|
Plagegeister aller Art und deren Bekämpfung: TR/Matsnu.A.85 TR/PSW.Zbot.1970Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.03.2013, 19:50 | #1 | |
| TR/Matsnu.A.85 TR/PSW.Zbot.1970 Guten Abend. Ich kenne mich leider sehr schlecht mit Computerdingen aus und habe heute zum Glück von diesem Forum erfahren. Mein Avira zeigt mir seit einigen Tagen immer wieder Sicherheitswarnungen, nach denen ich bisher jeweils auf "entfernen" geklickt habe. Allerdings nehmen die Warnungen kein Ende. Aktuell ist von 2 Sicherheitsproblemen die Rede, "TR/Matsnu.A.85" und "TR/PSW.Zbot.1970". Zudem stürzen sämtliche Programme ständig ab. Handelt es sich bei meinem Problem um einen Virus? Defogger und OTL habe ich mir nun runtergeladen, hier die OLT-Daten: Zitat:
Karre |
09.03.2013, 20:53 | #2 |
/// TB-Ausbilder | TR/Matsnu.A.85 TR/PSW.Zbot.1970Lesestoff: Banking-Trojaner Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden. Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
09.03.2013, 21:30 | #3 |
| TR/Matsnu.A.85 TR/PSW.Zbot.1970 Hallo Ryder!
__________________Vielen Dank, dass Du mir hilfst. Hier von aswmbr: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-03-09 21:16:50 ----------------------------- 21:16:50.849 OS Version: Windows x64 6.1.7601 Service Pack 1 21:16:50.849 Number of processors: 4 586 0x2505 21:16:50.849 ComputerName: KARRE-PC UserName: Karre 21:16:52.487 Initialize success 21:17:09.507 AVAST engine download error: 0 21:18:11.673 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 21:18:11.673 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3 21:18:11.689 Disk 0 MBR read successfully 21:18:11.704 Disk 0 MBR scan 21:18:11.704 Disk 0 Windows VISTA default MBR code 21:18:11.720 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048 21:18:11.735 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048 21:18:11.751 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463838 MB offset 26830848 21:18:11.767 Disk 0 scanning C:\Windows\system32\drivers 21:18:23.326 Service scanning 21:19:06.694 Modules scanning 21:19:06.694 Disk 0 trace - called modules: 21:19:06.726 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 21:19:06.741 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c02060] 21:19:06.741 3 CLASSPNP.SYS[fffff880019cd43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004908050] 21:19:06.741 Scan finished successfully 21:19:53.440 Disk 0 MBR has been saved successfully to "E:\defogger\MBR.dat" 21:19:53.658 The log file has been saved successfully to "E:\defogger\aswMBR.txt" Code:
ATTFilter 21:20:46.0070 4068 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 21:20:48.0082 4068 ============================================================ 21:20:48.0082 4068 Current date / time: 2013/03/09 21:20:48.0082 21:20:48.0082 4068 SystemInfo: 21:20:48.0082 4068 21:20:48.0082 4068 OS Version: 6.1.7601 ServicePack: 1.0 21:20:48.0082 4068 Product type: Workstation 21:20:48.0082 4068 ComputerName: KARRE-PC 21:20:48.0082 4068 UserName: Karre 21:20:48.0082 4068 Windows directory: C:\Windows 21:20:48.0082 4068 System windows directory: C:\Windows 21:20:48.0082 4068 Running under WOW64 21:20:48.0082 4068 Processor architecture: Intel x64 21:20:48.0082 4068 Number of processors: 4 21:20:48.0082 4068 Page size: 0x1000 21:20:48.0082 4068 Boot type: Normal boot 21:20:48.0082 4068 ============================================================ 21:20:48.0769 4068 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:20:48.0784 4068 Drive \Device\Harddisk1\DR1 - Size: 0x7D680000 (1.96 Gb), SectorSize: 0x200, Cylinders: 0xFF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:20:48.0784 4068 ============================================================ 21:20:48.0784 4068 \Device\Harddisk0\DR0: 21:20:48.0784 4068 MBR partitions: 21:20:48.0784 4068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000 21:20:48.0784 4068 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030 21:20:48.0784 4068 \Device\Harddisk1\DR1: 21:20:48.0784 4068 MBR partitions: 21:20:48.0784 4068 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3EB3E0 21:20:48.0784 4068 ============================================================ 21:20:48.0815 4068 C: <-> \Device\Harddisk0\DR0\Partition2 21:20:48.0815 4068 ============================================================ 21:20:48.0815 4068 Initialize success 21:20:48.0815 4068 ============================================================ 21:21:08.0019 3440 ============================================================ 21:21:08.0019 3440 Scan started 21:21:08.0019 3440 Mode: Manual; TDLFS; 21:21:08.0019 3440 ============================================================ 21:21:08.0159 3440 ================ Scan system memory ======================== 21:21:08.0159 3440 System memory - ok 21:21:08.0159 3440 ================ Scan services ============================= 21:21:08.0315 3440 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:21:08.0315 3440 1394ohci - ok 21:21:08.0362 3440 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:21:08.0378 3440 ACPI - ok 21:21:08.0425 3440 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:21:08.0425 3440 AcpiPmi - ok 21:21:08.0518 3440 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe 21:21:08.0534 3440 AdobeActiveFileMonitor8.0 - ok 21:21:08.0705 3440 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:21:08.0705 3440 AdobeARMservice - ok 21:21:08.0768 3440 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 21:21:08.0768 3440 adp94xx - ok 21:21:08.0815 3440 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 21:21:08.0815 3440 adpahci - ok 21:21:08.0830 3440 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 21:21:08.0830 3440 adpu320 - ok 21:21:08.0861 3440 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:21:08.0877 3440 AeLookupSvc - ok 21:21:08.0924 3440 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 21:21:08.0924 3440 AFD - ok 21:21:08.0955 3440 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:21:08.0955 3440 agp440 - ok 21:21:09.0002 3440 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 21:21:09.0017 3440 ALG - ok 21:21:09.0064 3440 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 21:21:09.0064 3440 aliide - ok 21:21:09.0111 3440 [ 3D90CF67DB75823A8480E56BBCD2E028 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 21:21:09.0111 3440 AMD External Events Utility - ok 21:21:09.0158 3440 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 21:21:09.0158 3440 amdide - ok 21:21:09.0189 3440 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 21:21:09.0189 3440 AmdK8 - ok 21:21:09.0361 3440 [ 52679612D742BF74CA1BA6AB86DDF431 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys 21:21:09.0485 3440 amdkmdag - ok 21:21:09.0548 3440 [ 414E0788920A8C856032BE2CBF29F984 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 21:21:09.0548 3440 amdkmdap - ok 21:21:09.0595 3440 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 21:21:09.0595 3440 AmdPPM - ok 21:21:09.0641 3440 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:21:09.0641 3440 amdsata - ok 21:21:09.0673 3440 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 21:21:09.0673 3440 amdsbs - ok 21:21:09.0688 3440 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:21:09.0688 3440 amdxata - ok 21:21:09.0751 3440 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS 21:21:09.0751 3440 AmUStor - ok 21:21:09.0844 3440 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 21:21:09.0844 3440 AntiVirSchedulerService - ok 21:21:09.0891 3440 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 21:21:09.0891 3440 AntiVirService - ok 21:21:09.0938 3440 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 21:21:09.0938 3440 AppID - ok 21:21:09.0985 3440 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:21:09.0985 3440 AppIDSvc - ok 21:21:10.0031 3440 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 21:21:10.0047 3440 Appinfo - ok 21:21:10.0094 3440 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 21:21:10.0094 3440 arc - ok 21:21:10.0109 3440 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 21:21:10.0109 3440 arcsas - ok 21:21:10.0141 3440 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:21:10.0141 3440 AsyncMac - ok 21:21:10.0172 3440 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 21:21:10.0172 3440 atapi - ok 21:21:10.0281 3440 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys 21:21:10.0297 3440 athr - ok 21:21:10.0359 3440 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 21:21:10.0359 3440 AtiHdmiService - ok 21:21:10.0406 3440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:21:10.0453 3440 AudioEndpointBuilder - ok 21:21:10.0468 3440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:21:10.0468 3440 AudioSrv - ok 21:21:10.0531 3440 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 21:21:10.0531 3440 avgntflt - ok 21:21:10.0562 3440 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 21:21:10.0562 3440 avipbb - ok 21:21:10.0593 3440 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 21:21:10.0593 3440 avkmgr - ok 21:21:10.0655 3440 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:21:10.0671 3440 AxInstSV - ok 21:21:10.0718 3440 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 21:21:10.0718 3440 b06bdrv - ok 21:21:10.0765 3440 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:21:10.0780 3440 b57nd60a - ok 21:21:10.0889 3440 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe 21:21:10.0889 3440 BBSvc - ok 21:21:10.0936 3440 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe 21:21:10.0952 3440 BBUpdate - ok 21:21:11.0030 3440 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 21:21:11.0061 3440 BCM43XX - ok 21:21:11.0139 3440 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 21:21:11.0155 3440 BDESVC - ok 21:21:11.0170 3440 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 21:21:11.0170 3440 Beep - ok 21:21:11.0264 3440 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 21:21:11.0311 3440 BFE - ok 21:21:11.0373 3440 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 21:21:11.0435 3440 BITS - ok 21:21:11.0467 3440 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:21:11.0467 3440 blbdrive - ok 21:21:11.0513 3440 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:21:11.0529 3440 bowser - ok 21:21:11.0560 3440 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:21:11.0560 3440 BrFiltLo - ok 21:21:11.0560 3440 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:21:11.0560 3440 BrFiltUp - ok 21:21:11.0607 3440 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 21:21:11.0607 3440 Browser - ok 21:21:11.0638 3440 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:21:11.0638 3440 Brserid - ok 21:21:11.0638 3440 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:21:11.0638 3440 BrSerWdm - ok 21:21:11.0654 3440 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:21:11.0654 3440 BrUsbMdm - ok 21:21:11.0654 3440 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:21:11.0654 3440 BrUsbSer - ok 21:21:11.0669 3440 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 21:21:11.0669 3440 BTHMODEM - ok 21:21:11.0716 3440 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 21:21:11.0716 3440 bthserv - ok 21:21:11.0732 3440 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:21:11.0747 3440 cdfs - ok 21:21:11.0794 3440 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 21:21:11.0794 3440 cdrom - ok 21:21:11.0857 3440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 21:21:11.0872 3440 CertPropSvc - ok 21:21:11.0903 3440 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 21:21:11.0903 3440 circlass - ok 21:21:11.0950 3440 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 21:21:11.0950 3440 CLFS - ok 21:21:12.0059 3440 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:21:12.0075 3440 clr_optimization_v2.0.50727_32 - ok 21:21:12.0122 3440 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:21:12.0137 3440 clr_optimization_v2.0.50727_64 - ok 21:21:12.0262 3440 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:21:12.0325 3440 clr_optimization_v4.0.30319_32 - ok 21:21:12.0356 3440 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:21:12.0356 3440 clr_optimization_v4.0.30319_64 - ok 21:21:12.0387 3440 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:21:12.0387 3440 CmBatt - ok 21:21:12.0418 3440 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:21:12.0418 3440 cmdide - ok 21:21:12.0465 3440 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 21:21:12.0481 3440 CNG - ok 21:21:12.0527 3440 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:21:12.0527 3440 Compbatt - ok 21:21:12.0559 3440 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 21:21:12.0559 3440 CompositeBus - ok 21:21:12.0574 3440 COMSysApp - ok 21:21:12.0605 3440 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 21:21:12.0605 3440 crcdisk - ok 21:21:12.0652 3440 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:21:12.0652 3440 CryptSvc - ok 21:21:12.0699 3440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:21:12.0699 3440 DcomLaunch - ok 21:21:12.0761 3440 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 21:21:12.0793 3440 defragsvc - ok 21:21:12.0824 3440 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:21:12.0824 3440 DfsC - ok 21:21:12.0886 3440 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 21:21:12.0886 3440 Dhcp - ok 21:21:12.0917 3440 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 21:21:12.0917 3440 discache - ok 21:21:12.0933 3440 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 21:21:12.0949 3440 Disk - ok 21:21:12.0995 3440 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:21:13.0011 3440 Dnscache - ok 21:21:13.0073 3440 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:21:13.0073 3440 dot3svc - ok 21:21:13.0136 3440 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 21:21:13.0136 3440 Dot4 - ok 21:21:13.0198 3440 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys 21:21:13.0198 3440 Dot4Print - ok 21:21:13.0229 3440 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 21:21:13.0229 3440 dot4usb - ok 21:21:13.0276 3440 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 21:21:13.0276 3440 DPS - ok 21:21:13.0323 3440 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:21:13.0323 3440 drmkaud - ok 21:21:13.0385 3440 [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe 21:21:13.0385 3440 DsiWMIService - ok 21:21:13.0448 3440 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:21:13.0463 3440 DXGKrnl - ok 21:21:13.0510 3440 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 21:21:13.0510 3440 EapHost - ok 21:21:13.0651 3440 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 21:21:13.0744 3440 ebdrv - ok 21:21:13.0775 3440 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 21:21:13.0775 3440 EFS - ok 21:21:13.0853 3440 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:21:13.0900 3440 ehRecvr - ok 21:21:13.0931 3440 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 21:21:13.0931 3440 ehSched - ok 21:21:13.0994 3440 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 21:21:13.0994 3440 elxstor - ok 21:21:14.0165 3440 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe 21:21:14.0181 3440 ePowerSvc - ok 21:21:14.0197 3440 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:21:14.0197 3440 ErrDev - ok 21:21:14.0259 3440 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 21:21:14.0290 3440 EventSystem - ok 21:21:14.0306 3440 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 21:21:14.0306 3440 exfat - ok 21:21:14.0337 3440 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:21:14.0337 3440 fastfat - ok 21:21:14.0399 3440 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 21:21:14.0431 3440 Fax - ok 21:21:14.0446 3440 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 21:21:14.0446 3440 fdc - ok 21:21:14.0493 3440 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 21:21:14.0493 3440 fdPHost - ok 21:21:14.0509 3440 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 21:21:14.0524 3440 FDResPub - ok 21:21:14.0540 3440 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:21:14.0540 3440 FileInfo - ok 21:21:14.0555 3440 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:21:14.0555 3440 Filetrace - ok 21:21:14.0696 3440 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 21:21:14.0743 3440 FLEXnet Licensing Service - ok 21:21:14.0758 3440 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 21:21:14.0758 3440 flpydisk - ok 21:21:14.0805 3440 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:21:14.0805 3440 FltMgr - ok 21:21:14.0867 3440 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 21:21:14.0899 3440 FontCache - ok 21:21:15.0039 3440 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:21:15.0055 3440 FontCache3.0.0.0 - ok 21:21:15.0117 3440 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:21:15.0117 3440 FsDepends - ok 21:21:15.0148 3440 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:21:15.0148 3440 Fs_Rec - ok 21:21:15.0195 3440 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:21:15.0195 3440 fvevol - ok 21:21:15.0226 3440 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 21:21:15.0226 3440 gagp30kx - ok 21:21:15.0320 3440 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe 21:21:15.0367 3440 GameConsoleService - ok 21:21:15.0429 3440 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 21:21:15.0476 3440 gpsvc - ok 21:21:15.0538 3440 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe 21:21:15.0538 3440 GREGService - ok 21:21:15.0647 3440 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:21:15.0647 3440 gupdate - ok 21:21:15.0741 3440 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:21:15.0741 3440 gupdatem - ok 21:21:15.0772 3440 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:21:15.0772 3440 hcw85cir - ok 21:21:15.0850 3440 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:21:15.0850 3440 HdAudAddService - ok 21:21:15.0881 3440 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 21:21:15.0881 3440 HDAudBus - ok 21:21:15.0913 3440 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 21:21:15.0913 3440 HECIx64 - ok 21:21:15.0944 3440 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 21:21:15.0959 3440 HidBatt - ok 21:21:15.0959 3440 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 21:21:15.0959 3440 HidBth - ok 21:21:15.0975 3440 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 21:21:15.0975 3440 HidIr - ok 21:21:16.0006 3440 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 21:21:16.0006 3440 hidserv - ok 21:21:16.0053 3440 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 21:21:16.0053 3440 HidUsb - ok 21:21:16.0100 3440 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:21:16.0100 3440 hkmsvc - ok 21:21:16.0162 3440 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:21:16.0178 3440 HomeGroupListener - ok 21:21:16.0225 3440 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:21:16.0240 3440 HomeGroupProvider - ok 21:21:16.0396 3440 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 21:21:16.0396 3440 hpqcxs08 - ok 21:21:16.0474 3440 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 21:21:16.0474 3440 hpqddsvc - ok 21:21:16.0537 3440 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:21:16.0537 3440 HpSAMD - ok 21:21:16.0646 3440 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 21:21:16.0677 3440 HPSLPSVC - ok 21:21:16.0724 3440 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:21:16.0739 3440 HTTP - ok 21:21:16.0786 3440 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:21:16.0786 3440 hwpolicy - ok 21:21:16.0833 3440 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 21:21:16.0833 3440 i8042prt - ok 21:21:16.0880 3440 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 21:21:16.0880 3440 iaStor - ok 21:21:16.0927 3440 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:21:16.0942 3440 iaStorV - ok 21:21:17.0129 3440 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:21:17.0176 3440 idsvc - ok 21:21:17.0426 3440 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 21:21:17.0566 3440 igfx - ok 21:21:17.0597 3440 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 21:21:17.0597 3440 iirsp - ok 21:21:17.0769 3440 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 21:21:17.0800 3440 IKEEXT - ok 21:21:17.0987 3440 [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 21:21:18.0003 3440 IntcAzAudAddService - ok 21:21:18.0019 3440 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 21:21:18.0019 3440 intelide - ok 21:21:18.0065 3440 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:21:18.0065 3440 intelppm - ok 21:21:18.0112 3440 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:21:18.0128 3440 IPBusEnum - ok 21:21:18.0159 3440 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:21:18.0159 3440 IpFilterDriver - ok 21:21:18.0221 3440 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:21:18.0253 3440 iphlpsvc - ok 21:21:18.0284 3440 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:21:18.0284 3440 IPMIDRV - ok 21:21:18.0331 3440 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:21:18.0331 3440 IPNAT - ok 21:21:18.0362 3440 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:21:18.0362 3440 IRENUM - ok 21:21:18.0377 3440 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:21:18.0377 3440 isapnp - ok 21:21:18.0611 3440 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:21:18.0611 3440 iScsiPrt - ok 21:21:18.0674 3440 [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 21:21:18.0689 3440 k57nd60a - ok 21:21:18.0705 3440 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 21:21:18.0705 3440 kbdclass - ok 21:21:18.0721 3440 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 21:21:18.0721 3440 kbdhid - ok 21:21:18.0752 3440 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 21:21:18.0752 3440 KeyIso - ok 21:21:18.0783 3440 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:21:18.0783 3440 KSecDD - ok 21:21:18.0892 3440 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:21:18.0892 3440 KSecPkg - ok 21:21:18.0939 3440 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:21:18.0939 3440 ksthunk - ok 21:21:19.0033 3440 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 21:21:19.0079 3440 KtmRm - ok 21:21:19.0111 3440 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys 21:21:19.0111 3440 L1E - ok 21:21:19.0157 3440 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:21:19.0220 3440 LanmanServer - ok 21:21:19.0267 3440 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:21:19.0298 3440 LanmanWorkstation - ok 21:21:19.0345 3440 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:21:19.0360 3440 lltdio - ok 21:21:19.0485 3440 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:21:19.0501 3440 lltdsvc - ok 21:21:19.0532 3440 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:21:19.0547 3440 lmhosts - ok 21:21:19.0672 3440 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:21:19.0672 3440 LMS - ok 21:21:19.0719 3440 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 21:21:19.0719 3440 LSI_FC - ok 21:21:19.0735 3440 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 21:21:19.0735 3440 LSI_SAS - ok 21:21:19.0750 3440 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:21:19.0750 3440 LSI_SAS2 - ok 21:21:19.0781 3440 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:21:19.0781 3440 LSI_SCSI - ok 21:21:19.0813 3440 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 21:21:19.0813 3440 luafv - ok 21:21:19.0922 3440 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe 21:21:19.0969 3440 McComponentHostService - ok 21:21:20.0015 3440 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:21:20.0031 3440 Mcx2Svc - ok 21:21:20.0062 3440 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 21:21:20.0062 3440 megasas - ok 21:21:20.0234 3440 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 21:21:20.0234 3440 MegaSR - ok 21:21:20.0249 3440 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 21:21:20.0249 3440 MMCSS - ok 21:21:20.0281 3440 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 21:21:20.0281 3440 Modem - ok 21:21:20.0312 3440 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:21:20.0312 3440 monitor - ok 21:21:20.0359 3440 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 21:21:20.0359 3440 mouclass - ok 21:21:20.0374 3440 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:21:20.0374 3440 mouhid - ok 21:21:20.0421 3440 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:21:20.0421 3440 mountmgr - ok 21:21:20.0468 3440 MozillaMaintenance - ok 21:21:20.0530 3440 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 21:21:20.0530 3440 mpio - ok 21:21:20.0593 3440 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:21:20.0593 3440 mpsdrv - ok 21:21:20.0639 3440 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:21:20.0686 3440 MpsSvc - ok 21:21:20.0733 3440 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:21:20.0733 3440 MRxDAV - ok 21:21:20.0764 3440 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:21:20.0764 3440 mrxsmb - ok 21:21:20.0842 3440 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:21:20.0858 3440 mrxsmb10 - ok 21:21:20.0920 3440 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:21:20.0920 3440 mrxsmb20 - ok 21:21:20.0967 3440 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 21:21:20.0967 3440 msahci - ok 21:21:21.0045 3440 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:21:21.0045 3440 msdsm - ok 21:21:21.0061 3440 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 21:21:21.0076 3440 MSDTC - ok 21:21:21.0107 3440 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:21:21.0123 3440 Msfs - ok 21:21:21.0139 3440 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:21:21.0139 3440 mshidkmdf - ok 21:21:21.0185 3440 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:21:21.0185 3440 msisadrv - ok 21:21:21.0263 3440 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:21:21.0373 3440 MSiSCSI - ok 21:21:21.0388 3440 msiserver - ok 21:21:21.0435 3440 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:21:21.0451 3440 MSKSSRV - ok 21:21:21.0513 3440 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:21:21.0513 3440 MSPCLOCK - ok 21:21:21.0513 3440 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:21:21.0513 3440 MSPQM - ok 21:21:21.0544 3440 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:21:21.0560 3440 MsRPC - ok 21:21:21.0591 3440 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 21:21:21.0591 3440 mssmbios - ok 21:21:21.0591 3440 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:21:21.0607 3440 MSTEE - ok 21:21:21.0607 3440 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 21:21:21.0607 3440 MTConfig - ok 21:21:21.0638 3440 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 21:21:21.0638 3440 Mup - ok 21:21:21.0747 3440 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 21:21:21.0763 3440 napagent - ok 21:21:21.0841 3440 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:21:21.0841 3440 NativeWifiP - ok 21:21:21.0965 3440 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:21:21.0997 3440 NDIS - ok 21:21:22.0059 3440 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:21:22.0059 3440 NdisCap - ok 21:21:22.0090 3440 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:21:22.0090 3440 NdisTapi - ok 21:21:22.0121 3440 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:21:22.0121 3440 Ndisuio - ok 21:21:22.0168 3440 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:21:22.0184 3440 NdisWan - ok 21:21:22.0231 3440 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:21:22.0231 3440 NDProxy - ok 21:21:22.0449 3440 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 21:21:22.0480 3440 Nero BackItUp Scheduler 4.0 - ok 21:21:22.0543 3440 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 21:21:22.0543 3440 Net Driver HPZ12 - ok 21:21:22.0574 3440 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:21:22.0574 3440 NetBIOS - ok 21:21:22.0605 3440 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:21:22.0621 3440 NetBT - ok 21:21:22.0636 3440 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 21:21:22.0636 3440 Netlogon - ok 21:21:22.0683 3440 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 21:21:22.0683 3440 Netman - ok 21:21:22.0714 3440 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 21:21:22.0714 3440 netprofm - ok 21:21:22.0761 3440 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:21:22.0761 3440 NetTcpPortSharing - ok 21:21:22.0808 3440 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 21:21:22.0808 3440 nfrd960 - ok 21:21:22.0870 3440 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:21:22.0886 3440 NlaSvc - ok 21:21:23.0089 3440 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 21:21:23.0151 3440 NOBU - ok 21:21:23.0198 3440 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:21:23.0198 3440 Npfs - ok 21:21:23.0245 3440 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 21:21:23.0245 3440 nsi - ok 21:21:23.0276 3440 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:21:23.0276 3440 nsiproxy - ok 21:21:23.0354 3440 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:21:23.0401 3440 Ntfs - ok 21:21:23.0463 3440 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe 21:21:23.0479 3440 NTI IScheduleSvc - ok 21:21:23.0494 3440 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 21:21:23.0494 3440 NTIDrvr - ok 21:21:23.0572 3440 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 21:21:23.0572 3440 Null - ok 21:21:23.0635 3440 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:21:23.0635 3440 nvraid - ok 21:21:23.0681 3440 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:21:23.0697 3440 nvstor - ok 21:21:23.0744 3440 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:21:23.0744 3440 nv_agp - ok 21:21:23.0806 3440 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:21:23.0806 3440 ohci1394 - ok 21:21:23.0915 3440 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:21:23.0915 3440 ose - ok 21:21:23.0978 3440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:21:23.0978 3440 p2pimsvc - ok 21:21:24.0009 3440 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 21:21:24.0025 3440 p2psvc - ok 21:21:24.0040 3440 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 21:21:24.0040 3440 Parport - ok 21:21:24.0103 3440 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:21:24.0103 3440 partmgr - ok 21:21:24.0149 3440 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:21:24.0165 3440 PcaSvc - ok 21:21:24.0181 3440 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 21:21:24.0181 3440 pci - ok 21:21:24.0227 3440 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 21:21:24.0227 3440 pciide - ok 21:21:24.0243 3440 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 21:21:24.0259 3440 pcmcia - ok 21:21:24.0290 3440 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 21:21:24.0305 3440 pcw - ok 21:21:24.0399 3440 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:21:24.0399 3440 PEAUTH - ok 21:21:24.0508 3440 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:21:24.0524 3440 PerfHost - ok 21:21:24.0602 3440 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 21:21:24.0664 3440 pla - ok 21:21:24.0711 3440 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:21:24.0742 3440 PlugPlay - ok 21:21:24.0789 3440 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 21:21:24.0789 3440 Pml Driver HPZ12 - ok 21:21:24.0805 3440 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:21:24.0820 3440 PNRPAutoReg - ok 21:21:24.0836 3440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:21:24.0851 3440 PNRPsvc - ok 21:21:24.0976 3440 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:21:24.0992 3440 PolicyAgent - ok 21:21:25.0023 3440 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 21:21:25.0039 3440 Power - ok 21:21:25.0101 3440 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:21:25.0101 3440 PptpMiniport - ok 21:21:25.0132 3440 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 21:21:25.0132 3440 Processor - ok 21:21:25.0195 3440 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 21:21:25.0210 3440 ProfSvc - ok 21:21:25.0226 3440 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:21:25.0226 3440 ProtectedStorage - ok 21:21:25.0273 3440 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:21:25.0273 3440 Psched - ok 21:21:25.0335 3440 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 21:21:25.0335 3440 PxHlpa64 - ok 21:21:25.0382 3440 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 21:21:25.0429 3440 ql2300 - ok 21:21:25.0491 3440 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 21:21:25.0491 3440 ql40xx - ok 21:21:25.0553 3440 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 21:21:25.0569 3440 QWAVE - ok 21:21:25.0585 3440 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:21:25.0585 3440 QWAVEdrv - ok 21:21:25.0600 3440 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:21:25.0600 3440 RasAcd - ok 21:21:25.0631 3440 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:21:25.0631 3440 RasAgileVpn - ok 21:21:25.0663 3440 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 21:21:25.0709 3440 RasAuto - ok 21:21:25.0741 3440 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:21:25.0741 3440 Rasl2tp - ok 21:21:25.0787 3440 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 21:21:25.0803 3440 RasMan - ok 21:21:25.0834 3440 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:21:25.0834 3440 RasPppoe - ok 21:21:25.0850 3440 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:21:25.0850 3440 RasSstp - ok 21:21:25.0897 3440 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:21:25.0912 3440 rdbss - ok 21:21:25.0959 3440 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 21:21:25.0959 3440 rdpbus - ok 21:21:25.0975 3440 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:21:25.0990 3440 RDPCDD - ok 21:21:26.0006 3440 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:21:26.0021 3440 RDPENCDD - ok 21:21:26.0037 3440 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:21:26.0037 3440 RDPREFMP - ok 21:21:26.0099 3440 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:21:26.0099 3440 RDPWD - ok 21:21:26.0193 3440 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:21:26.0193 3440 rdyboost - ok 21:21:26.0255 3440 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:21:26.0349 3440 RemoteAccess - ok 21:21:26.0411 3440 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:21:26.0474 3440 RemoteRegistry - ok 21:21:26.0489 3440 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:21:26.0505 3440 RpcEptMapper - ok 21:21:26.0583 3440 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 21:21:26.0599 3440 RpcLocator - ok 21:21:26.0630 3440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 21:21:26.0630 3440 RpcSs - ok 21:21:26.0661 3440 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:21:26.0661 3440 rspndr - ok 21:21:26.0677 3440 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 21:21:26.0692 3440 SamSs - ok 21:21:26.0739 3440 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:21:26.0739 3440 sbp2port - ok 21:21:26.0786 3440 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:21:26.0895 3440 SCardSvr - ok 21:21:26.0957 3440 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:21:26.0957 3440 scfilter - ok 21:21:27.0035 3440 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 21:21:27.0160 3440 Schedule - ok 21:21:27.0223 3440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 21:21:27.0223 3440 SCPolicySvc - ok 21:21:27.0269 3440 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:21:27.0332 3440 SDRSVC - ok 21:21:27.0363 3440 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:21:27.0363 3440 secdrv - ok 21:21:27.0379 3440 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 21:21:27.0425 3440 seclogon - ok 21:21:27.0472 3440 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 21:21:27.0488 3440 SENS - ok 21:21:27.0488 3440 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:21:27.0503 3440 SensrSvc - ok 21:21:27.0519 3440 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 21:21:27.0519 3440 Serenum - ok 21:21:27.0550 3440 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 21:21:27.0566 3440 Serial - ok 21:21:27.0597 3440 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 21:21:27.0597 3440 sermouse - ok 21:21:27.0659 3440 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 21:21:27.0675 3440 SessionEnv - ok 21:21:27.0722 3440 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:21:27.0722 3440 sffdisk - ok 21:21:27.0753 3440 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:21:27.0753 3440 sffp_mmc - ok 21:21:27.0784 3440 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:21:27.0784 3440 sffp_sd - ok 21:21:27.0815 3440 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 21:21:27.0815 3440 sfloppy - ok 21:21:27.0893 3440 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:21:27.0987 3440 SharedAccess - ok 21:21:28.0065 3440 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:21:28.0127 3440 ShellHWDetection - ok 21:21:28.0159 3440 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:21:28.0159 3440 SiSRaid2 - ok 21:21:28.0205 3440 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 21:21:28.0205 3440 SiSRaid4 - ok 21:21:28.0268 3440 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:21:28.0268 3440 Smb - ok 21:21:28.0330 3440 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:21:28.0346 3440 SNMPTRAP - ok 21:21:28.0377 3440 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 21:21:28.0377 3440 spldr - ok 21:21:28.0424 3440 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 21:21:28.0439 3440 Spooler - ok 21:21:28.0705 3440 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 21:21:28.0767 3440 sppsvc - ok 21:21:28.0783 3440 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:21:28.0798 3440 sppuinotify - ok 21:21:28.0845 3440 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 21:21:28.0845 3440 srv - ok 21:21:28.0892 3440 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:21:28.0892 3440 srv2 - ok 21:21:28.0907 3440 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:21:28.0907 3440 srvnet - ok 21:21:28.0970 3440 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:21:29.0188 3440 SSDPSRV - ok 21:21:29.0204 3440 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:21:29.0251 3440 SstpSvc - ok 21:21:29.0266 3440 ssudmdm - ok 21:21:29.0297 3440 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 21:21:29.0297 3440 stexstor - ok 21:21:29.0375 3440 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 21:21:29.0469 3440 stisvc - ok 21:21:29.0531 3440 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 21:21:29.0531 3440 swenum - ok 21:21:29.0578 3440 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 21:21:29.0656 3440 swprv - ok 21:21:29.0734 3440 [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 21:21:29.0734 3440 SynTP - ok 21:21:29.0828 3440 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 21:21:29.0859 3440 SysMain - ok 21:21:29.0906 3440 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:21:29.0921 3440 TabletInputService - ok 21:21:29.0953 3440 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:21:29.0968 3440 TapiSrv - ok 21:21:30.0015 3440 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 21:21:30.0015 3440 TBS - ok 21:21:30.0171 3440 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:21:30.0249 3440 Tcpip - ok 21:21:30.0296 3440 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:21:30.0311 3440 TCPIP6 - ok 21:21:30.0374 3440 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:21:30.0374 3440 tcpipreg - ok 21:21:30.0436 3440 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:21:30.0436 3440 TDPIPE - ok 21:21:30.0483 3440 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:21:30.0483 3440 TDTCP - ok 21:21:30.0545 3440 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:21:30.0545 3440 tdx - ok 21:21:30.0592 3440 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 21:21:30.0592 3440 TermDD - ok 21:21:30.0655 3440 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 21:21:30.0717 3440 TermService - ok 21:21:30.0733 3440 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 21:21:30.0748 3440 Themes - ok 21:21:30.0764 3440 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 21:21:30.0764 3440 THREADORDER - ok 21:21:30.0779 3440 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 21:21:30.0779 3440 TrkWks - ok 21:21:30.0873 3440 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:21:30.0889 3440 TrustedInstaller - ok 21:21:30.0920 3440 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:21:30.0920 3440 tssecsrv - ok 21:21:30.0967 3440 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:21:30.0967 3440 TsUsbFlt - ok 21:21:31.0029 3440 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:21:31.0045 3440 tunnel - ok 21:21:31.0076 3440 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 21:21:31.0076 3440 uagp35 - ok 21:21:31.0123 3440 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 21:21:31.0123 3440 UBHelper - ok 21:21:31.0247 3440 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:21:31.0310 3440 udfs - ok 21:21:31.0341 3440 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:21:31.0357 3440 UI0Detect - ok 21:21:31.0388 3440 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:21:31.0388 3440 uliagpkx - ok 21:21:31.0466 3440 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 21:21:31.0466 3440 umbus - ok 21:21:31.0497 3440 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 21:21:31.0497 3440 UmPass - ok 21:21:31.0700 3440 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 21:21:31.0731 3440 UNS - ok 21:21:31.0871 3440 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe 21:21:31.0871 3440 Updater Service - ok 21:21:31.0934 3440 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 21:21:31.0965 3440 upnphost - ok 21:21:32.0027 3440 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:21:32.0027 3440 usbccgp - ok 21:21:32.0074 3440 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:21:32.0074 3440 usbcir - ok 21:21:32.0105 3440 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 21:21:32.0105 3440 usbehci - ok 21:21:32.0137 3440 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:21:32.0137 3440 usbhub - ok 21:21:32.0168 3440 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:21:32.0168 3440 usbohci - ok 21:21:32.0215 3440 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:21:32.0215 3440 usbprint - ok 21:21:32.0246 3440 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 21:21:32.0246 3440 usbscan - ok 21:21:32.0261 3440 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:21:32.0261 3440 USBSTOR - ok 21:21:32.0308 3440 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:21:32.0308 3440 usbuhci - ok 21:21:32.0371 3440 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 21:21:32.0371 3440 usbvideo - ok 21:21:32.0402 3440 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 21:21:32.0417 3440 UxSms - ok 21:21:32.0433 3440 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 21:21:32.0449 3440 VaultSvc - ok 21:21:32.0480 3440 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:21:32.0480 3440 vdrvroot - ok 21:21:32.0527 3440 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 21:21:32.0558 3440 vds - ok 21:21:32.0573 3440 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:21:32.0573 3440 vga - ok 21:21:32.0605 3440 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 21:21:32.0605 3440 VgaSave - ok 21:21:32.0683 3440 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:21:32.0683 3440 vhdmp - ok 21:21:32.0776 3440 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 21:21:32.0776 3440 viaide - ok 21:21:32.0792 3440 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:21:32.0792 3440 volmgr - ok 21:21:32.0839 3440 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:21:32.0839 3440 volmgrx - ok 21:21:32.0885 3440 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:21:32.0885 3440 volsnap - ok 21:21:32.0917 3440 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 21:21:32.0932 3440 vsmraid - ok 21:21:33.0010 3440 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 21:21:33.0057 3440 VSS - ok 21:21:33.0088 3440 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 21:21:33.0088 3440 vwifibus - ok 21:21:33.0104 3440 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:21:33.0104 3440 vwififlt - ok 21:21:33.0151 3440 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 21:21:33.0182 3440 W32Time - ok 21:21:33.0213 3440 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 21:21:33.0213 3440 WacomPen - ok 21:21:33.0275 3440 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:21:33.0275 3440 WANARP - ok 21:21:33.0291 3440 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:21:33.0291 3440 Wanarpv6 - ok 21:21:33.0369 3440 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 21:21:33.0416 3440 wbengine - ok 21:21:33.0447 3440 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:21:33.0447 3440 WbioSrvc - ok 21:21:33.0494 3440 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:21:33.0509 3440 wcncsvc - ok 21:21:33.0525 3440 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:21:33.0572 3440 WcsPlugInService - ok 21:21:33.0634 3440 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 21:21:33.0634 3440 Wd - ok 21:21:33.0697 3440 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:21:33.0712 3440 Wdf01000 - ok 21:21:33.0728 3440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:21:33.0806 3440 WdiServiceHost - ok 21:21:33.0806 3440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:21:33.0806 3440 WdiSystemHost - ok 21:21:33.0853 3440 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 21:21:33.0868 3440 WebClient - ok 21:21:33.0899 3440 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:21:33.0915 3440 Wecsvc - ok 21:21:33.0931 3440 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:21:33.0931 3440 wercplsupport - ok 21:21:33.0962 3440 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 21:21:33.0977 3440 WerSvc - ok 21:21:34.0024 3440 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:21:34.0024 3440 WfpLwf - ok 21:21:34.0040 3440 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:21:34.0040 3440 WIMMount - ok 21:21:34.0071 3440 WinDefend - ok 21:21:34.0087 3440 WinHttpAutoProxySvc - ok 21:21:34.0180 3440 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:21:34.0211 3440 Winmgmt - ok 21:21:34.0321 3440 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 21:21:34.0383 3440 WinRM - ok 21:21:34.0445 3440 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:21:34.0445 3440 WinUsb - ok 21:21:34.0523 3440 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 21:21:34.0539 3440 Wlansvc - ok 21:21:34.0586 3440 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:21:34.0586 3440 WmiAcpi - ok 21:21:34.0617 3440 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:21:34.0633 3440 wmiApSrv - ok 21:21:34.0664 3440 WMPNetworkSvc - ok 21:21:34.0711 3440 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:21:34.0773 3440 WPCSvc - ok 21:21:34.0820 3440 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:21:34.0882 3440 WPDBusEnum - ok 21:21:34.0960 3440 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:21:34.0960 3440 ws2ifsl - ok 21:21:34.0991 3440 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 21:21:35.0054 3440 wscsvc - ok 21:21:35.0069 3440 WSearch - ok 21:21:35.0194 3440 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 21:21:35.0241 3440 wuauserv - ok 21:21:35.0272 3440 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:21:35.0272 3440 WudfPf - ok 21:21:35.0366 3440 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:21:35.0366 3440 WUDFRd - ok 21:21:35.0444 3440 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:21:35.0444 3440 wudfsvc - ok 21:21:35.0475 3440 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 21:21:35.0491 3440 WwanSvc - ok 21:21:35.0506 3440 ================ Scan global =============================== 21:21:35.0537 3440 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 21:21:35.0600 3440 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:21:35.0615 3440 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:21:35.0662 3440 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 21:21:35.0709 3440 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 21:21:35.0740 3440 [Global] - ok 21:21:35.0740 3440 ================ Scan MBR ================================== 21:21:35.0771 3440 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 21:21:36.0380 3440 \Device\Harddisk0\DR0 - ok 21:21:36.0380 3440 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1 21:21:38.0314 3440 \Device\Harddisk1\DR1 - ok 21:21:38.0314 3440 ================ Scan VBR ================================== 21:21:38.0314 3440 [ EBE9BE87BFD9D6474AEADD5D4E977EAD ] \Device\Harddisk0\DR0\Partition1 21:21:38.0330 3440 \Device\Harddisk0\DR0\Partition1 - ok 21:21:38.0345 3440 [ B17DB1DA77E82DEB12AC8E5A355F2C3C ] \Device\Harddisk0\DR0\Partition2 21:21:38.0345 3440 \Device\Harddisk0\DR0\Partition2 - ok 21:21:38.0345 3440 [ 33555DD44ED748DF3C2CDE891A90AFBA ] \Device\Harddisk1\DR1\Partition1 21:21:38.0345 3440 \Device\Harddisk1\DR1\Partition1 - ok 21:21:38.0361 3440 ============================================================ 21:21:38.0361 3440 Scan finished 21:21:38.0361 3440 ============================================================ 21:21:38.0377 3784 Detected object count: 0 21:21:38.0377 3784 Actual detected object count: 0 DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.17.2 Run by Karre at 21:23:11 on 2013-03-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3956.2687 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\PLFSetI.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Users\Karre\AppData\Roaming\KB00845595.exe C:\Users\Karre\AppData\Roaming\Iczuwy\isob.exe svchost.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Video Web Camera\traybar.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://packardbell.msn.com uDefault_Page_URL = hxxp://packardbell.msn.com mStart Page = hxxp://packardbell.msn.com mDefault_Page_URL = hxxp://packardbell.msn.com uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [mxexclme] C:\Users\Karre\AppData\Local\Temp\Plnqrurx\npcipclme.exe uRun: [Iduqirvi] C:\Users\Karre\AppData\Roaming\Hiamib\zufa.exe uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe uRun: [winva] "C:\Users\Karre\AppData\Roaming\winva.exe" -autorun uRun: [logonqu] "C:\Users\Karre\AppData\Roaming\logonqu.exe" -autorun uRun: [Pouka] C:\Users\Karre\AppData\Roaming\Iczuwy\isob.exe uRun: [KB00845595.exe] "C:\Users\Karre\AppData\Roaming\KB00845595.exe" mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TCP: NameServer = 192.168.178.1 TCP: Interfaces\{0174DE3D-ABB3-4E46-964D-0A27755B40E5} : DHCPNameServer = 192.168.178.1 SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = hxxp://packardbell.msn.com x64-mDefault_Page_URL = hxxp://packardbell.msn.com x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=EACA685B-237A-4173-AFA4-36B9AA892EC9&apn_ptnrs=&apn_sauid=A9EDEF40-7D81-4281-B212-3B5C59253A60&apn_dtid=OSJ000&&q= FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - component: C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: !HIDDEN! 2011-01-08 18:23; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-11 55024] R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-8 27800] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-11 202752] R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-8 86752] R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-8 110816] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-8 99912] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-11 321104] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-11-11 868896] R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-6-28 255744] R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-11 2320920] R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-9-8 243232] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-11 56344] R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-8 406056] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312] S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-6-10 40448] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-2 59392] . =============== Created Last 30 ================ . 2013-03-09 10:21:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-09 10:14:41 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2013-03-09 09:23:55 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6B1B255-B273-4A25-94C7-766BE6499D1E}\mpengine.dll 2013-03-08 11:40:24 97792 ----a-w- C:\Users\Karre\AppData\Roaming\KB00845595.exe 2013-03-08 11:40:24 -------- d--h--w- C:\Users\Karre\AppData\Roaming\9D65552A 2013-03-08 11:20:03 -------- d-----w- C:\Users\Karre\AppData\Roaming\Iczuwy 2013-03-08 11:20:03 -------- d-----w- C:\Users\Karre\AppData\Roaming\Feulat 2013-03-08 11:20:03 -------- d-----w- C:\Users\Karre\AppData\Roaming\Duray 2013-03-08 11:07:26 -------- d-----w- C:\Users\Karre\AppData\Roaming\Avira 2013-03-08 11:01:41 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2013-03-08 11:01:41 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys 2013-03-08 11:01:02 -------- d-----w- C:\ProgramData\Avira 2013-03-08 11:01:02 -------- d-----w- C:\Program Files (x86)\Avira 2013-03-08 09:07:52 -------- d-----w- C:\Users\Karre\AppData\Roaming\Ysoh 2013-03-08 09:07:52 -------- d-----w- C:\Users\Karre\AppData\Roaming\Vyacbo 2013-03-08 09:07:51 -------- d-----w- C:\Users\Karre\AppData\Roaming\Ubha 2013-03-07 09:17:58 -------- d-----w- C:\Users\Karre\AppData\Roaming\Woxu 2013-03-07 09:17:58 -------- d-----w- C:\Users\Karre\AppData\Roaming\Unsy 2013-03-07 09:17:58 -------- d-----w- C:\Users\Karre\AppData\Roaming\Exfe 2013-03-07 09:06:12 -------- d-----w- C:\Users\Karre\AppData\Roaming\Veyr 2013-03-07 09:06:12 -------- d-----w- C:\Users\Karre\AppData\Roaming\Lyfy 2013-03-07 09:06:12 -------- d-----w- C:\Users\Karre\AppData\Roaming\Lavih 2013-03-06 08:51:01 -------- d-----w- C:\Users\Karre\AppData\Roaming\Inbumu 2013-03-06 08:51:01 -------- d-----w- C:\Users\Karre\AppData\Roaming\Igycva 2013-03-06 08:51:01 -------- d-----w- C:\Users\Karre\AppData\Roaming\Eqfe 2013-02-26 10:08:22 -------- d-----w- C:\Users\Karre\AppData\Local\Samsung 2013-02-26 10:08:21 -------- d-----w- C:\Users\Karre\AppData\Roaming\Samsung 2013-02-26 10:00:31 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll 2013-02-26 10:00:20 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll 2013-02-26 09:59:47 -------- d-----w- C:\ProgramData\Samsung 2013-02-26 09:59:47 -------- d-----w- C:\Program Files (x86)\Samsung 2013-02-26 09:51:15 -------- d-----w- C:\Users\Karre\AppData\Local\Downloaded Installations 2013-02-26 09:04:11 -------- d-----w- C:\Users\Karre\AppData\Roaming\Hiamib 2013-02-26 09:04:11 -------- d-----w- C:\Users\Karre\AppData\Roaming\Hapun 2013-02-26 09:04:11 -------- d-----w- C:\Users\Karre\AppData\Roaming\Cesi 2013-02-14 10:14:41 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 10:14:40 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 09:33:47 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-14 09:33:44 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-14 09:33:43 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-14 09:33:39 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-14 09:33:38 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-14 09:33:38 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-14 09:33:37 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-14 09:33:37 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-14 09:33:37 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-14 09:33:37 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-14 09:33:34 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-14 09:33:34 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2013-03-09 10:21:40 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-09 10:21:40 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-24 10:05:42 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-24 10:05:42 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-17 00:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll . ============= FINISH: 21:23:38,43 =============== und DDS Attach: Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 07.01.2011 13:07:02 System Uptime: 09.03.2013 21:14:56 (0 hours ago) . Motherboard: Packard Bell | | SJV71_CP Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU 1 | 1975/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 453 GiB total, 394,997 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP229: 05.02.2013 10:02:31 - Windows Update RP230: 08.02.2013 10:34:50 - Windows Update RP231: 12.02.2013 09:58:32 - Windows Update RP232: 14.02.2013 11:12:39 - Windows Update RP233: 19.02.2013 10:11:55 - Windows Update RP234: 25.02.2013 15:21:06 - Installed Java 7 Update 15 RP235: 26.02.2013 09:55:48 - Windows Update RP236: 26.02.2013 10:59:19 - Installed Samsung Kies RP237: 02.03.2013 10:31:44 - Windows Update RP238: 05.03.2013 10:45:00 - Windows Update RP239: 09.03.2013 10:22:55 - Windows Update RP240: 09.03.2013 11:20:51 - Installed Java 7 Update 17 . ==== Installed Programs ====================== . 1310 1310_Help 1310Trb 64 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 8.0 Adobe Reader X (10.1.6) - Deutsch Advertising Center Agatha Christie - Death on the Nile AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Alcor Micro USB Card Reader Ask Toolbar Ask Toolbar Updater ATI Catalyst Install Manager Avira Free Antivirus Backup Manager Basic Bejeweled 2 Deluxe Bing Bar Broadcom Gigabit NetLink Controller BufferChm Build-a-lot 2 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Compatibility Pack für 2007 Office System Copy CVE-2012-4969 Destinations DeviceDiscovery Diner Dash 2 Restaurant Rescue DocProc eBay Worldwide Farm Frenzy FATE Fax Final Drive Nitro GMX MailCheck für Mozilla Firefox GMX Softwareaktualisierung Google Chrome Google Earth Google Update Helper GPBaseService2 Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply Identity Card ImagXpress Insaniquarium Deluxe Intel(R) Management Engine Components Intel(R) Rapid Storage Technology Java 7 Update 17 Java Auto Updater JavaFX 2.1.1 Jewel Quest Solitaire 2 John Deere Drive Green Junk Mail filter update Launch Manager MarketResearch McAfee Security Scan Plus Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Microsoft Office File Validation Add-In Microsoft Office FrontPage 2003 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote 2003 Microsoft Office Professional Edition 2003 Microsoft Office Project Professional 2003 Microsoft Office Visio Professional 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 19.0.2 (x86 de) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml Network64 Norton Online Backup OCR Software by I.R.I.S. 13.0 Packard Bell Game Console Packard Bell Games Packard Bell InfoCentre Packard Bell MyBackup Packard Bell Power Management Packard Bell Recovery Management Packard Bell Registration Packard Bell ScreenSaver Packard Bell Social Networks Packard Bell Updater Penguins! Plants vs. Zombies Polar Bowler Polar Golfer Realtek High Definition Audio Driver Samsung Kies SAMSUNG USB Driver for Mobile Phones Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Shop for HP Supplies SmartWebPrinting SolutionCenter Status Synaptics Pointing Device Driver Toolbox TrayApp UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Video Web Camera Virtual Villagers 4 - The Tree of Life WebReg Welcome Center Windows Live-Uploadtool Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Writer Zuma's Revenge Zuma Deluxe . ==== End Of File =========================== Viele Grüße Karre |
09.03.2013, 23:15 | #4 |
/// TB-Ausbilder | TR/Matsnu.A.85 TR/PSW.Zbot.1970 Prinzipiell ist das denkbar, aber eher unwahrscheinlich, wenn du nur Daten kopierst. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte AdwCleaner auf deinen Desktop. Schritt 3: Temporäre Dateien löschen mit TFC
Schritt 4: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.03.2013, 14:04 | #5 |
| TR/Matsnu.A.85 TR/PSW.Zbot.1970 Hallo Ryder. Mit Deiner Anleitung komme ich im Moment leider nicht weiter. Mein Laptop spinnt mittlerweile dermaßen, dass er bereits im Windows Explorer keine Rückmeldung anzeigt oder spätestens während der versuchten Deinstallation der Toolbar streikt (er fordert dann auf, vor Beendigung der Deinstallation sämtliche Internet Browser zu schließen, obwohl keine geöffnet sind). Wie soll ich nun weiter vorgehen? Wäre eine komplette Neuformatierung des Laptops sinnvoll? Viele fragende Grüße aus dem Frankenland ins Frankenland Karre Geändert von Karre (10.03.2013 um 14:07 Uhr) Grund: ein beschriebenes Problem ist behoben |
10.03.2013, 14:17 | #6 |
/// TB-Ausbilder | TR/Matsnu.A.85 TR/PSW.Zbot.1970 Sinnvoll kann das immer sein. Wir können auch erstmal alternativ weiter machen. Scan mit Farbar's Recovery Scan Tool
__________________ --> TR/Matsnu.A.85 TR/PSW.Zbot.1970 |
10.03.2013, 14:52 | #7 |
| TR/Matsnu.A.85 TR/PSW.Zbot.1970 Hallo Ryder, hier FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 Ran by SYSTEM at 10-03-2013 14:50:15 Running from G:\ Windows 7 Home Premium (X64) OS Language: German Standard The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [206208 2010-06-09] () HKLM\...\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k [263936 2010-06-28] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [600688 2010-07-15] (Chicony) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [385248 2013-03-08] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] () HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] () HKU\Karre\...\Run: [Iduqirvi] C:\Users\Karre\AppData\Roaming\Hiamib\zufa.exe [x] HKU\Karre\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1509232 2013-02-13] (Samsung) HKU\Karre\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x] HKU\Karre\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung) HKU\Karre\...\Run: [winva] "C:\Users\Karre\AppData\Roaming\winva.exe" -autorun [x] HKU\Karre\...\Run: [logonqu] "C:\Users\Karre\AppData\Roaming\logonqu.exe" -autorun [248832 1687-06-26] (?????????? ??????????) HKU\Karre\...\Run: [KB00845595.exe] "C:\Users\Karre\AppData\Roaming\KB00845595.exe" [89088 2013-03-10] (Exiland Software) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Schnellstart.lnk ShortcutTarget: Microsoft Office OneNote 2003 Schnellstart.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86752 2013-03-08] (Avira Operations GmbH & Co. KG) 2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110816 2013-03-08] (Avira Operations GmbH & Co. KG) 2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated) 3 GameConsoleService; "C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe" [246520 2010-04-03] (WildTangent, Inc.) 2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe" [235216 2013-02-05] (McAfee, Inc.) 2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation) 2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.) 2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group) 3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [x] ==================== Drivers (Whitelisted) ===================== 2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [99912 2013-03-08] (Avira Operations GmbH & Co. KG) 1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [129216 2013-03-08] (Avira Operations GmbH & Co. KG) 1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27800 2013-03-08] (Avira Operations GmbH & Co. KG) 3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-03-09 12:23 - 2013-03-09 12:23 - 00022221 ____A C:\Users\Karre\Desktop\dds.txt 2013-03-09 12:23 - 2013-03-09 12:23 - 00007816 ____A C:\Users\Karre\Desktop\attach.txt 2013-03-09 12:22 - 2013-03-09 12:03 - 00700783 ____R (Swearware) C:\Users\Karre\Desktop\dds+.exe 2013-03-09 12:20 - 2013-03-09 12:03 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Karre\Desktop\tdsskiller.exe 2013-03-09 12:15 - 2013-03-09 12:04 - 04732416 ____A (AVAST Software) C:\Users\Karre\Desktop\aswMBR.exe 2013-03-09 10:27 - 2013-03-09 10:27 - 00000000 ____A C:\Users\Karre\defogger_reenable 2013-03-09 02:22 - 2013-03-09 02:21 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-03-09 02:21 - 2013-03-09 02:21 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-03-09 02:21 - 2013-03-09 02:21 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-03-09 02:21 - 2013-03-09 02:21 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-03-09 02:21 - 2013-03-09 02:21 - 00000000 ____D C:\Program Files (x86)\Java 2013-03-09 01:57 - 2013-03-09 02:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-03-09 01:57 - 2013-03-09 02:14 - 00001163 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-03-09 01:57 - 2013-03-09 02:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-03-09 01:52 - 2013-03-09 01:52 - 20427472 ____A (Mozilla) C:\Users\Karre\Downloads\Firefox_Setup_19.0.2.exe 2013-03-08 03:40 - 2013-03-10 05:36 - 00000000 ___HD C:\Users\Karre\AppData\Roaming\9D65552A 2013-03-08 03:40 - 2013-03-10 04:29 - 00089088 ____A (Exiland Software) C:\Users\Karre\AppData\Roaming\KB00845595.exe 2013-03-08 03:20 - 2013-03-10 05:00 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Iczuwy 2013-03-08 03:20 - 2013-03-09 02:20 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Duray 2013-03-08 03:20 - 2013-03-08 03:20 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Feulat 2013-03-08 03:07 - 2013-03-08 03:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Avira 2013-03-08 03:01 - 2013-03-08 03:01 - 00002006 ____A C:\Users\Public\Desktop\Avira Control Center.lnk 2013-03-08 03:01 - 2013-03-08 03:01 - 00000000 ____D C:\ProgramData\Avira 2013-03-08 03:01 - 2013-03-08 03:01 - 00000000 ____D C:\Program Files (x86)\Avira 2013-03-08 03:01 - 2013-03-08 02:54 - 00129216 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-03-08 03:01 - 2013-03-08 02:54 - 00099912 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-03-08 03:01 - 2013-03-08 02:54 - 00027800 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys 2013-03-08 02:51 - 2013-03-08 02:51 - 02086240 ____A C:\Users\Karre\Downloads\avira_free_antivirus (1).exe 2013-03-08 01:17 - 2013-03-08 01:17 - 02086240 ____A C:\Users\Karre\Downloads\avira_free_antivirus.exe 2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Ysoh 2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Vyacbo 2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Ubha 2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Woxu 2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Unsy 2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Exfe 2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Veyr 2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Lyfy 2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Lavih 2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Inbumu 2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Igycva 2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Eqfe 2013-02-26 02:08 - 2013-02-26 02:45 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\Documents\samsung 2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Samsung 2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\AppData\Local\Samsung 2013-02-26 02:00 - 2013-02-05 08:53 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll 2013-02-26 02:00 - 2013-02-05 08:52 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll 2013-02-26 01:59 - 2013-02-26 07:15 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-02-26 01:59 - 2013-02-26 02:06 - 00000000 ____D C:\ProgramData\Samsung 2013-02-26 01:51 - 2013-02-26 01:51 - 00000000 ____D C:\Users\Karre\AppData\Local\Downloaded Installations 2013-02-26 01:46 - 2013-02-26 01:46 - 00393048 ____A (Softonic ) C:\Users\Karre\Downloads\SoftonicDownloader_fuer_samsung-kies.exe 2013-02-26 01:04 - 2013-03-08 01:10 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Hiamib 2013-02-26 01:04 - 2013-03-07 01:32 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Cesi 2013-02-26 01:04 - 2013-02-26 01:04 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Hapun 2013-02-25 10:13 - 2013-02-25 10:13 - 00000000 ____D C:\Windows\Sun 2013-02-14 02:13 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-02-14 02:13 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-02-14 02:13 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-02-14 02:13 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-02-14 02:13 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-02-14 02:13 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-02-14 02:13 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-02-14 02:13 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-02-14 02:13 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-02-14 02:13 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-02-14 02:13 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-02-14 02:13 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-02-14 02:13 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-02-14 02:13 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-02-14 02:13 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-02-14 02:13 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-02-14 02:13 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-02-14 02:13 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-02-14 02:13 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-02-14 02:13 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-02-14 02:13 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-02-14 02:13 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-02-14 02:13 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-02-14 02:13 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-02-14 02:13 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-02-14 02:13 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-02-14 02:13 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-02-14 02:13 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-02-14 02:13 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-02-14 02:13 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-02-14 02:13 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-02-14 02:13 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-02-14 01:33 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-02-14 01:33 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-02-14 01:33 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-02-14 01:33 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-02-14 01:33 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-02-14 01:33 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-02-14 01:33 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-02-14 01:33 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-02-14 01:33 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-02-14 01:33 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-02-14 01:33 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-02-14 01:33 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 1376-546-00 63031:16384 - 1687-06-26 20:36 - 00248832 ____N (?????????? ??????????) C:\Users\Karre\AppData\Roaming\logonqu.exe ==================== One Month Modified Files and Folders ======= 2013-03-10 05:39 - 2011-01-13 02:35 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-03-10 05:39 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-03-10 05:39 - 2009-07-13 20:51 - 00110441 ____A C:\Windows\setupact.log 2013-03-10 05:39 - 2009-07-13 20:45 - 00017376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-03-10 05:39 - 2009-07-13 20:45 - 00017376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-03-10 05:38 - 2010-11-10 21:41 - 02041239 ____A C:\Windows\WindowsUpdate.log 2013-03-10 05:36 - 2013-03-08 03:40 - 00000000 ___HD C:\Users\Karre\AppData\Roaming\9D65552A 2013-03-10 05:09 - 2010-11-11 06:30 - 00654400 ____A C:\Windows\System32\perfh007.dat 2013-03-10 05:09 - 2010-11-11 06:30 - 00130240 ____A C:\Windows\System32\perfc007.dat 2013-03-10 05:09 - 2009-07-13 21:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI 2013-03-10 05:04 - 2011-01-13 10:57 - 00000000 ____D C:\Users\Karre\Documents\Bewerbungen 2013-03-10 05:00 - 2013-03-08 03:20 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Iczuwy 2013-03-10 04:41 - 2011-01-13 02:35 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-03-10 04:29 - 2013-03-08 03:40 - 00089088 ____A (Exiland Software) C:\Users\Karre\AppData\Roaming\KB00845595.exe 2013-03-09 12:23 - 2013-03-09 12:23 - 00022221 ____A C:\Users\Karre\Desktop\dds.txt 2013-03-09 12:23 - 2013-03-09 12:23 - 00007816 ____A C:\Users\Karre\Desktop\attach.txt 2013-03-09 12:04 - 2013-03-09 12:15 - 04732416 ____A (AVAST Software) C:\Users\Karre\Desktop\aswMBR.exe 2013-03-09 12:03 - 2013-03-09 12:22 - 00700783 ____R (Swearware) C:\Users\Karre\Desktop\dds+.exe 2013-03-09 12:03 - 2013-03-09 12:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Karre\Desktop\tdsskiller.exe 2013-03-09 11:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-03-09 10:27 - 2013-03-09 10:27 - 00000000 ____A C:\Users\Karre\defogger_reenable 2013-03-09 10:27 - 2011-01-07 04:07 - 00000000 ____D C:\users\Karre 2013-03-09 02:27 - 2013-03-09 01:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-03-09 02:21 - 2013-03-09 02:22 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-03-09 02:21 - 2013-03-09 02:21 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-03-09 02:21 - 2013-03-09 02:21 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-03-09 02:21 - 2013-03-09 02:21 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-03-09 02:21 - 2013-03-09 02:21 - 00000000 ____D C:\Program Files (x86)\Java 2013-03-09 02:21 - 2012-07-13 03:22 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-03-09 02:21 - 2012-07-13 03:22 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-03-09 02:20 - 2013-03-08 03:20 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Duray 2013-03-09 02:14 - 2013-03-09 01:57 - 00001163 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-03-09 02:14 - 2013-03-09 01:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-03-09 01:52 - 2013-03-09 01:52 - 20427472 ____A (Mozilla) C:\Users\Karre\Downloads\Firefox_Setup_19.0.2.exe 2013-03-09 01:17 - 2011-01-07 04:07 - 00000000 ____D C:\Users\Karre\AppData\Local\VirtualStore 2013-03-08 03:20 - 2013-03-08 03:20 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Feulat 2013-03-08 03:08 - 2011-06-07 01:07 - 00197168 ____A C:\Windows\PFRO.log 2013-03-08 03:07 - 2013-03-08 03:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Avira 2013-03-08 03:07 - 2010-09-07 19:06 - 00000000 ____D C:\ProgramData\Norton 2013-03-08 03:01 - 2013-03-08 03:01 - 00002006 ____A C:\Users\Public\Desktop\Avira Control Center.lnk 2013-03-08 03:01 - 2013-03-08 03:01 - 00000000 ____D C:\ProgramData\Avira 2013-03-08 03:01 - 2013-03-08 03:01 - 00000000 ____D C:\Program Files (x86)\Avira 2013-03-08 02:54 - 2013-03-08 03:01 - 00129216 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-03-08 02:54 - 2013-03-08 03:01 - 00099912 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-03-08 02:54 - 2013-03-08 03:01 - 00027800 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys 2013-03-08 02:51 - 2013-03-08 02:51 - 02086240 ____A C:\Users\Karre\Downloads\avira_free_antivirus (1).exe 2013-03-08 01:17 - 2013-03-08 01:17 - 02086240 ____A C:\Users\Karre\Downloads\avira_free_antivirus.exe 2013-03-08 01:10 - 2013-02-26 01:04 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Hiamib 2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Ysoh 2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Vyacbo 2013-03-08 01:07 - 2013-03-08 01:07 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Ubha 2013-03-07 01:32 - 2013-02-26 01:04 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Cesi 2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Woxu 2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Unsy 2013-03-07 01:17 - 2013-03-07 01:17 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Exfe 2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Veyr 2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Lyfy 2013-03-07 01:06 - 2013-03-07 01:06 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Lavih 2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Inbumu 2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Igycva 2013-03-06 00:51 - 2013-03-06 00:51 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Eqfe 2013-03-05 01:44 - 2011-01-13 02:37 - 00002195 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-02-26 07:15 - 2013-02-26 01:59 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-02-26 02:45 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\Documents\samsung 2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Samsung 2013-02-26 02:08 - 2013-02-26 02:08 - 00000000 ____D C:\Users\Karre\AppData\Local\Samsung 2013-02-26 02:06 - 2013-02-26 01:59 - 00000000 ____D C:\ProgramData\Samsung 2013-02-26 02:00 - 2010-09-07 19:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-02-26 01:51 - 2013-02-26 01:51 - 00000000 ____D C:\Users\Karre\AppData\Local\Downloaded Installations 2013-02-26 01:46 - 2013-02-26 01:46 - 00393048 ____A (Softonic ) C:\Users\Karre\Downloads\SoftonicDownloader_fuer_samsung-kies.exe 2013-02-26 01:04 - 2013-02-26 01:04 - 00000000 ____D C:\Users\Karre\AppData\Roaming\Hapun 2013-02-25 10:13 - 2013-02-25 10:13 - 00000000 ____D C:\Windows\Sun 2013-02-24 02:05 - 2012-04-24 06:55 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-02-24 02:05 - 2012-04-24 06:55 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-02-24 02:04 - 2010-09-07 19:05 - 00000000 ____D C:\ProgramData\Adobe 2013-02-15 06:47 - 2009-07-13 20:45 - 00367248 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-14 02:22 - 2009-07-13 18:34 - 00000534 ____A C:\Windows\win.ini 2013-02-14 02:18 - 2011-02-21 08:52 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-02-10 01:11 - 2012-11-21 00:58 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan 2013-02-09 01:05 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-02-25 06:21:41 Restore point made on: 2013-02-26 00:57:33 Restore point made on: 2013-02-26 01:59:31 Restore point made on: 2013-03-02 01:32:17 Restore point made on: 2013-03-05 01:45:30 Restore point made on: 2013-03-08 01:06:59 Restore point made on: 2013-03-08 01:07:06 Restore point made on: 2013-03-08 02:16:21 Restore point made on: 2013-03-08 02:28:54 Restore point made on: 2013-03-09 01:23:31 Restore point made on: 2013-03-09 02:21:11 Restore point made on: 2013-03-10 04:59:01 Restore point made on: 2013-03-10 04:59:16 Restore point made on: 2013-03-10 04:59:43 Restore point made on: 2013-03-10 05:30:10 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 3956.5 MB Available physical RAM: 3246.79 MB Total Pagefile: 3954.64 MB Available Pagefile: 3238.52 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (Packard Bell) (Fixed) (Total:452.97 GB) (Free:398.54 GB) NTFS 2 Drive e: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:0.87 GB) NTFS 4 Drive g: () (Removable) (Total:1.96 GB) (Free:1.17 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Datentr„ger ### Status Gr”áe Frei Dyn GPT --------------- ------------- ------- ------- --- --- Datentr„ger 0 Online 465 GB 0 B Datentr„ger 1 Online 2006 MB 0 B Partitions of Disk 0: =============== Datentr„ger-ID: 4FFE4FFE Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Wiederherstellun 12 GB 1024 KB Partition 2 Prim„r 100 MB 12 GB Partition 3 Prim„r 452 GB 12 GB ================================================================================== Disk: 0 Partition 1 Typ : 27 Versteckt: Ja Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E PQSERVICE NTFS Partition 12 GB Fehlerfre Versteck ========================================================= Disk: 0 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Fehlerfre ========================================================= Disk: 0 Partition 3 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Packard Bel NTFS Partition 452 GB Fehlerfre ========================================================= Partitions of Disk 1: =============== Datentr„ger-ID: 005B7DEF Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 2006 MB 16 KB ================================================================================== Disk: 1 Partition 1 Typ : 06 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT Wechselmed 2006 MB Fehlerfre ========================================================= ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: 4FFE4FFE Partition 1: =========== Hex: 0020210027FEFFFF0008000000409601 Active: NO Type: 27 Size: 13 GB Partition 2: =========== Hex: 80FEFFFF07FEFFFF0048960100200300 Active: YES Type: 07 (NTFS) Size: 100 MB Partition 3: =========== Hex: 00FEFFFF07FEFFFF0068990130F09E38 Active: NO Type: 07 (NTFS) Size: 453 GB ============================== Partitions of Disk 1: =============== Disk ID: 005B7DEF Partition 1: =========== Hex: 800101000601FFFF20000000E0B33E00 Active: YES Type: 06 Size: 2 GB Last Boot: 2013-03-09 11:00 ==================== End Of Log ============================= Karre |
10.03.2013, 15:13 | #8 |
/// TB-Ausbilder | TR/Matsnu.A.85 TR/PSW.Zbot.1970 Meine Güte! Sowas hab ich ja noch nie gesehen, so voller Malware ... meine Hochachtung ... Fix mit FRST
Berichte ob du jetzt die anderen Schritte durchführen kannst.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.03.2013, 15:40 | #9 |
| TR/Matsnu.A.85 TR/PSW.Zbot.1970 Danke Danke für die Blumen, ich hab mir wirklich große Mühe gegeben. Hier die Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-03-2013 Ran by SYSTEM at 2013-03-10 15:37:54 Run:1 Running from G:\ ============================================== HKEY_USERS\Karre\Software\Microsoft\Windows\CurrentVersion\Run\\winva Value deleted successfully. HKEY_USERS\Karre\Software\Microsoft\Windows\CurrentVersion\Run\\logonqu Value deleted successfully. HKEY_USERS\Karre\Software\Microsoft\Windows\CurrentVersion\Run\\KB00845595.exe Value deleted successfully. HKEY_USERS\Karre\Software\Microsoft\Windows\CurrentVersion\Run\\Iduqirvi Value deleted successfully. C:\Users\Karre\AppData\Roaming\Iczuwy moved successfully. C:\Users\Karre\AppData\Roaming\Duray moved successfully. C:\Users\Karre\AppData\Roaming\KB00845595.exe moved successfully. C:\Users\Karre\AppData\Roaming\logonqu.exe moved successfully. C:\Users\Karre\AppData\Roaming\winva.exe not found. C:\Users\Karre\AppData\Roaming\Ysoh moved successfully. C:\Users\Karre\AppData\Roaming\Vyacbo moved successfully. C:\Users\Karre\AppData\Roaming\Ubha moved successfully. C:\Users\Karre\AppData\Roaming\Woxu moved successfully. C:\Users\Karre\AppData\Roaming\Unsy moved successfully. C:\Users\Karre\AppData\Roaming\Exfe moved successfully. C:\Users\Karre\AppData\Roaming\Veyr moved successfully. C:\Users\Karre\AppData\Roaming\Lyfy moved successfully. C:\Users\Karre\AppData\Roaming\Lavih moved successfully. C:\Users\Karre\AppData\Roaming\Inbumu moved successfully. C:\Users\Karre\AppData\Roaming\Igycva moved successfully. C:\Users\Karre\AppData\Roaming\Eqfe moved successfully. C:\Users\Karre\AppData\Roaming\Hiamib moved successfully. C:\Users\Karre\AppData\Roaming\Cesi moved successfully. C:\Users\Karre\AppData\Roaming\Hapun moved successfully. ==== End of Fixlog ==== |
10.03.2013, 15:54 | #10 | |
/// TB-Ausbilder | TR/Matsnu.A.85 TR/PSW.Zbot.1970Zitat:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.03.2013, 16:10 | #11 |
| TR/Matsnu.A.85 TR/PSW.Zbot.1970 Entschuldige, den letzten Satz hatte ich überlesen. Also: Ask Toolbar und Bing Bar habe ich deinstalliert, Downloader sehe ich keine. Cleaner auch nicht. McAfee ist deinstalliert, Von Java habe ich Java 7 Update 17 und Java FX 2.1.1. Sollen die auch runter? Von den restlichen Programmen habe ich keines. Gruß |
10.03.2013, 16:15 | #12 |
/// TB-Ausbilder | TR/Matsnu.A.85 TR/PSW.Zbot.1970 Nein die bleiben. Dann weiter.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.03.2013, 16:52 | #13 |
| TR/Matsnu.A.85 TR/PSW.Zbot.1970 So. AdwCleaner: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 10/03/2013 um 16:17:38 erstellt # Aktualisiert am 05/03/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Karre - KARRE-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Karre\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\searchplugins\11-suche.xml Datei Gelöscht : C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\searchplugins\Askcom.xml Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk Ordner Gelöscht : C:\ProgramData\Ask ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0.2 (de) Datei : C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\prefs.js C:\Users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.order.1", "Ask.com"); Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com"); Gelöscht : user_pref("browser.search.defaultengine", "Ask.com"); Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com"); -\\ Google Chrome v25.0.1364.152 Datei : C:\Users\Karre\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [2189 octets] - [10/03/2013 16:17:38] ########## EOF - C:\AdwCleaner[S1].txt - [2249 octets] ########## Code:
ATTFilter ComboFix 13-03-10.02 - Karre 10.03.2013 16:42:54.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3956.2749 [GMT 1:00] ausgeführt von:: c:\users\Karre\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\muzapp.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-02-10 bis 2013-03-10 )))))))))))))))))))))))))))))) . . 2013-03-10 22:50 . 2013-03-10 22:50 -------- d-----w- C:\FRST 2013-03-10 15:47 . 2013-03-10 15:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-09 09:57 . 2013-03-09 10:27 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-03-09 09:23 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6B1B255-B273-4A25-94C7-766BE6499D1E}\mpengine.dll 2013-03-08 11:40 . 2013-03-10 13:36 -------- d--h--w- c:\users\Karre\AppData\Roaming\9D65552A 2013-03-08 11:20 . 2013-03-08 11:20 -------- d-----w- c:\users\Karre\AppData\Roaming\Feulat 2013-03-08 11:07 . 2013-03-08 11:07 -------- d-----w- c:\users\Karre\AppData\Roaming\Avira 2013-03-08 11:01 . 2013-03-08 10:54 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-08 11:01 . 2013-03-08 10:54 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-08 11:01 . 2013-03-08 10:54 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-08 11:01 . 2013-03-08 11:01 -------- d-----w- c:\programdata\Avira 2013-03-08 11:01 . 2013-03-08 11:01 -------- d-----w- c:\program files (x86)\Avira 2013-02-26 10:08 . 2013-02-26 10:08 -------- d-----w- c:\users\Karre\AppData\Local\Samsung 2013-02-26 10:08 . 2013-02-26 10:08 -------- d-----w- c:\users\Karre\AppData\Roaming\Samsung 2013-02-26 10:00 . 2013-02-05 16:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll 2013-02-26 10:00 . 2013-02-05 16:52 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll 2013-02-26 09:59 . 2013-02-26 15:15 -------- d-----w- c:\program files (x86)\Samsung 2013-02-26 09:59 . 2013-02-26 10:06 -------- d-----w- c:\programdata\Samsung 2013-02-26 09:51 . 2013-02-26 09:51 -------- d-----w- c:\users\Karre\AppData\Local\Downloaded Installations 2013-02-25 18:13 . 2013-02-25 18:13 -------- d-----w- c:\windows\Sun 2013-02-14 10:14 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 10:14 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 09:33 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-14 09:33 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-14 09:33 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-14 09:33 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-14 09:33 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-14 09:33 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-14 09:33 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-14 09:33 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-14 09:33 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-14 09:33 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-14 09:33 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-14 09:33 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-09 10:21 . 2012-07-13 11:22 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-09 10:21 . 2012-07-13 11:22 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-24 10:05 . 2012-04-24 14:55 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-24 10:05 . 2012-04-24 14:55 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-14 10:18 . 2011-02-21 16:52 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-02-05 16:52 . 2013-02-05 16:52 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2013-02-05 16:52 . 2013-02-05 16:52 330240 ----a-w- c:\windows\MASetupCaller.dll 2013-02-05 16:52 . 2013-02-05 16:52 30568 ----a-w- c:\windows\MusiccityDownload.exe 2013-02-05 16:52 . 2013-02-05 16:52 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll 2013-02-05 16:52 . 2013-02-05 16:52 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll 2013-02-05 16:52 . 2013-02-05 16:52 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll 2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll 2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll 2013-02-05 16:52 . 2013-02-05 16:52 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll 2013-02-05 16:52 . 2013-02-05 16:52 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax 2013-02-05 16:52 . 2013-02-05 16:52 491520 ----a-w- c:\windows\SysWow64\muzapp.dll 2013-02-05 16:52 . 2013-02-05 16:52 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll 2013-02-05 16:52 . 2013-02-05 16:52 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll 2013-02-05 16:52 . 2013-02-05 16:52 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll 2013-02-05 16:52 . 2013-02-05 16:52 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll 2013-02-05 16:52 . 2013-02-05 16:52 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll 2013-02-05 16:52 . 2013-02-05 16:52 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll 2013-02-05 16:52 . 2013-02-05 16:52 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax 2013-02-05 16:52 . 2013-02-05 16:52 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll 2013-02-05 16:52 . 2013-02-05 16:52 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe 2013-02-05 16:52 . 2013-02-05 16:52 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll 2013-02-05 16:52 . 2013-02-05 16:52 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll 2013-02-05 16:52 . 2013-02-05 16:52 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax 2013-02-05 16:52 . 2013-02-05 16:52 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll 2013-02-05 16:52 . 2013-02-05 16:52 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax 2013-02-05 16:52 . 2013-02-05 16:52 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax 2013-02-05 16:52 . 2013-02-05 16:52 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll 2013-02-05 16:52 . 2013-02-05 16:52 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax 2013-01-17 00:28 . 2011-01-08 16:26 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-02-14 09:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 17:11 . 2012-12-21 10:13 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 10:13 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 10:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 10:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-15 600688] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-08 385248] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Microsoft Office OneNote 2003 Schnellstart.lnk - c:\program files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-08 27800] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-08 86752] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-05 09:42 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 10:35] . 2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 10:35] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://packardbell.msn.com uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://packardbell.msn.com mStart Page = hxxp://packardbell.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Karre\AppData\Roaming\Mozilla\Firefox\Profiles\sy8aeltw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q= FF - ExtSQL: !HIDDEN! 2011-01-08 18:23; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-03-10 16:49:36 ComboFix-quarantined-files.txt 2013-03-10 15:49 . Vor Suchlauf: 9 Verzeichnis(se), 429.411.635.200 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 429.033.213.952 Bytes frei . - - End Of File - - 6A6884E980C3FC3653A55F522DA64BA1 |
10.03.2013, 17:01 | #14 |
/// TB-Ausbilder | TR/Matsnu.A.85 TR/PSW.Zbot.1970 Gut! Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Downloade Dir bitte Malwarebytes Anti-MalwareSchritt 2: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern! Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck und:
Alternativer Link: SecurityCheck Download
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
12.03.2013, 15:42 | #15 |
/// TB-Ausbilder | TR/Matsnu.A.85 TR/PSW.Zbot.1970 Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
Themen zu TR/Matsnu.A.85 TR/PSW.Zbot.1970 |
adobe, antivir, avg, avira, bho, bingbar, desktop, entfernen, excel, explorer, firefox, format, gmx.net, home, launch, logfile, microsoft office 2003, opera, packard bell, plug-in, programme, realtek, registry, scan, security, software, symantec, temp, tr/matsnu.a., tr/matsnu.a.85, tr/psw.zbot., tr/psw.zbot.1970, virus, windows |