramData 15:12:07.160 Scan finished successfully 15:12:34.632 Disk 0 MBR has been saved successfully to "C:\Users\Wolfgang\Desktop\MBR.dat" 15:12:34.647 The log file has been saved successfully to "C:\Users\Wolfgang\Desktop\aswMBR.txt" Code:
ATTFilter 15:17:11.0092 3768 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 15:17:11.0373 3768 ============================================================ 15:17:11.0373 3768 Current date / time: 2013/02/16 15:17:11.0373 15:17:11.0373 3768 SystemInfo: 15:17:11.0373 3768 15:17:11.0373 3768 OS Version: 6.1.7601 ServicePack: 1.0 15:17:11.0373 3768 Product type: Workstation 15:17:11.0373 3768 ComputerName: ADMIN-PC 15:17:11.0373 3768 UserName: Admin 15:17:11.0373 3768 Windows directory: C:\Windows 15:17:11.0373 3768 System windows directory: C:\Windows 15:17:11.0373 3768 Processor architecture: Intel x86 15:17:11.0373 3768 Number of processors: 2 15:17:11.0373 3768 Page size: 0x1000 15:17:11.0373 3768 Boot type: Normal boot 15:17:11.0373 3768 ============================================================ 15:17:13.0213 3768 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:17:13.0213 3768 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:17:13.0354 3768 ============================================================ 15:17:13.0354 3768 \Device\Harddisk0\DR0: 15:17:13.0354 3768 MBR partitions: 15:17:13.0354 3768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 15:17:13.0354 3768 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800 15:17:13.0354 3768 \Device\Harddisk1\DR1: 15:17:13.0354 3768 MBR partitions: 15:17:13.0354 3768 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800 15:17:13.0354 3768 ============================================================ 15:17:13.0385 3768 C: <-> \Device\Harddisk0\DR0\Partition2 15:17:13.0806 3768 D: <-> \Device\Harddisk1\DR1\Partition1 15:17:13.0806 3768 ============================================================ 15:17:13.0806 3768 Initialize success 15:17:13.0806 3768 ============================================================ 15:17:56.0177 2680 ============================================================ 15:17:56.0177 2680 Scan started 15:17:56.0177 2680 Mode: Manual; SigCheck; TDLFS; 15:17:56.0177 2680 ============================================================ 15:17:58.0002 2680 ================ Scan system memory ======================== 15:17:58.0002 2680 System memory - ok 15:17:58.0002 2680 ================ Scan services ============================= 15:17:58.0174 2680 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 15:17:58.0220 2680 1394ohci - ok 15:17:58.0267 2680 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys 15:17:58.0501 2680 acedrv11 - ok 15:17:58.0532 2680 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:17:58.0548 2680 ACPI - ok 15:17:58.0595 2680 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:17:58.0642 2680 AcpiPmi - ok 15:17:58.0751 2680 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 15:17:58.0782 2680 AdobeARMservice - ok 15:17:58.0876 2680 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:17:58.0891 2680 AdobeFlashPlayerUpdateSvc - ok 15:17:58.0954 2680 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 15:17:58.0969 2680 adp94xx - ok 15:17:59.0000 2680 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 15:17:59.0016 2680 adpahci - ok 15:17:59.0032 2680 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 15:17:59.0047 2680 adpu320 - ok 15:17:59.0078 2680 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:17:59.0110 2680 AeLookupSvc - ok 15:17:59.0172 2680 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 15:17:59.0203 2680 AFD - ok 15:17:59.0250 2680 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 15:17:59.0250 2680 agp440 - ok 15:17:59.0297 2680 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 15:17:59.0328 2680 aic78xx - ok 15:17:59.0375 2680 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 15:17:59.0390 2680 ALG - ok 15:17:59.0422 2680 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 15:17:59.0437 2680 aliide - ok 15:17:59.0484 2680 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 15:17:59.0500 2680 AMD External Events Utility - ok 15:17:59.0562 2680 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 15:17:59.0562 2680 amdagp - ok 15:17:59.0593 2680 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 15:17:59.0593 2680 amdide - ok 15:17:59.0640 2680 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 15:17:59.0656 2680 AmdK8 - ok 15:17:59.0671 2680 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 15:17:59.0687 2680 AmdPPM - ok 15:17:59.0718 2680 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:17:59.0718 2680 amdsata - ok 15:17:59.0749 2680 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 15:17:59.0765 2680 amdsbs - ok 15:17:59.0780 2680 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:17:59.0796 2680 amdxata - ok 15:17:59.0843 2680 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 15:17:59.0952 2680 AppID - ok 15:17:59.0999 2680 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:18:00.0077 2680 AppIDSvc - ok 15:18:00.0108 2680 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 15:18:00.0139 2680 Appinfo - ok 15:18:00.0280 2680 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:18:00.0295 2680 Apple Mobile Device - ok 15:18:00.0342 2680 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 15:18:00.0358 2680 arc - ok 15:18:00.0373 2680 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 15:18:00.0389 2680 arcsas - ok 15:18:00.0420 2680 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:18:00.0482 2680 AsyncMac - ok 15:18:00.0529 2680 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 15:18:00.0545 2680 atapi - ok 15:18:00.0654 2680 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 15:18:00.0748 2680 atikmdag - ok 15:18:00.0794 2680 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:18:00.0888 2680 AudioEndpointBuilder - ok 15:18:00.0904 2680 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 15:18:00.0935 2680 Audiosrv - ok 15:18:00.0966 2680 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:18:01.0013 2680 AxInstSV - ok 15:18:01.0060 2680 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 15:18:01.0075 2680 b06bdrv - ok 15:18:01.0106 2680 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 15:18:01.0122 2680 b57nd60x - ok 15:18:01.0153 2680 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 15:18:01.0216 2680 BDESVC - ok 15:18:01.0231 2680 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 15:18:01.0247 2680 Beep - ok 15:18:01.0294 2680 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 15:18:01.0325 2680 BFE - ok 15:18:01.0372 2680 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 15:18:01.0418 2680 BITS - ok 15:18:01.0450 2680 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 15:18:01.0465 2680 blbdrive - ok 15:18:01.0574 2680 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:18:01.0606 2680 Bonjour Service - ok 15:18:01.0668 2680 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:18:01.0684 2680 bowser - ok 15:18:01.0699 2680 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:18:01.0762 2680 BrFiltLo - ok 15:18:01.0777 2680 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:18:01.0808 2680 BrFiltUp - ok 15:18:01.0840 2680 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 15:18:01.0855 2680 Browser - ok 15:18:01.0855 2680 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:18:01.0886 2680 Brserid - ok 15:18:01.0902 2680 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:18:01.0933 2680 BrSerWdm - ok 15:18:01.0933 2680 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:18:01.0949 2680 BrUsbMdm - ok 15:18:01.0964 2680 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:18:01.0980 2680 BrUsbSer - ok 15:18:01.0996 2680 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 15:18:02.0027 2680 BTHMODEM - ok 15:18:02.0074 2680 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 15:18:02.0120 2680 bthserv - ok 15:18:02.0167 2680 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:18:02.0230 2680 cdfs - ok 15:18:02.0292 2680 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys 15:18:02.0308 2680 cdrom - ok 15:18:02.0370 2680 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 15:18:02.0401 2680 CertPropSvc - ok 15:18:02.0432 2680 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 15:18:02.0448 2680 circlass - ok 15:18:02.0464 2680 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 15:18:02.0479 2680 CLFS - ok 15:18:02.0557 2680 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:18:02.0557 2680 clr_optimization_v2.0.50727_32 - ok 15:18:02.0651 2680 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:18:02.0666 2680 clr_optimization_v4.0.30319_32 - ok 15:18:02.0682 2680 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:18:02.0682 2680 CmBatt - ok 15:18:02.0729 2680 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:18:02.0760 2680 cmdide - ok 15:18:02.0807 2680 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 15:18:02.0854 2680 CNG - ok 15:18:02.0869 2680 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:18:02.0885 2680 Compbatt - ok 15:18:02.0900 2680 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 15:18:02.0932 2680 CompositeBus - ok 15:18:02.0947 2680 COMSysApp - ok 15:18:02.0978 2680 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 15:18:02.0994 2680 crcdisk - ok 15:18:03.0056 2680 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:18:03.0072 2680 CryptSvc - ok 15:18:03.0119 2680 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 15:18:03.0166 2680 DcomLaunch - ok 15:18:03.0197 2680 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 15:18:03.0228 2680 defragsvc - ok 15:18:03.0275 2680 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:18:03.0322 2680 DfsC - ok 15:18:03.0368 2680 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 15:18:03.0384 2680 Dhcp - ok 15:18:03.0415 2680 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 15:18:03.0446 2680 discache - ok 15:18:03.0478 2680 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 15:18:03.0493 2680 Disk - ok 15:18:03.0524 2680 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:18:03.0571 2680 Dnscache - ok 15:18:03.0618 2680 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 15:18:03.0680 2680 dot3svc - ok 15:18:03.0727 2680 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 15:18:03.0774 2680 DPS - ok 15:18:03.0790 2680 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:18:03.0805 2680 drmkaud - ok 15:18:03.0852 2680 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:18:03.0868 2680 DXGKrnl - ok 15:18:03.0914 2680 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 15:18:03.0946 2680 EapHost - ok 15:18:04.0008 2680 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 15:18:04.0070 2680 ebdrv - ok 15:18:04.0117 2680 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 15:18:04.0148 2680 EFS - ok 15:18:04.0242 2680 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:18:04.0304 2680 ehRecvr - ok 15:18:04.0336 2680 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 15:18:04.0351 2680 ehSched - ok 15:18:04.0414 2680 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 15:18:04.0429 2680 elxstor - ok 15:18:04.0460 2680 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:18:04.0492 2680 ErrDev - ok 15:18:04.0538 2680 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 15:18:04.0585 2680 EventSystem - ok 15:18:04.0616 2680 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 15:18:04.0648 2680 exfat - ok 15:18:04.0663 2680 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:18:04.0679 2680 fastfat - ok 15:18:04.0741 2680 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 15:18:04.0772 2680 Fax - ok 15:18:04.0804 2680 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:18:04.0804 2680 fdc - ok 15:18:04.0835 2680 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 15:18:04.0850 2680 fdPHost - ok 15:18:04.0866 2680 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 15:18:04.0897 2680 FDResPub - ok 15:18:04.0928 2680 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:18:04.0944 2680 FileInfo - ok 15:18:04.0944 2680 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:18:04.0991 2680 Filetrace - ok 15:18:05.0006 2680 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:18:05.0022 2680 flpydisk - ok 15:18:05.0053 2680 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:18:05.0069 2680 FltMgr - ok 15:18:05.0116 2680 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll 15:18:05.0194 2680 FontCache - ok 15:18:05.0240 2680 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:18:05.0256 2680 FontCache3.0.0.0 - ok 15:18:05.0287 2680 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:18:05.0303 2680 FsDepends - ok 15:18:05.0334 2680 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:18:05.0350 2680 Fs_Rec - ok 15:18:05.0412 2680 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:18:05.0428 2680 fvevol - ok 15:18:05.0459 2680 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 15:18:05.0474 2680 gagp30kx - ok 15:18:05.0521 2680 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:18:05.0521 2680 GEARAspiWDM - ok 15:18:05.0568 2680 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 15:18:05.0615 2680 gpsvc - ok 15:18:05.0724 2680 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 15:18:05.0740 2680 gupdate - ok 15:18:05.0740 2680 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 15:18:05.0755 2680 gupdatem - ok 15:18:05.0802 2680 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:18:05.0833 2680 gusvc - ok 15:18:05.0989 2680 [ CCEEE2B29DC6A6F6F702D282CA407033 ] HauppaugeTVServer C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe 15:18:06.0208 2680 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning 15:18:06.0208 2680 HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1) 15:18:06.0223 2680 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:18:06.0239 2680 hcw85cir - ok 15:18:06.0317 2680 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:18:06.0348 2680 HdAudAddService - ok 15:18:06.0364 2680 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 15:18:06.0379 2680 HDAudBus - ok 15:18:06.0379 2680 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 15:18:06.0410 2680 HidBatt - ok 15:18:06.0410 2680 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 15:18:06.0442 2680 HidBth - ok 15:18:06.0473 2680 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 15:18:06.0488 2680 HidIr - ok 15:18:06.0504 2680 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 15:18:06.0551 2680 hidserv - ok 15:18:06.0629 2680 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:18:06.0644 2680 HidUsb - ok 15:18:06.0691 2680 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:18:06.0769 2680 hkmsvc - ok 15:18:06.0800 2680 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:18:06.0847 2680 HomeGroupListener - ok 15:18:06.0878 2680 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:18:06.0925 2680 HomeGroupProvider - ok 15:18:06.0988 2680 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:18:07.0003 2680 HpSAMD - ok 15:18:07.0066 2680 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:18:07.0081 2680 HTTP - ok 15:18:07.0112 2680 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:18:07.0112 2680 hwpolicy - ok 15:18:07.0175 2680 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 15:18:07.0190 2680 i8042prt - ok 15:18:07.0206 2680 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:18:07.0222 2680 iaStorV - ok 15:18:07.0300 2680 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:18:07.0346 2680 idsvc - ok 15:18:07.0409 2680 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 15:18:07.0409 2680 iirsp - ok 15:18:07.0487 2680 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 15:18:07.0534 2680 IKEEXT - ok 15:18:07.0565 2680 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 15:18:07.0580 2680 intelide - ok 15:18:07.0612 2680 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:18:07.0627 2680 intelppm - ok 15:18:07.0658 2680 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:18:07.0705 2680 IPBusEnum - ok 15:18:07.0705 2680 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:18:07.0736 2680 IpFilterDriver - ok 15:18:07.0799 2680 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:18:07.0830 2680 iphlpsvc - ok 15:18:07.0877 2680 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 15:18:07.0924 2680 IPMIDRV - ok 15:18:07.0955 2680 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:18:08.0002 2680 IPNAT - ok 15:18:08.0080 2680 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:18:08.0095 2680 iPod Service - ok 15:18:08.0126 2680 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:18:08.0142 2680 IRENUM - ok 15:18:08.0189 2680 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:18:08.0204 2680 isapnp - ok 15:18:08.0220 2680 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 15:18:08.0236 2680 iScsiPrt - ok 15:18:08.0267 2680 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:18:08.0267 2680 kbdclass - ok 15:18:08.0298 2680 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:18:08.0314 2680 kbdhid - ok 15:18:08.0345 2680 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 15:18:08.0345 2680 KeyIso - ok 15:18:08.0376 2680 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:18:08.0392 2680 KSecDD - ok 15:18:08.0423 2680 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:18:08.0438 2680 KSecPkg - ok 15:18:08.0470 2680 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 15:18:08.0501 2680 KtmRm - ok 15:18:08.0532 2680 [ F7CDABA15C7E853F0A11AF6D77FCA990 ] L1E C:\Windows\system32\DRIVERS\L1E62x86.sys 15:18:08.0548 2680 L1E - ok 15:18:08.0594 2680 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 15:18:08.0672 2680 LanmanServer - ok 15:18:08.0704 2680 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:18:08.0735 2680 LanmanWorkstation - ok 15:18:08.0782 2680 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:18:08.0797 2680 lltdio - ok 15:18:08.0828 2680 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:18:08.0875 2680 lltdsvc - ok 15:18:08.0906 2680 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 15:18:08.0938 2680 lmhosts - ok 15:18:08.0969 2680 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 15:18:08.0984 2680 LSI_FC - ok 15:18:09.0000 2680 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 15:18:09.0000 2680 LSI_SAS - ok 15:18:09.0016 2680 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:18:09.0031 2680 LSI_SAS2 - ok 15:18:09.0062 2680 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:18:09.0078 2680 LSI_SCSI - ok 15:18:09.0094 2680 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 15:18:09.0125 2680 luafv - ok 15:18:09.0156 2680 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:18:09.0187 2680 Mcx2Svc - ok 15:18:09.0218 2680 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 15:18:09.0250 2680 megasas - ok 15:18:09.0265 2680 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 15:18:09.0281 2680 MegaSR - ok 15:18:09.0328 2680 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 15:18:09.0359 2680 MMCSS - ok 15:18:09.0374 2680 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 15:18:09.0406 2680 Modem - ok 15:18:09.0437 2680 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:18:09.0452 2680 monitor - ok 15:18:09.0484 2680 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:18:09.0499 2680 mouclass - ok 15:18:09.0530 2680 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:18:09.0562 2680 mouhid - ok 15:18:09.0593 2680 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:18:09.0608 2680 mountmgr - ok 15:18:09.0671 2680 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 15:18:09.0718 2680 MpFilter - ok 15:18:09.0764 2680 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 15:18:09.0796 2680 mpio - ok 15:18:09.0796 2680 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:18:09.0842 2680 mpsdrv - ok 15:18:09.0889 2680 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:18:09.0936 2680 MpsSvc - ok 15:18:09.0983 2680 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:18:09.0998 2680 MRxDAV - ok 15:18:10.0045 2680 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:18:10.0076 2680 mrxsmb - ok 15:18:10.0123 2680 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:18:10.0170 2680 mrxsmb10 - ok 15:18:10.0201 2680 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:18:10.0232 2680 mrxsmb20 - ok 15:18:10.0279 2680 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 15:18:10.0295 2680 msahci - ok 15:18:10.0310 2680 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:18:10.0326 2680 msdsm - ok 15:18:10.0373 2680 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 15:18:10.0404 2680 MSDTC - ok 15:18:10.0435 2680 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:18:10.0451 2680 Msfs - ok 15:18:10.0466 2680 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:18:10.0498 2680 mshidkmdf - ok 15:18:10.0529 2680 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:18:10.0529 2680 msisadrv - ok 15:18:10.0591 2680 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:18:10.0638 2680 MSiSCSI - ok 15:18:10.0654 2680 msiserver - ok 15:18:10.0654 2680 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:18:10.0685 2680 MSKSSRV - ok 15:18:10.0794 2680 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 15:18:10.0825 2680 MsMpSvc - ok 15:18:10.0856 2680 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:18:10.0888 2680 MSPCLOCK - ok 15:18:10.0903 2680 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:18:10.0934 2680 MSPQM - ok 15:18:10.0950 2680 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:18:10.0966 2680 MsRPC - ok 15:18:11.0012 2680 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 15:18:11.0028 2680 mssmbios - ok 15:18:11.0028 2680 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:18:11.0059 2680 MSTEE - ok 15:18:11.0075 2680 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 15:18:11.0075 2680 MTConfig - ok 15:18:11.0106 2680 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 15:18:11.0122 2680 MTsensor - ok 15:18:11.0137 2680 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 15:18:11.0137 2680 Mup - ok 15:18:11.0184 2680 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 15:18:11.0200 2680 napagent - ok 15:18:11.0246 2680 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:18:11.0293 2680 NativeWifiP - ok 15:18:11.0356 2680 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:18:11.0387 2680 NDIS - ok 15:18:11.0387 2680 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:18:11.0434 2680 NdisCap - ok 15:18:11.0465 2680 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:18:11.0512 2680 NdisTapi - ok 15:18:11.0543 2680 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:18:11.0558 2680 Ndisuio - ok 15:18:11.0590 2680 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:18:11.0636 2680 NdisWan - ok 15:18:11.0668 2680 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:18:11.0714 2680 NDProxy - ok 15:18:11.0730 2680 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:18:11.0761 2680 NetBIOS - ok 15:18:11.0808 2680 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:18:11.0902 2680 NetBT - ok 15:18:11.0933 2680 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 15:18:11.0933 2680 Netlogon - ok 15:18:11.0980 2680 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 15:18:12.0026 2680 Netman - ok 15:18:12.0042 2680 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 15:18:12.0073 2680 netprofm - ok 15:18:12.0120 2680 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:18:12.0136 2680 NetTcpPortSharing - ok 15:18:12.0167 2680 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 15:18:12.0182 2680 nfrd960 - ok 15:18:12.0245 2680 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:18:12.0260 2680 NisDrv - ok 15:18:12.0307 2680 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 15:18:12.0323 2680 NisSrv - ok 15:18:12.0354 2680 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 15:18:12.0385 2680 NlaSvc - ok 15:18:12.0401 2680 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:18:12.0432 2680 Npfs - ok 15:18:12.0448 2680 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 15:18:12.0463 2680 nsi - ok 15:18:12.0494 2680 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:18:12.0526 2680 nsiproxy - ok 15:18:12.0604 2680 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:18:12.0666 2680 Ntfs - ok 15:18:12.0682 2680 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 15:18:12.0713 2680 Null - ok 15:18:12.0775 2680 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:18:12.0791 2680 nvraid - ok 15:18:12.0822 2680 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:18:12.0838 2680 nvstor - ok 15:18:12.0853 2680 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:18:12.0869 2680 nv_agp - ok 15:18:12.0884 2680 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:18:12.0900 2680 ohci1394 - ok 15:18:12.0916 2680 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:18:12.0947 2680 p2pimsvc - ok 15:18:12.0978 2680 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 15:18:12.0994 2680 p2psvc - ok 15:18:13.0009 2680 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 15:18:13.0040 2680 Parport - ok 15:18:13.0072 2680 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:18:13.0087 2680 partmgr - ok 15:18:13.0103 2680 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 15:18:13.0118 2680 Parvdm - ok 15:18:13.0134 2680 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:18:13.0150 2680 PcaSvc - ok 15:18:13.0196 2680 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 15:18:13.0228 2680 pci - ok 15:18:13.0259 2680 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 15:18:13.0274 2680 pciide - ok 15:18:13.0306 2680 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 15:18:13.0321 2680 pcmcia - ok 15:18:13.0337 2680 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 15:18:13.0352 2680 pcw - ok 15:18:13.0384 2680 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:18:13.0462 2680 PEAUTH - ok 15:18:13.0555 2680 [ 8B7AEC0ABA77DE5D2FEAC1824C15A3FA ] Ph3xIB32 C:\Windows\system32\DRIVERS\Ph3xIB32.sys 15:18:13.0586 2680 Ph3xIB32 - ok 15:18:13.0649 2680 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 15:18:13.0696 2680 pla - ok 15:18:13.0758 2680 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:18:13.0774 2680 PlugPlay - ok 15:18:13.0805 2680 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:18:13.0852 2680 PNRPAutoReg - ok 15:18:13.0883 2680 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:18:13.0914 2680 PNRPsvc - ok 15:18:13.0945 2680 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:18:13.0976 2680 PolicyAgent - ok 15:18:14.0008 2680 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 15:18:14.0023 2680 Power - ok 15:18:14.0086 2680 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:18:14.0117 2680 PptpMiniport - ok 15:18:14.0132 2680 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 15:18:14.0164 2680 Processor - ok 15:18:14.0210 2680 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 15:18:14.0242 2680 ProfSvc - ok 15:18:14.0273 2680 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:18:14.0288 2680 ProtectedStorage - ok 15:18:14.0320 2680 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:18:14.0335 2680 Psched - ok 15:18:14.0413 2680 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 15:18:14.0444 2680 PSI_SVC_2 - ok 15:18:14.0522 2680 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 15:18:14.0569 2680 ql2300 - ok 15:18:14.0600 2680 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 15:18:14.0616 2680 ql40xx - ok 15:18:14.0632 2680 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 15:18:14.0663 2680 QWAVE - ok 15:18:14.0694 2680 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:18:14.0694 2680 QWAVEdrv - ok 15:18:14.0788 2680 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 15:18:14.0788 2680 RapiMgr - ok 15:18:14.0803 2680 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:18:14.0850 2680 RasAcd - ok 15:18:14.0866 2680 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:18:14.0897 2680 RasAgileVpn - ok 15:18:14.0928 2680 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 15:18:14.0944 2680 RasAuto - ok 15:18:14.0975 2680 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:18:15.0006 2680 Rasl2tp - ok 15:18:15.0100 2680 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 15:18:15.0178 2680 RasMan - ok 15:18:15.0193 2680 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:18:15.0240 2680 RasPppoe - ok 15:18:15.0256 2680 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:18:15.0287 2680 RasSstp - ok 15:18:15.0318 2680 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:18:15.0365 2680 rdbss - ok 15:18:15.0365 2680 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 15:18:15.0380 2680 rdpbus - ok 15:18:15.0412 2680 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:18:15.0474 2680 RDPCDD - ok 15:18:15.0490 2680 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:18:15.0505 2680 RDPENCDD - ok 15:18:15.0536 2680 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:18:15.0552 2680 RDPREFMP - ok 15:18:15.0599 2680 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:18:15.0630 2680 RDPWD - ok 15:18:15.0677 2680 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:18:15.0708 2680 rdyboost - ok 15:18:15.0755 2680 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 15:18:15.0833 2680 RemoteAccess - ok 15:18:15.0864 2680 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:18:15.0911 2680 RemoteRegistry - ok 15:18:15.0942 2680 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:18:15.0989 2680 RpcEptMapper - ok 15:18:16.0004 2680 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 15:18:16.0036 2680 RpcLocator - ok 15:18:16.0067 2680 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 15:18:16.0082 2680 RpcSs - ok 15:18:16.0129 2680 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:18:16.0145 2680 rspndr - ok 15:18:16.0176 2680 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 15:18:16.0192 2680 SamSs - ok 15:18:16.0238 2680 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:18:16.0254 2680 sbp2port - ok 15:18:16.0285 2680 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:18:16.0316 2680 SCardSvr - ok 15:18:16.0332 2680 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:18:16.0348 2680 scfilter - ok 15:18:16.0410 2680 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 15:18:16.0488 2680 Schedule - ok 15:18:16.0519 2680 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:18:16.0535 2680 SCPolicySvc - ok 15:18:16.0566 2680 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:18:16.0613 2680 SDRSVC - ok 15:18:16.0644 2680 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:18:16.0675 2680 secdrv - ok 15:18:16.0691 2680 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 15:18:16.0738 2680 seclogon - ok 15:18:16.0769 2680 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 15:18:16.0784 2680 SENS - ok 15:18:16.0816 2680 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:18:16.0831 2680 SensrSvc - ok 15:18:16.0847 2680 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 15:18:16.0847 2680 Serenum - ok 15:18:16.0894 2680 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 15:18:16.0909 2680 Serial - ok 15:18:16.0940 2680 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 15:18:16.0972 2680 sermouse - ok 15:18:17.0018 2680 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 15:18:17.0065 2680 SessionEnv - ok 15:18:17.0081 2680 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:18:17.0128 2680 sffdisk - ok 15:18:17.0159 2680 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:18:17.0190 2680 sffp_mmc - ok 15:18:17.0206 2680 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:18:17.0221 2680 sffp_sd - ok 15:18:17.0252 2680 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 15:18:17.0268 2680 sfloppy - ok 15:18:17.0299 2680 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:18:17.0346 2680 SharedAccess - ok 15:18:17.0377 2680 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:18:17.0424 2680 ShellHWDetection - ok 15:18:17.0471 2680 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 15:18:17.0471 2680 sisagp - ok 15:18:17.0518 2680 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:18:17.0533 2680 SiSRaid2 - ok 15:18:17.0549 2680 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 15:18:17.0564 2680 SiSRaid4 - ok 15:18:17.0596 2680 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:18:17.0611 2680 Smb - ok 15:18:17.0658 2680 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:18:17.0674 2680 SNMPTRAP - ok 15:18:17.0689 2680 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 15:18:17.0689 2680 spldr - ok 15:18:17.0736 2680 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 15:18:17.0814 2680 Spooler - ok 15:18:17.0908 2680 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 15:18:17.0970 2680 sppsvc - ok 15:18:18.0001 2680 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:18:18.0095 2680 sppuinotify - ok 15:18:18.0110 2680 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 15:18:18.0157 2680 srv - ok 15:18:18.0173 2680 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:18:18.0204 2680 srv2 - ok 15:18:18.0235 2680 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:18:18.0266 2680 srvnet - ok 15:18:18.0298 2680 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:18:18.0313 2680 SSDPSRV - ok 15:18:18.0329 2680 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:18:18.0360 2680 SstpSvc - ok 15:18:18.0391 2680 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 15:18:18.0391 2680 stexstor - ok 15:18:18.0438 2680 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 15:18:18.0485 2680 StiSvc - ok 15:18:18.0532 2680 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 15:18:18.0532 2680 swenum - ok 15:18:18.0578 2680 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 15:18:18.0610 2680 swprv - ok 15:18:18.0672 2680 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 15:18:18.0734 2680 SysMain - ok 15:18:18.0766 2680 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:18:18.0797 2680 TabletInputService - ok 15:18:18.0844 2680 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 15:18:18.0875 2680 TapiSrv - ok 15:18:18.0906 2680 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 15:18:18.0937 2680 TBS - ok 15:18:19.0031 2680 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:18:19.0062 2680 Tcpip - ok 15:18:19.0078 2680 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:18:19.0109 2680 TCPIP6 - ok 15:18:19.0156 2680 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:18:19.0171 2680 tcpipreg - ok 15:18:19.0218 2680 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:18:19.0265 2680 TDPIPE - ok 15:18:19.0312 2680 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:18:19.0358 2680 TDTCP - ok 15:18:19.0390 2680 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:18:19.0421 2680 tdx - ok 15:18:19.0452 2680 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 15:18:19.0468 2680 TermDD - ok 15:18:19.0530 2680 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 15:18:19.0561 2680 TermService - ok 15:18:19.0608 2680 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 15:18:19.0624 2680 Themes - ok 15:18:19.0639 2680 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 15:18:19.0655 2680 THREADORDER - ok 15:18:19.0655 2680 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 15:18:19.0702 2680 TrkWks - ok 15:18:19.0764 2680 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:18:19.0795 2680 TrustedInstaller - ok 15:18:19.0826 2680 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:18:19.0858 2680 tssecsrv - ok 15:18:19.0951 2680 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:18:19.0982 2680 TsUsbFlt - ok 15:18:20.0045 2680 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:18:20.0092 2680 tunnel - ok 15:18:20.0123 2680 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 15:18:20.0123 2680 uagp35 - ok 15:18:20.0170 2680 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:18:20.0216 2680 udfs - ok 15:18:20.0232 2680 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:18:20.0263 2680 UI0Detect - ok 15:18:20.0310 2680 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:18:20.0326 2680 uliagpkx - ok 15:18:20.0341 2680 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 15:18:20.0357 2680 umbus - ok 15:18:20.0372 2680 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 15:18:20.0388 2680 UmPass - ok 15:18:20.0404 2680 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 15:18:20.0435 2680 upnphost - ok 15:18:20.0482 2680 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 15:18:20.0528 2680 USBAAPL - ok 15:18:20.0560 2680 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:18:20.0606 2680 usbccgp - ok 15:18:20.0653 2680 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:18:20.0684 2680 usbcir - ok 15:18:20.0716 2680 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:18:20.0716 2680 usbehci - ok 15:18:20.0762 2680 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:18:20.0794 2680 usbhub - ok 15:18:20.0840 2680 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 15:18:20.0872 2680 usbohci - ok 15:18:20.0887 2680 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:18:20.0903 2680 usbprint - ok 15:18:20.0918 2680 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 15:18:20.0950 2680 usbscan - ok 15:18:20.0965 2680 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:18:20.0996 2680 USBSTOR - ok 15:18:21.0012 2680 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 15:18:21.0059 2680 usbuhci - ok 15:18:21.0090 2680 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 15:18:21.0168 2680 UxSms - ok 15:18:21.0199 2680 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 15:18:21.0199 2680 VaultSvc - ok 15:18:21.0230 2680 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:18:21.0246 2680 vdrvroot - ok 15:18:21.0293 2680 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 15:18:21.0324 2680 vds - ok 15:18:21.0355 2680 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:18:21.0371 2680 vga - ok 15:18:21.0386 2680 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 15:18:21.0402 2680 VgaSave - ok 15:18:21.0449 2680 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:18:21.0464 2680 vhdmp - ok 15:18:21.0496 2680 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 15:18:21.0511 2680 viaagp - ok 15:18:21.0511 2680 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 15:18:21.0527 2680 ViaC7 - ok 15:18:21.0558 2680 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 15:18:21.0558 2680 viaide - ok 15:18:21.0605 2680 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:18:21.0605 2680 volmgr - ok 15:18:21.0636 2680 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:18:21.0652 2680 volmgrx - ok 15:18:21.0667 2680 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:18:21.0683 2680 volsnap - ok 15:18:21.0730 2680 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 15:18:21.0730 2680 vsmraid - ok 15:18:21.0776 2680 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 15:18:21.0808 2680 VSS - ok 15:18:21.0823 2680 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 15:18:21.0854 2680 vwifibus - ok 15:18:21.0886 2680 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 15:18:21.0917 2680 W32Time - ok 15:18:21.0948 2680 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 15:18:21.0948 2680 WacomPen - ok 15:18:21.0995 2680 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:18:22.0073 2680 WANARP - ok 15:18:22.0088 2680 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:18:22.0120 2680 Wanarpv6 - ok 15:18:22.0213 2680 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 15:18:22.0244 2680 WatAdminSvc - ok 15:18:22.0291 2680 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 15:18:22.0338 2680 wbengine - ok 15:18:22.0369 2680 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:18:22.0400 2680 WbioSrvc - ok 15:18:22.0447 2680 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 15:18:22.0463 2680 WcesComm - ok 15:18:22.0510 2680 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:18:22.0556 2680 wcncsvc - ok 15:18:22.0588 2680 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:18:22.0619 2680 WcsPlugInService - ok 15:18:22.0650 2680 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 15:18:22.0666 2680 Wd - ok 15:18:22.0728 2680 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:18:22.0744 2680 Wdf01000 - ok 15:18:22.0775 2680 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:18:22.0790 2680 WdiServiceHost - ok 15:18:22.0790 2680 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:18:22.0806 2680 WdiSystemHost - ok 15:18:22.0853 2680 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 15:18:22.0884 2680 WebClient - ok 15:18:22.0915 2680 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:18:22.0946 2680 Wecsvc - ok 15:18:22.0962 2680 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:18:23.0009 2680 wercplsupport - ok 15:18:23.0040 2680 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 15:18:23.0071 2680 WerSvc - ok 15:18:23.0102 2680 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:18:23.0118 2680 WfpLwf - ok 15:18:23.0134 2680 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:18:23.0149 2680 WIMMount - ok 15:18:23.0196 2680 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 15:18:23.0227 2680 WinDefend - ok 15:18:23.0227 2680 WinHttpAutoProxySvc - ok 15:18:23.0290 2680 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:18:23.0336 2680 Winmgmt - ok 15:18:23.0399 2680 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 15:18:23.0492 2680 WinRM - ok 15:18:23.0555 2680 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WINUSB C:\Windows\system32\drivers\WinUSB.SYS 15:18:23.0586 2680 WINUSB - ok 15:18:23.0617 2680 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 15:18:23.0648 2680 Wlansvc - ok 15:18:23.0695 2680 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:18:23.0726 2680 WmiAcpi - ok 15:18:23.0758 2680 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:18:23.0773 2680 wmiApSrv - ok 15:18:23.0867 2680 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 15:18:23.0945 2680 WMPNetworkSvc - ok 15:18:23.0976 2680 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:18:24.0007 2680 WPCSvc - ok 15:18:24.0054 2680 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:18:24.0070 2680 WPDBusEnum - ok 15:18:24.0101 2680 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:18:24.0132 2680 ws2ifsl - ok 15:18:24.0148 2680 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 15:18:24.0163 2680 wscsvc - ok 15:18:24.0179 2680 WSearch - ok 15:18:24.0241 2680 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 15:18:24.0288 2680 wuauserv - ok 15:18:24.0319 2680 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:18:24.0335 2680 WudfPf - ok 15:18:24.0366 2680 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:18:24.0366 2680 WUDFRd - ok 15:18:24.0413 2680 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:18:24.0460 2680 wudfsvc - ok 15:18:24.0491 2680 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 15:18:24.0538 2680 WwanSvc - ok 15:18:24.0569 2680 ================ Scan global =============================== 15:18:24.0600 2680 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 15:18:24.0647 2680 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 15:18:24.0725 2680 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 15:18:24.0756 2680 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 15:18:24.0772 2680 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 15:18:24.0772 2680 [Global] - ok 15:18:24.0772 2680 ================ Scan MBR ================================== 15:18:24.0787 2680 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:18:24.0974 2680 \Device\Harddisk0\DR0 - ok 15:18:24.0990 2680 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 15:18:25.0505 2680 \Device\Harddisk1\DR1 - ok 15:18:25.0505 2680 ================ Scan VBR ================================== 15:18:25.0520 2680 [ 5F70E8A904FB0A30D261E29148AFF787 ] \Device\Harddisk0\DR0\Partition1 15:18:25.0520 2680 \Device\Harddisk0\DR0\Partition1 - ok 15:18:25.0567 2680 [ 470DDC6AC5DAD4FBC4FF39EFA2E2AAE0 ] \Device\Harddisk0\DR0\Partition2 15:18:25.0567 2680 \Device\Harddisk0\DR0\Partition2 - ok 15:18:25.0567 2680 [ 546171F619B3AF0F03722A92C46576E3 ] \Device\Harddisk1\DR1\Partition1 15:18:25.0567 2680 \Device\Harddisk1\DR1\Partition1 - ok 15:18:25.0567 2680 ============================================================ 15:18:25.0567 2680 Scan finished 15:18:25.0567 2680 ============================================================ 15:18:25.0583 0336 Detected object count: 1 15:18:25.0583 0336 Actual detected object count: 1 15:18:49.0014 0336 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user 15:18:49.0014 0336 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:19:09.0747 3744 Deinitialize success Gruß Noobie10 |
16.02.2013, 18:34 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Telekom Brief, ZeuS/ZBot Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Telekom Brief, ZeuS/ZBot |
16.02.2013, 22:54 | #7 |
| Telekom Brief, ZeuS/ZBot Guten Abend, Hier nun das Log von Combofix Code:
ATTFilter ComboFix 13-02-15.01 - Admin 16.02.2013 22:30:27.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1791.975 [GMT 1:00] ausgeführt von:: c:\users\Wolfgang\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\4008E34291.sys c:\users\Wolfgang\4526835.exe c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-16 bis 2013-02-16 )))))))))))))))))))))))))))))) . . 2013-02-16 21:48 . 2013-02-16 21:48 -------- d-----w- c:\users\Wolfgang\AppData\Local\temp 2013-02-16 21:48 . 2013-02-16 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-16 21:47 . 2013-02-16 21:48 -------- d-----w- c:\users\Admin\AppData\Local\temp 2013-02-16 21:47 . 2013-02-16 21:47 -------- d-----w- c:\users\Philip\AppData\Local\temp 2013-02-16 21:47 . 2013-02-16 21:47 -------- d-----w- c:\users\Oliver\AppData\Local\temp 2013-02-16 21:47 . 2013-02-16 21:47 -------- d-----w- c:\users\Hannelore\AppData\Local\temp 2013-02-16 20:56 . 2013-02-16 20:56 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBB43943-110A-4F3B-BD6B-FA4399D60B21}\MpKslbf1fffbf.sys 2013-02-16 14:14 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBB43943-110A-4F3B-BD6B-FA4399D60B21}\mpengine.dll 2013-02-15 13:24 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-14 17:33 . 2013-02-14 17:33 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes 2013-02-14 17:32 . 2013-02-14 17:32 -------- d-----w- c:\programdata\Malwarebytes 2013-02-14 17:32 . 2013-02-14 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-14 17:32 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-14 17:32 . 2013-02-14 17:32 -------- d-----w- c:\users\Admin\AppData\Local\Programs 2013-02-13 12:18 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 12:18 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-13 12:18 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 12:18 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 12:18 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-13 12:18 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-09 13:22 . 2012-04-05 07:53 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-09 13:22 . 2011-05-14 14:27 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-30 10:53 . 2010-02-16 16:48 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-05 18:03 . 2011-07-15 08:56 3402 --sha-w- c:\programdata\KGyGaAvL.sys 2012-12-16 14:13 . 2012-12-21 14:12 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 14:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-07 12:26 . 2013-01-09 13:34 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20 . 2013-01-09 13:34 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 10:46 . 2013-01-09 13:34 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 10:46 . 2013-01-09 13:34 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 10:46 . 2013-01-09 13:34 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 13:34 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 13:34 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 13:34 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 10:46 . 2013-01-09 13:34 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 13:34 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 10:46 . 2013-01-09 13:34 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 10:46 . 2013-01-09 13:34 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 10:46 . 2013-01-09 13:34 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 10:46 . 2013-01-09 13:34 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 10:46 . 2013-01-09 13:34 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 13:34 55296 ----a-w- c:\windows\system32\cero.rs 2012-11-30 04:47 . 2013-01-09 13:34 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 04:45 . 2013-01-09 13:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-30 02:55 . 2013-01-09 13:34 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:38 . 2013-01-09 13:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38 . 2013-01-09 13:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38 . 2013-01-09 13:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38 . 2013-01-09 13:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-29 09:56 . 2012-11-29 09:57 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{048DA4B8-BEB9-4082-8343-0D5F87EFAA57}\gapaengine.dll 2012-11-28 09:35 . 2013-01-05 16:25 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-23 02:48 . 2013-01-09 13:33 49152 ----a-w- c:\windows\system32\taskhost.exe 2012-11-22 04:45 . 2013-01-09 13:34 626688 ----a-w- c:\windows\system32\usp10.dll 2012-11-20 04:51 . 2013-01-09 13:33 220160 ----a-w- c:\windows\system32\ncrypt.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 523408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-29 105632] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] " Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360] "Z1"="c:\users\Wolfgang\Desktop\mbar-1.01.0.1020\mbar\mbar.exe" [2013-02-15 1363528] "*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 360448] . c:\users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2013-1-12 117344] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] WinTV Recording Status.lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2013-1-12 155136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 MpKslbf1fffbf;MpKslbf1fffbf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBB43943-110A-4F3B-BD6B-FA4399D60B21}\MpKslbf1fffbf.sys [x] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\WinTV\TVServer\HauppaugeTVServer.exe [x] S3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - MPKSLBF1FFFBF . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-04 12:50 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:22] . 2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-15 10:20] . 2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-15 10:20] . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe AddRemove-Mah Jongg II - c:\windows\IsUn0407.exe AddRemove-Schmidt Mahjong - c:\windows\IsUn0407.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-16 22:51:14 ComboFix-quarantined-files.txt 2013-02-16 21:51 . Vor Suchlauf: 13 Verzeichnis(se), 139.823.067.136 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 140.480.802.816 Bytes frei . - - End Of File - - DF10AB7DED5EF6DEF806D6E9879460E3 Noobie10 |
18.02.2013, 13:30 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Telekom Brief, ZeuS/ZBot adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
18.02.2013, 23:46 | #9 |
| Telekom Brief, ZeuS/ZBot Guten Abend, hier nun die Logs von adwCleaner Code:
ATTFilter # AdwCleaner v2.112 - Datei am 18/02/2013 um 22:30:29 erstellt # Aktualisiert am 10/02/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : Admin - ADMIN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Wolfgang\Desktop\adwcleaner0.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[S1].txt - [711 octets] - [18/02/2013 22:30:29] ########## EOF - \AdwCleaner[S1].txt - [770 octets] ########## Code:
ATTFilter OTL logfile created on: 18.02.2013 22:37:21 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wolfgang\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 59,39% Memory free 3,50 Gb Paging File | 2,60 Gb Available in Paging File | 74,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 130,89 Gb Free Space | 43,93% Space Free | Partition Type: NTFS Drive D: | 1397,26 Gb Total Space | 1397,09 Gb Free Space | 99,99% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Wolfgang\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) PRC - C:\Programme\WinTV\TVServer\CaptureGenPCI.exe (Hauppauge Computer Works) PRC - C:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Common Files\Corel\Standby\Standby.exe (Corel) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\WinTV\TVServer\HauppaugeTVServerps.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Admin\AppData\Local\Temp\catchme.sys File not found DRV - (MpKslaf66d9dd) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51833551-3FA8-46E6-89BA-9135F982C0E9}\MpKslaf66d9dd.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 26 CE D8 8F 0C CE 01 [binary data] IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 C2 C6 AF 1F 0E CE 01 [binary data] IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE466 IE - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.06 11:07:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins O1 HOSTS File: ([2013.02.16 22:48:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel) O4 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001..\RunOnce: [Report] \AdwCleaner[S1].txt File not found O4 - Startup: C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3710322288-3227354555-318721060-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3C7CE36-5710-42DB-96A9-ACD2EBB0D24D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.16 22:51:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.16 22:51:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp [2013.02.16 22:26:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.16 22:26:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.16 22:26:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.16 22:26:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.16 22:26:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.15 14:27:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.14 18:33:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2013.02.14 18:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.14 18:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.14 18:32:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.14 18:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.14 18:32:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs [2013.02.13 13:50:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.13 13:50:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.13 13:50:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.13 13:50:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.13 13:50:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.13 13:50:33 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.13 13:50:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.13 13:50:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.13 13:18:57 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.13 13:18:50 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.13 13:18:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.13 13:18:48 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.13 13:18:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.18 22:39:30 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.18 22:39:30 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.18 22:31:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.18 22:31:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.18 22:31:37 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys [2013.02.18 22:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.16 22:55:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.16 22:48:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.02.15 14:27:15 | 355,049,412 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.14 18:35:15 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.14 18:35:15 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.14 18:35:15 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.14 18:35:15 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.14 18:32:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.13 17:22:41 | 000,443,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.11 13:57:25 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000016E6.LCS [2013.02.09 14:22:53 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.09 14:22:53 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.16 22:26:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.16 22:26:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.16 22:26:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.16 22:26:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.16 22:26:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.15 14:27:15 | 355,049,412 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.14 18:32:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.12 16:49:11 | 000,000,265 | ---- | C] () -- C:\Windows\HCWBlast.ini [2013.01.12 16:49:03 | 000,037,639 | ---- | C] () -- C:\Windows\Irremote.ini [2013.01.12 16:48:24 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe [2013.01.12 16:44:48 | 000,007,343 | ---- | C] () -- C:\Windows\HCWPNP.INI [2013.01.05 18:29:17 | 000,007,605 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2011.08.17 15:24:59 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.07.15 09:56:41 | 000,003,402 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.05.07 08:02:39 | 000,000,680 | RHS- | C] () -- C:\Users\Admin\ntuser.pol [2011.04.28 13:37:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2011.04.28 13:37:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2011.04.28 13:37:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2011.04.28 13:27:34 | 000,000,694 | ---- | C] () -- C:\Windows\SIERRA.INI ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.02.2013 22:37:21 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wolfgang\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 59,39% Memory free 3,50 Gb Paging File | 2,60 Gb Available in Paging File | 74,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 130,89 Gb Free Space | 43,93% Space Free | Partition Type: NTFS Drive D: | 1397,26 Gb Total Space | 1397,09 Gb Free Space | 99,99% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05E55156-43BE-4BB7-88D9-DCC2992E5C76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0EA918B1-80D4-4CF5-9ED5-E8F99A2947B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3DA4231A-439A-41C8-80F0-B4060A652C78}" = rport=137 | protocol=17 | dir=out | app=system | "{46718B0A-D774-4DCC-9939-C64F59DFB6D9}" = lport=10243 | protocol=6 | dir=in | app=system | "{5265CF25-52C9-4DF3-BED3-87C55564144A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{554B2446-0A73-4B4F-A976-404B00233392}" = rport=445 | protocol=6 | dir=out | app=system | "{59C0C918-C771-4BE4-AE08-425C573EC2F1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5AD9193A-742B-48CB-B569-E17758997AA1}" = lport=138 | protocol=17 | dir=in | app=system | "{5FDA5DFA-5ABF-4EE0-B518-F19B7FD68DDE}" = rport=139 | protocol=6 | dir=out | app=system | "{6166C20D-42F8-422B-840B-6C5E4C16F24F}" = rport=138 | protocol=17 | dir=out | app=system | "{6AE81469-1084-4526-A004-CD5A8EFDEB50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{73D056E4-6F50-431C-AFE6-9436F09F519E}" = rport=10243 | protocol=6 | dir=out | app=system | "{7DEED581-FF27-42FB-93FD-B7967D0B4D06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{955C9D6A-CC54-4184-976A-75FAFAD0BBE8}" = lport=445 | protocol=6 | dir=in | app=system | "{AEDC005C-7315-4250-B3CB-70D7B9A4824B}" = lport=2869 | protocol=6 | dir=in | app=system | "{BAD756AF-39AC-4D07-8160-BAC43DDC5D5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C378D541-A76A-4889-954A-BB731F1CD41B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C5575710-B667-490C-901E-973C68C5F227}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DD64EC55-DE25-4334-B7E1-5BCDB06717F6}" = lport=137 | protocol=17 | dir=in | app=system | "{DE762E4B-647F-4BBA-8F30-D2D5E04C80B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E1DC544B-4A24-4962-8E6D-49C7145011AB}" = lport=139 | protocol=6 | dir=in | app=system | "{F44C94FA-93C7-4B8E-983C-AC855FA9A237}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FA6133C5-7917-41B7-99F6-686174A772B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C77E36-A68C-49C6-9D8D-18A0FF6384B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{15BBC5FB-C776-4C10-85AF-2D8222BFCA9D}" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "{17774AC7-7420-4570-882E-A1248AF25352}" = protocol=6 | dir=out | app=system | "{17A2814B-3F48-4504-9BB7-C59F2AE2AC3F}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | "{2880F5E3-508A-43A0-97D5-0981572336ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2BDC4D7F-8495-49B7-BE50-C93C3DDCD7C9}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | "{2C328582-5DBF-4BCD-BEC3-4719220EB44D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2C7ACEDD-B50A-4029-989C-0E5DB86BC325}" = dir=in | app=c:\program files\itunes\itunes.exe | "{328E626F-97F8-409D-9F57-0BBAB14F4329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3462274B-6F55-42F6-9B7D-266C8E307879}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{52443B6E-F118-417B-86DB-3A95D78B45E3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5275D8DE-74A7-4253-BF9A-50DE96D2B90D}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | "{57CD6992-4B96-47E6-BF13-B770779EDA3A}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | "{5E19C4DF-2440-4390-9E4B-79AF7587A1D8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5FEA94EC-D8B6-4E20-A6A9-AF21EF575F87}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "{61582D76-F223-45D2-ACE2-BDC3F2FC6EE8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6884AE11-0214-49E1-80F2-9FD2B4BAB4A1}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{6B4A0A4C-D024-4F44-9569-EBC7164CA01C}" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "{6BC879F9-5566-4948-B136-BE501DF089A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7A8756BD-EED9-4EE6-930D-8516AC673953}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C712863-8421-4856-89D9-7666C6CEAFA1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{85F44710-37E0-4024-8E41-9A5ACBE2376A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{88F12741-6108-49D2-A080-C915C34157B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8F73838B-88F1-490B-ADED-66D4B3759401}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{97F483E8-8E7C-4D37-BE67-BB3F594C2E9A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{998507A4-4BE2-44EF-AE1D-3AE71A68D528}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A1911F59-6641-47C1-8FBD-6124017F9A26}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "{A7A024E4-45B1-42FD-A414-5AA9154E0010}" = protocol=17 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | "{AD70B6AD-B4AC-4D2E-B8F7-A2521D68354E}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "{BED77841-4B9C-46CC-8067-B401173D0B71}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser_nodd.exe | "{C1F05630-9B1A-4BA9-B360-48F167C51574}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C3F1EA9F-94AD-4F44-9B27-1A8F685ED347}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C515CA98-8640-4E71-91A6-896F15F259B9}" = protocol=6 | dir=in | app=c:\program files\tv-browser\tvbrowser.exe | "{C5DB04A4-C7C3-48EF-B3F6-EDEDEAE0F57B}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "{CBC73E50-857A-4EA7-9144-BE6CA2AA8FBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CBFCC461-9482-4707-A809-463F262D4E9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CFE6AAF2-ADFA-4C73-81A4-431A1A136328}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D739BA42-8071-40C4-A873-88CA1A5028F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{DEC5A4E7-B905-49D0-A3CF-FE46240DFA4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E12475F0-1D3D-4C3D-9A26-7EA6349427CB}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe | "{EEE16410-25A3-4DEE-A184-3C5A93A0CD5F}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3 "{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1 "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10 "{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™ "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DA41E54-9526-40C0-8456-66B09379DFCC}" = PaintShop Photo Pro X3 Registration Incentive "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II "{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works "{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F888AAB-DDAD-45A8-9A61-FFAB7521DBDD}" = Ping Flipper "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™ "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes "{C7B8E06E-EBBC-4210-93AB-DFC8760E3FC9}" = Works Suite-Betriebssystem-Pack "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup "{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA "{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}" = DeviceIO "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{D7D99A66-493F-468B-BCE1-6F88612B89D5}" = Contents "{D875FFEE-2FCE-4774-902A-749198C00A68}" = PureHD "{D8C02397-E0EF-4891-820E-1547DCC6701B}" = ContentHD "{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}" = Share "{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}" = VIO "{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}" = PSPH10Pro "{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3 "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9 "{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro "{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW "{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent "{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3D Live Pool_is1" = 3D Live Pool "3DJongg" = 3DJongg "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AmazingMahjongg3D" = AmazingMahjongg3D "Astro Fury" = Astro Fury "AutumnMahjongg" = AutumnMahjongg "BudRedhead" = BudRedhead "CityMahjongg" = CityMahjongg "ffdshow_is1" = ffdshow [rev 497] [2006-11-04] "FrozenMahjongg" = FrozenMahjongg "Google Chrome" = Google Chrome "Hauppauge WinTV 7" = Hauppauge WinTV 7 "InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}" = LEGO® Batman™ "InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II "InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™ "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "Mah-Jongger" = Mah-Jongger "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Memento Mori 2_is1" = Memento Mori 2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1) "NeoBall" = NeoBall "NetDevil_LEGO_Universe_is1" = LEGO Universe "OpenAL" = OpenAL "Patiencen + Solitaire" = Patiencen + Solitaire "PictureIt_v9" = Microsoft Picture It! Foto Premium 9 "PrivateMahjongg" = PrivateMahjongg "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Shockwave" = Shockwave "Sierra Uninstall" = Sierra On-Line Games (Remove only) "Soccerstars" = Soccerstars "Stepok's One Click Wipe Basic_is1" = One Click Wipe Basic "SuperSoli" = SuperSoli "The Great Mahjongg" = The Great Mahjongg "tvbrowser" = TV-Browser 3.2.1 "Twilight Mahjongg" = Twilight Mahjongg "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Works2004Setup" = Setup-Start von Microsoft Works 2004 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18.12.2011 13:06:38 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.12.2011 11:03:47 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.12.2011 11:03:48 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.12.2011 14:57:10 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.12.2011 14:57:10 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 20.12.2011 06:17:18 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 20.12.2011 06:17:18 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 20.12.2011 17:38:50 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 11706 Description = Error - 21.12.2011 08:07:39 | Computer Name = Admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 27.12.2011 17:17:23 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 11706 Description = [ System Events ] Error - 16.02.2013 09:47:24 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 16.02.2013 16:56:33 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 16.02.2013 16:56:33 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 16.02.2013 17:30:20 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 16.02.2013 17:41:09 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 16.02.2013 17:48:25 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 18.02.2013 17:07:14 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 18.02.2013 17:07:14 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 18.02.2013 17:31:40 | Computer Name = Admin-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 18.02.2013 17:31:40 | Computer Name = Admin-PC | Source = atikmdag | ID = 43029 Description = Display is not active < End of report > Noobie10 |
20.02.2013, 13:10 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Telekom Brief, ZeuS/ZBot Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
21.02.2013, 15:38 | #11 |
| Telekom Brief, ZeuS/ZBot so, hier nun die Logs von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.20.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: ADMIN-PC [Administrator] 20.02.2013 17:13:29 mbam-log-2013-02-20 (17-13-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 298688 Laufzeit: 9 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=d3ceaa979a2ce7458713a7f88e99f9f7 # engine=13199 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-21 12:09:36 # local_time=2013-02-21 01:09:36 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 49721366 113036567 0 0 # scanned=461764 # found=0 # cleaned=0 # scan_time=27493 Noobie10 |
21.02.2013, 17:04 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Telekom Brief, ZeuS/ZBot Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
21.02.2013, 22:00 | #13 |
| Telekom Brief, ZeuS/ZBot Guten Abend! der Rechner scheint normal zu laufen, aktuell sind keine weiteren Probleme aufgetreten. die bekannten Funde: Backdoor:Win32/Rbot PWS:Win32/Zbot PWS:Win32/Zbot.gen!AL liegen noch in der Quarantäne der Microsoft security essentials soll ich diese nun löschen? Gruß Noobie10 |
21.02.2013, 23:00 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Telekom Brief, ZeuS/ZBotZitat:
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.
__________________ Logfiles bitte immer in CODE-Tags posten |
22.02.2013, 17:09 | #15 |
| Telekom Brief, ZeuS/ZBot okay Danke für die schnelle Antwort!!! Soll ich die benutzten Programme nun deinstallieren? Gruß Noobie10 |
Themen zu Telekom Brief, ZeuS/ZBot |
7-zip, administrator, adobe, bho, bonjour, brief, computer, defender, downloader, error, explorer, fehler, firefox, flash player, format, helper, home, infiziert, install.exe, kein fund, logfile, monitor, msiinstaller, nvidia, object, plug-in, registry, rundll, security, software, svchost.exe, taskhost.exe |