Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.03.2013, 12:01   #1
JVG
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Liebe Trojaner-Board-Member,

meine Freundin hat mir aus dem Urlaub einen Kulturbeutel mit Schnurrbärten und ihren von Viren verseuchten Laptop mitgebracht. Ich könnte Hilfe gebrauchen!

Ich habe mich hier etwas umgesehen und die zwei Themen unterhalb gefunden, die ähnlich klingen. Nur sind die Lösungen sehr unterschiedlich. Daher macht es wohl Sinn, neu zu posten.

http://www.trojaner-board.de/124660-...8-5353-aj.html

http://www.trojaner-board.de/123997-...r-langsam.html



Zunächst habe ich mit Free Antivir gescannt:

Code:
ATTFilter
��



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Dienstag, 26. M�rz 2013  07:53





Das Programm l�uft als uneingeschr�nkte Vollversion.

Online-Dienste stehen zur Verf�gung.



Lizenznehmer   : Avira Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 7 Professional

Windowsversion : (Service Pack 1)  [6.1.7601]

Boot Modus     : Abgesicherter Modus

Benutzername   : Fr Fee

Computername   : FRFEE-PC



Versionsinformationen:

BUILD.DAT      : 13.0.0.3499    49286 Bytes  19.03.2013 16:29:00

AVSCAN.EXE     : 13.6.0.986    639712 Bytes  08.03.2013 14:58:40

AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  07.12.2012 08:39:19

LUKE.DLL       : 13.6.0.902     67808 Bytes  04.03.2013 14:27:51

AVSCPLR.DLL    : 13.6.0.986     94944 Bytes  08.03.2013 14:58:40

AVREG.DLL      : 13.6.0.940    250592 Bytes  06.03.2013 15:13:27

avlode.dll     : 13.6.2.940    434912 Bytes  06.03.2013 15:13:26

avlode.rdf     : 13.0.0.44      15591 Bytes  19.03.2013 08:12:28

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 14:50:29

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 08:51:35

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 08:51:41

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 08:51:42

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 08:51:44

VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 11:25:54

VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 11:25:56

VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 08:39:18

VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 13:15:26

VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 13:15:26

VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 13:15:26

VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 13:15:26

VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 13:15:26

VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 13:15:26

VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 13:15:26

VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 13:15:26

VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 15:47:36

VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 15:47:36

VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 15:47:36

VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 15:47:36

VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 15:47:36

VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 15:47:36

VBASE022.VDF   : 7.11.64.106  1510912 Bytes  11.03.2013 15:18:11

VBASE023.VDF   : 7.11.64.107     2048 Bytes  11.03.2013 08:12:36

VBASE024.VDF   : 7.11.64.108     2048 Bytes  11.03.2013 08:12:36

VBASE025.VDF   : 7.11.64.109     2048 Bytes  11.03.2013 08:12:36

VBASE026.VDF   : 7.11.64.110     2048 Bytes  11.03.2013 08:12:36

VBASE027.VDF   : 7.11.64.111     2048 Bytes  11.03.2013 08:12:36

VBASE028.VDF   : 7.11.64.112     2048 Bytes  11.03.2013 08:12:36

VBASE029.VDF   : 7.11.64.113     2048 Bytes  11.03.2013 08:12:36

VBASE030.VDF   : 7.11.64.114     2048 Bytes  11.03.2013 08:12:36

VBASE031.VDF   : 7.11.64.154   126976 Bytes  12.03.2013 08:12:36

Engineversion  : 8.2.12.14 

AEVDF.DLL      : 8.1.2.10      102772 Bytes  29.11.2012 11:25:33

AESCRIPT.DLL   : 8.1.4.96      471420 Bytes  08.03.2013 14:58:35

AESCN.DLL      : 8.1.10.0      131445 Bytes  25.01.2013 09:24:59

AESBX.DLL      : 8.2.5.12      606578 Bytes  29.11.2012 11:25:33

AERDL.DLL      : 8.2.0.88      643444 Bytes  25.01.2013 09:24:59

AEPACK.DLL     : 8.3.2.0       827767 Bytes  08.03.2013 14:58:35

AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  08.03.2013 14:58:35

AEHEUR.DLL     : 8.1.4.236    5833081 Bytes  08.03.2013 14:58:35

AEHELP.DLL     : 8.1.25.2      258423 Bytes  29.11.2012 11:25:30

AEGEN.DLL      : 8.1.6.16      434549 Bytes  25.01.2013 09:24:56

AEEXP.DLL      : 8.4.0.10      192886 Bytes  08.03.2013 14:58:30

AEEMU.DLL      : 8.1.3.2       393587 Bytes  29.11.2012 11:25:29

AECORE.DLL     : 8.1.31.2      201080 Bytes  25.02.2013 15:47:15

AEBB.DLL       : 8.1.1.4        53619 Bytes  29.11.2012 11:25:29

AVWINLL.DLL    : 13.6.0.480     26480 Bytes  25.01.2013 09:25:06

AVPREF.DLL     : 13.6.0.480     51056 Bytes  25.01.2013 09:25:03

AVREP.DLL      : 13.6.0.480    178544 Bytes  25.01.2013 09:25:03

AVARKT.DLL     : 13.6.0.902    260832 Bytes  04.03.2013 14:27:38

AVEVTLOG.DLL   : 13.6.0.902    167648 Bytes  04.03.2013 14:27:40

SQLITE3.DLL    : 3.7.0.1       397704 Bytes  25.01.2013 09:25:19

AVSMTP.DLL     : 13.6.0.480     62832 Bytes  25.01.2013 09:25:04

NETNT.DLL      : 13.6.0.480     16240 Bytes  25.01.2013 09:25:15

RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  07.12.2012 08:39:21

RCTEXT.DLL     : 13.6.0.976     69344 Bytes  08.03.2013 14:58:59



Konfiguration f�r den aktuellen Suchlauf:

Job Name..............................: Lokale Festplatten

Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp

Protokollierung.......................: standard

Prim�re Aktion........................: interaktiv

Sekund�re Aktion......................: ignorieren

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, D:, 

Durchsuche aktive Programme...........: ein

Durchsuche Registrierung..............: ein

Suche nach Rootkits...................: aus

Integrit�tspr�fung von Systemdateien..: ein

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschr�nken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: erweitert



Beginn des Suchlaufs: Dienstag, 26. M�rz 2013  07:53



Der Suchlauf �ber die Masterbootsektoren wird begonnen:

Masterbootsektor HD0

    [INFO]      Es wurde kein Virus gefunden!

Masterbootsektor HD1

    [INFO]      Es wurde kein Virus gefunden!



Der Suchlauf �ber die Bootsektoren wird begonnen:

Bootsektor 'C:\'

    [INFO]      Es wurde kein Virus gefunden!

Bootsektor 'D:\'

    [INFO]      Es wurde kein Virus gefunden!



Der Suchlauf �ber gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmiprvse.exe' - '52' Modul(e) wurden durchsucht

Durchsuche Prozess 'avcenter.exe' - '111' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht

Durchsuche Prozess 'ctfmon.exe' - '21' Modul(e) wurden durchsucht

Durchsuche Prozess 'Explorer.EXE' - '167' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsm.exe' - '18' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '59' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '31' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '23' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '21' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht



Untersuchung der Systemdateien wird begonnen:

Signiert -> 'C:\Windows\system32\svchost.exe'

Signiert -> 'C:\Windows\system32\winlogon.exe'

Signiert -> 'C:\Windows\explorer.exe'

Signiert -> 'C:\Windows\system32\smss.exe'

Signiert -> 'C:\Windows\system32\wininet.DLL'

Signiert -> 'C:\Windows\system32\wsock32.DLL'

Signiert -> 'C:\Windows\system32\ws2_32.DLL'

Signiert -> 'C:\Windows\system32\services.exe'

Signiert -> 'C:\Windows\system32\lsass.exe'

Signiert -> 'C:\Windows\system32\csrss.exe'

Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'

Signiert -> 'C:\Windows\system32\spoolsv.exe'

Signiert -> 'C:\Windows\system32\alg.exe'

Signiert -> 'C:\Windows\system32\wuauclt.exe'

Signiert -> 'C:\Windows\system32\advapi32.DLL'

Signiert -> 'C:\Windows\system32\user32.DLL'

Signiert -> 'C:\Windows\system32\gdi32.DLL'

Signiert -> 'C:\Windows\system32\kernel32.DLL'

Signiert -> 'C:\Windows\system32\ntdll.DLL'

Signiert -> 'C:\Windows\system32\ntoskrnl.exe'

Signiert -> 'C:\Windows\system32\ctfmon.exe'

Die Systemdateien wurden durchsucht ('21' Dateien)



Der Suchlauf auf Verweise zu ausf�hrbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '2968' Dateien ).





Der Suchlauf �ber die ausgew�hlten Dateien wird begonnen:



Beginne mit der Suche in 'C:\'

    [0] Archivtyp: RSRC

    --> C:\Users\Fr Fee\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

        [1] Archivtyp: Runtime Packed

      --> C:\Users\Fr Fee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\2fe23df8-41e999da

          [2] Archivtyp: ZIP

        --> l_t_a/a2.class

            [FUND]      Enth�lt Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen

            [WARNUNG]   Infizierte Dateien in Archiven k�nnen nicht repariert werden

        --> l_t_a/l_t_e.class

            [FUND]      Enth�lt Erkennungsmuster des Exploits EXP/CVE-2012-0507.BK

            [WARNUNG]   Infizierte Dateien in Archiven k�nnen nicht repariert werden

        --> l_t_a/l_t_a.class

            [FUND]      Enth�lt Erkennungsmuster des Exploits EXP/Blacole.FU.5

            [WARNUNG]   Infizierte Dateien in Archiven k�nnen nicht repariert werden

        --> l_t_a/F.class

            [FUND]      Enth�lt Erkennungsmuster des Exploits EXP/CVE-2012-0507.A.335

            [WARNUNG]   Infizierte Dateien in Archiven k�nnen nicht repariert werden

        --> l_t_a/l_t_b.class

            [FUND]      Enth�lt Erkennungsmuster des Exploits EXP/2012-0507.ED

            [WARNUNG]   Infizierte Dateien in Archiven k�nnen nicht repariert werden

        --> l_t_a/l_t_d.class

            [FUND]      Enth�lt Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen

            [WARNUNG]   Infizierte Dateien in Archiven k�nnen nicht repariert werden

        --> l_t_a/l_t_c.class

            [FUND]      Enth�lt Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen

            [WARNUNG]   Infizierte Dateien in Archiven k�nnen nicht repariert werden

C:\Users\Fr Fee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\2fe23df8-41e999da

  [FUND]      Enth�lt Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen

Beginne mit der Suche in 'D:\' <RECOVERY>



Beginne mit der Desinfektion:

C:\Users\Fr Fee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\2fe23df8-41e999da

  [FUND]      Enth�lt Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen

  [HINWEIS]   Die Datei wurde ins Quarant�neverzeichnis unter dem Namen '56adcf74.qua' verschoben!





Ende des Suchlaufs: Dienstag, 26. M�rz 2013  08:48

Ben�tigte Zeit: 54:19 Minute(n)



Der Suchlauf wurde vollst�ndig durchgef�hrt.



  25646 Verzeichnisse wurden �berpr�ft

 273773 Dateien wurden gepr�ft

      8 Viren bzw. unerw�nschte Programme wurden gefunden

      0 Dateien wurden als verd�chtig eingestuft

      0 Dateien wurden gel�scht

      0 Viren bzw. unerw�nschte Programme wurden repariert

      1 Dateien wurden in die Quarant�ne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

 273765 Dateien ohne Befall

   3983 Archive wurden durchsucht

      7 Warnungen

      1 Hinweise
         
Anschließend Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.25.10

Windows 7 Service Pack 1 x86 FAT32 (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Fr Fee :: FRFEE-PC [Administrator]

Schutz: Deaktiviert

26.03.2013 08:56:36
MBAM-log-2013-03-26 (09-46-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 328231
Laufzeit: 42 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{8B6E56F1-F72F-CA33-A75E-CBBC34E38F76} (Trojan.Ransom.ED) -> Daten: "C:\Users\Fr Fee\AppData\Roaming\Adlo\muuqwaa.exe" -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: c:\users\frfee~1\dxahap.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom.ED) -> Bösartig: (c:\users\frfee~1\dxahap.exe) Gut: () -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Fr Fee\AppData\Roaming\Adlo\muuqwaa.exe (Trojan.Ransom.ED) -> Keine Aktion durchgeführt.
C:\Users\Fr Fee\dxahap.exe (Trojan.Ransom.ED) -> Keine Aktion durchgeführt.
C:\Users\Fr Fee\dxqmhhr.exe (Trojan.Ransom.ED) -> Keine Aktion durchgeführt.
C:\Users\Fr Fee\dxygpfj.exe (Trojan.Ransom.ED) -> Keine Aktion durchgeführt.
C:\Users\Fr Fee\AppData\Local\Temp\1370819571.exe (Trojan.Ransom.ED) -> Keine Aktion durchgeführt.

(Ende)
         
Mir hat sich nicht erschlossen, wie ich die Dateien in die Quarantäne verschieben kann. Daher habe ich einfach erst einmal nichts damit gemacht.

Die übrigen Logfiles sind in der Zip-Datei.

Ich hoffe sehr, damit könnt ihr etwas anfangen und freue mich über jede Hilfe!
Beste Grüße,
John

Geändert von JVG (26.03.2013 um 12:25 Uhr)

Alt 26.03.2013, 12:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Hallo und

Zitat:
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.139.132.42 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D827BD6-16FE-4D66-9ED7-5624EB251094}: NameServer = 134.2.200.1,134.2.200.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C0BF6FE-326F-4C5C-B99E-EC07FBCAB99F}: DhcpNameServer = 212.139.132.42 192.168.1.1
Warum bitte eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________

__________________

Alt 26.03.2013, 13:44   #3
JVG
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Warum da Win Prof. drauf ist kann ich Dir momentan leider nicht sagen. Das müsste ich sie bei Gelegenheit fragen. Ob das etwas bringt weiß ich aber nicht - sie hat noch weniger Ahnung von der Materie als ich. Allerdings kapiere ich auch nicht, was das mit dem Problem zu tun haben könnte? Kannst Du mir das erklären. Danke!
__________________

Alt 26.03.2013, 15:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Der Grund ist ganz einfach. Wenn ich ein Professional Windows sehe, liegt die Vermutung nahe, es könnte gewerbliche Nutzung vorliegen und dann müssen besondere Hinweise gepostet werden.

Wird dieses System auch gewerblich genutzt?
__________________
Logs bitte immer in CODE-Tags posten

Alt 26.03.2013, 16:54   #5
JVG
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Ah, daher weht der Wind. Nee, das System ist rein Privat. Warum sie das drauf hat, weiß ich nicht, kann mir aber spontan sehr wohl Szenarien vorstellen, wie es dazu kommen kann. Beweisen kann ich Dir das jetzt natürlich nicht. Hab ich ehrlich gesagt auch wenig Böcke zu, hier gibt es nämlich ein tatsächliches Problem, das ich gerne lösen würde. Ich bin immer noch an Hilfe interessiert. Also, entweder Du glaubst mir einfach oder wir müssen die Sache eben bleiben lassen. Nichts für ungut, ihr habt hier sicher berechtigte Bedenken wegen gewerblicher Heinis, die euren Service nutzen wollen. Aber in diesem Fall ist die "Vermutung" eben verkehrt. Mehr kann ich dazu nicht sagen.


Alt 26.03.2013, 21:37   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Na dann ist ja ok. Ich will nur späteres "rumgeheule" vermeiden, denn wir hatten schon Anfragen dass in mehrere Monate bis jahrealten Threads ja so sensible Daten stehen und die auf einmal alle gelöscht werden müssen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes

Alt 27.03.2013, 09:19   #7
JVG
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Cosinus, zuächst einmal danke für Deine Hilfe! Ich weiß das zu schätzen.

MBAR het nichts ergeben:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.27.04

Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Fr Fee :: FRFEE-PC [administrator]

27.03.2013 08:17:32
mbar-log-2013-03-27 (08-17-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 24913
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR hat angeschlagen:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-27 08:22:59
-----------------------------
08:22:59.733    OS Version: Windows 6.1.7601 Service Pack 1
08:22:59.733    Number of processors: 2 586 0xF0D
08:22:59.733    ComputerName: FRFEE-PC  UserName: Fr Fee
08:23:00.123    Initialize success
08:24:06.376    AVAST engine defs: 13032601
08:24:43.707    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
08:24:43.707    Disk 0 Vendor: WDC_WD1600BEVT-75ZCT1 11.01A11 Size: 152627MB BusType: 11
08:24:43.816    Disk 0 MBR read successfully
08:24:43.816    Disk 0 MBR scan
08:24:43.832    Disk 0 Windows 7 default MBR code
08:24:43.832    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      101 MB offset 63
08:24:43.847    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 208896
08:24:43.863    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       139723 MB offset 21180416
08:24:43.863    Disk 0 Partition - 00     0F Extended LBA              2560 MB offset 307335168
08:24:43.925    Disk 0 Partition 4 00     DD              MSDOS5.0     2559 MB offset 307337216
08:24:43.925    Disk 0 scanning sectors +312578048
08:24:44.003    Disk 0 scanning C:\Windows\system32\drivers
08:24:54.315    Service scanning
08:25:13.441    Modules scanning
08:25:21.412    Disk 0 trace - called modules:
08:25:21.428    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
08:25:21.443    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8556b2a8]
08:25:21.459    3 CLASSPNP.SYS[8a5d759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x850e1908]
08:25:22.333    AVAST engine scan C:\Windows
08:25:23.986    AVAST engine scan C:\Windows\system32
08:28:18.301    AVAST engine scan C:\Windows\system32\drivers
08:28:34.634    AVAST engine scan C:\Users\Fr Fee
08:37:53.505    File: C:\Users\Fr Fee\AppData\Local\Temp\1370819571.exe  **INFECTED** Win32:Malware-gen
08:38:11.118    File: C:\Users\Fr Fee\AppData\Roaming\Adlo\muuqwaa.exe  **INFECTED** Win32:Malware-gen
08:41:11.298    File: C:\Users\Fr Fee\dxahap.exe  **INFECTED** Win32:Malware-gen
08:41:11.423    File: C:\Users\Fr Fee\dxqmhhr.exe  **INFECTED** Win32:Malware-gen
08:41:11.532    File: C:\Users\Fr Fee\dxygpfj.exe  **INFECTED** Win32:Malware-gen
08:51:36.875    AVAST engine scan C:\ProgramData
08:53:55.684    Scan finished successfully
08:55:07.959    Disk 0 MBR has been saved successfully to "C:\Users\Fr Fee\Desktop\MBR.dat"
08:55:07.974    The log file has been saved successfully to "C:\Users\Fr Fee\Desktop\aswMBR.txt"
08:55:27.771    Disk 0 MBR has been saved successfully to "F:\Log Files\MBR.dat"
08:55:29.143    The log file has been saved successfully to "F:\Log Files\aswMBR.txt"
         
TDSS-Killer hat auch was gefunden:

Code:
ATTFilter
08:58:22.0545 1608  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:58:22.0576 1608  ============================================================
08:58:22.0576 1608  Current date / time: 2013/03/27 08:58:22.0576
08:58:22.0576 1608  SystemInfo:
08:58:22.0576 1608  
08:58:22.0576 1608  OS Version: 6.1.7601 ServicePack: 1.0
08:58:22.0576 1608  Product type: Workstation
08:58:22.0576 1608  ComputerName: FRFEE-PC
08:58:22.0576 1608  UserName: Fr Fee
08:58:22.0576 1608  Windows directory: C:\Windows
08:58:22.0576 1608  System windows directory: C:\Windows
08:58:22.0576 1608  Processor architecture: Intel x86
08:58:22.0576 1608  Number of processors: 2
08:58:22.0576 1608  Page size: 0x1000
08:58:22.0576 1608  Boot type: Safe boot
08:58:22.0576 1608  ============================================================
08:58:24.0354 1608  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:58:24.0354 1608  Drive \Device\Harddisk1\DR1 - Size: 0x3D300000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:58:24.0354 1608  ============================================================
08:58:24.0354 1608  \Device\Harddisk0\DR0:
08:58:24.0354 1608  MBR partitions:
08:58:24.0354 1608  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1400000
08:58:24.0354 1608  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1433000, BlocksNum 0x110E5FF8
08:58:24.0385 1608  \Device\Harddisk1\DR1:
08:58:24.0385 1608  MBR partitions:
08:58:24.0385 1608  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1E97B0
08:58:24.0385 1608  ============================================================
08:58:24.0432 1608  C: <-> \Device\Harddisk0\DR0\Partition2
08:58:24.0479 1608  D: <-> \Device\Harddisk0\DR0\Partition1
08:58:24.0479 1608  ============================================================
08:58:24.0479 1608  Initialize success
08:58:24.0479 1608  ============================================================
08:58:41.0202 1636  ============================================================
08:58:41.0202 1636  Scan started
08:58:41.0202 1636  Mode: Manual; SigCheck; TDLFS; 
08:58:41.0202 1636  ============================================================
08:58:41.0857 1636  ================ Scan system memory ========================
08:58:41.0857 1636  System memory - ok
08:58:41.0857 1636  ================ Scan services =============================
08:58:42.0029 1636  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:58:42.0263 1636  1394ohci - ok
08:58:42.0294 1636  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:58:42.0310 1636  ACPI - ok
08:58:42.0357 1636  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:58:42.0419 1636  AcpiPmi - ok
08:58:42.0559 1636  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:58:42.0559 1636  AdobeARMservice - ok
08:58:42.0669 1636  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:58:42.0700 1636  AdobeFlashPlayerUpdateSvc - ok
08:58:42.0762 1636  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:58:42.0778 1636  adp94xx - ok
08:58:42.0809 1636  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:58:42.0825 1636  adpahci - ok
08:58:42.0840 1636  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:58:42.0856 1636  adpu320 - ok
08:58:42.0887 1636  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:58:43.0012 1636  AeLookupSvc - ok
08:58:43.0043 1636  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
08:58:43.0105 1636  AFD - ok
08:58:43.0121 1636  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
08:58:43.0137 1636  agp440 - ok
08:58:43.0168 1636  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
08:58:43.0183 1636  aic78xx - ok
08:58:43.0230 1636  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
08:58:43.0277 1636  ALG - ok
08:58:43.0293 1636  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:58:43.0308 1636  aliide - ok
08:58:43.0324 1636  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
08:58:43.0339 1636  amdagp - ok
08:58:43.0355 1636  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
08:58:43.0371 1636  amdide - ok
08:58:43.0402 1636  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:58:43.0433 1636  AmdK8 - ok
08:58:43.0449 1636  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:58:43.0495 1636  AmdPPM - ok
08:58:43.0527 1636  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:58:43.0542 1636  amdsata - ok
08:58:43.0605 1636  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:58:43.0620 1636  amdsbs - ok
08:58:43.0667 1636  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:58:43.0683 1636  amdxata - ok
08:58:43.0932 1636  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:58:43.0995 1636  AntiVirSchedulerService - ok
08:58:44.0057 1636  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:58:44.0073 1636  AntiVirService - ok
08:58:44.0104 1636  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
08:58:44.0151 1636  AppID - ok
08:58:44.0182 1636  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:58:44.0213 1636  AppIDSvc - ok
08:58:44.0244 1636  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
08:58:44.0291 1636  Appinfo - ok
08:58:44.0322 1636  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
08:58:44.0369 1636  AppMgmt - ok
08:58:44.0400 1636  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:58:44.0416 1636  arc - ok
08:58:44.0431 1636  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:58:44.0447 1636  arcsas - ok
08:58:44.0478 1636  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:58:44.0556 1636  AsyncMac - ok
08:58:44.0603 1636  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
08:58:44.0603 1636  atapi - ok
08:58:44.0665 1636  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:58:44.0712 1636  AudioEndpointBuilder - ok
08:58:44.0728 1636  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:58:44.0743 1636  Audiosrv - ok
08:58:44.0821 1636  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
08:58:44.0868 1636  avgntflt - ok
08:58:44.0931 1636  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
08:58:44.0931 1636  avipbb - ok
08:58:44.0993 1636  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
08:58:45.0009 1636  avkmgr - ok
08:58:45.0055 1636  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:58:45.0118 1636  AxInstSV - ok
08:58:45.0383 1636  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
08:58:45.0461 1636  b06bdrv - ok
08:58:45.0570 1636  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
08:58:45.0586 1636  b57nd60x - ok
08:58:45.0711 1636  [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
08:58:45.0820 1636  BCM43XX - ok
08:58:45.0882 1636  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:58:45.0945 1636  BDESVC - ok
08:58:46.0007 1636  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:58:46.0101 1636  Beep - ok
08:58:46.0210 1636  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
08:58:46.0257 1636  BFE - ok
08:58:46.0303 1636  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
08:58:46.0366 1636  BITS - ok
08:58:46.0397 1636  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:58:46.0428 1636  blbdrive - ok
08:58:46.0506 1636  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:58:46.0537 1636  bowser - ok
08:58:46.0569 1636  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:58:46.0631 1636  BrFiltLo - ok
08:58:46.0662 1636  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:58:46.0709 1636  BrFiltUp - ok
08:58:46.0725 1636  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
08:58:46.0771 1636  Browser - ok
08:58:46.0803 1636  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:58:46.0849 1636  Brserid - ok
08:58:46.0865 1636  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:58:46.0896 1636  BrSerWdm - ok
08:58:46.0912 1636  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:58:46.0943 1636  BrUsbMdm - ok
08:58:46.0974 1636  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:58:47.0021 1636  BrUsbSer - ok
08:58:47.0037 1636  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:58:47.0052 1636  BTHMODEM - ok
08:58:47.0115 1636  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
08:58:47.0161 1636  bthserv - ok
08:58:47.0177 1636  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:58:47.0208 1636  cdfs - ok
08:58:47.0255 1636  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:58:47.0271 1636  cdrom - ok
08:58:47.0317 1636  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
08:58:47.0349 1636  CertPropSvc - ok
08:58:47.0380 1636  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:58:47.0395 1636  circlass - ok
08:58:47.0427 1636  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
08:58:47.0442 1636  CLFS - ok
08:58:47.0520 1636  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:58:47.0536 1636  clr_optimization_v2.0.50727_32 - ok
08:58:47.0614 1636  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:58:47.0645 1636  clr_optimization_v4.0.30319_32 - ok
08:58:47.0661 1636  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:58:47.0692 1636  CmBatt - ok
08:58:47.0723 1636  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:58:47.0739 1636  cmdide - ok
08:58:47.0785 1636  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
08:58:47.0817 1636  CNG - ok
08:58:47.0848 1636  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:58:47.0848 1636  Compbatt - ok
08:58:47.0879 1636  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
08:58:47.0910 1636  CompositeBus - ok
08:58:47.0926 1636  COMSysApp - ok
08:58:47.0957 1636  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:58:47.0957 1636  crcdisk - ok
08:58:48.0004 1636  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:58:48.0066 1636  CryptSvc - ok
08:58:48.0113 1636  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
08:58:48.0160 1636  CSC - ok
08:58:48.0207 1636  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
08:58:48.0238 1636  CscService - ok
08:58:48.0285 1636  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:58:48.0331 1636  DcomLaunch - ok
08:58:48.0378 1636  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
08:58:48.0409 1636  defragsvc - ok
08:58:48.0456 1636  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:58:48.0487 1636  DfsC - ok
08:58:48.0519 1636  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:58:48.0581 1636  Dhcp - ok
08:58:48.0612 1636  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
08:58:48.0659 1636  discache - ok
08:58:48.0690 1636  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:58:48.0706 1636  Disk - ok
08:58:48.0737 1636  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:58:48.0784 1636  Dnscache - ok
08:58:48.0831 1636  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:58:48.0862 1636  dot3svc - ok
08:58:48.0909 1636  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
08:58:48.0955 1636  DPS - ok
08:58:48.0987 1636  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:58:49.0018 1636  drmkaud - ok
08:58:49.0065 1636  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:58:49.0080 1636  DXGKrnl - ok
08:58:49.0127 1636  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
08:58:49.0158 1636  EapHost - ok
08:58:49.0283 1636  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
08:58:49.0423 1636  ebdrv - ok
08:58:49.0455 1636  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
08:58:49.0486 1636  EFS - ok
08:58:49.0548 1636  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:58:49.0611 1636  ehRecvr - ok
08:58:49.0642 1636  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
08:58:49.0689 1636  ehSched - ok
08:58:49.0735 1636  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:58:49.0751 1636  elxstor - ok
08:58:49.0782 1636  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:58:49.0829 1636  ErrDev - ok
08:58:49.0876 1636  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
08:58:49.0923 1636  EventSystem - ok
08:58:49.0938 1636  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
08:58:49.0985 1636  exfat - ok
08:58:50.0032 1636  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:58:50.0079 1636  fastfat - ok
08:58:50.0125 1636  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
08:58:50.0172 1636  Fax - ok
08:58:50.0203 1636  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:58:50.0219 1636  fdc - ok
08:58:50.0250 1636  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
08:58:50.0297 1636  fdPHost - ok
08:58:50.0313 1636  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
08:58:50.0344 1636  FDResPub - ok
08:58:50.0375 1636  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:58:50.0391 1636  FileInfo - ok
08:58:50.0406 1636  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:58:50.0437 1636  Filetrace - ok
08:58:50.0453 1636  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:58:50.0500 1636  flpydisk - ok
08:58:50.0531 1636  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:58:50.0547 1636  FltMgr - ok
08:58:50.0625 1636  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
08:58:50.0703 1636  FontCache - ok
08:58:50.0765 1636  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:58:50.0781 1636  FontCache3.0.0.0 - ok
08:58:50.0796 1636  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:58:50.0812 1636  FsDepends - ok
08:58:50.0843 1636  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:58:50.0859 1636  Fs_Rec - ok
08:58:50.0905 1636  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:58:50.0921 1636  fvevol - ok
08:58:50.0968 1636  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:58:50.0983 1636  gagp30kx - ok
08:58:51.0046 1636  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
08:58:51.0093 1636  gpsvc - ok
08:58:51.0233 1636  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
08:58:51.0233 1636  gupdate - ok
08:58:51.0264 1636  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:58:51.0264 1636  gupdatem - ok
08:58:51.0295 1636  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:58:51.0311 1636  gusvc - ok
08:58:51.0327 1636  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:58:51.0373 1636  hcw85cir - ok
08:58:51.0420 1636  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:58:51.0451 1636  HdAudAddService - ok
08:58:51.0498 1636  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
08:58:51.0514 1636  HDAudBus - ok
08:58:51.0529 1636  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:58:51.0561 1636  HidBatt - ok
08:58:51.0576 1636  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:58:51.0607 1636  HidBth - ok
08:58:51.0639 1636  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:58:51.0670 1636  HidIr - ok
08:58:51.0701 1636  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
08:58:51.0732 1636  hidserv - ok
08:58:51.0763 1636  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:58:51.0810 1636  HidUsb - ok
08:58:51.0857 1636  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:58:51.0888 1636  hkmsvc - ok
08:58:51.0919 1636  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:58:51.0982 1636  HomeGroupListener - ok
08:58:52.0013 1636  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:58:52.0044 1636  HomeGroupProvider - ok
08:58:52.0091 1636  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:58:52.0107 1636  HpSAMD - ok
08:58:52.0169 1636  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:58:52.0200 1636  HTTP - ok
08:58:52.0216 1636  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:58:52.0231 1636  hwpolicy - ok
08:58:52.0247 1636  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:58:52.0278 1636  i8042prt - ok
08:58:52.0325 1636  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:58:52.0356 1636  iaStorV - ok
08:58:52.0419 1636  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:58:52.0465 1636  idsvc - ok
08:58:52.0606 1636  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
08:58:52.0762 1636  igfx - ok
08:58:52.0809 1636  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:58:52.0824 1636  iirsp - ok
08:58:52.0855 1636  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:58:52.0902 1636  IKEEXT - ok
08:58:52.0933 1636  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:58:52.0949 1636  intelide - ok
08:58:52.0980 1636  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:58:53.0011 1636  intelppm - ok
08:58:53.0027 1636  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:58:53.0074 1636  IPBusEnum - ok
08:58:53.0105 1636  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:58:53.0152 1636  IpFilterDriver - ok
08:58:53.0199 1636  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:58:53.0245 1636  iphlpsvc - ok
08:58:53.0277 1636  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:58:53.0292 1636  IPMIDRV - ok
08:58:53.0308 1636  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:58:53.0339 1636  IPNAT - ok
08:58:53.0370 1636  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:58:53.0401 1636  IRENUM - ok
08:58:53.0448 1636  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:58:53.0448 1636  isapnp - ok
08:58:53.0495 1636  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:58:53.0511 1636  iScsiPrt - ok
08:58:53.0542 1636  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
08:58:53.0557 1636  kbdclass - ok
08:58:53.0604 1636  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
08:58:53.0620 1636  kbdhid - ok
08:58:53.0635 1636  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
08:58:53.0651 1636  KeyIso - ok
08:58:53.0682 1636  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:58:53.0698 1636  KSecDD - ok
08:58:53.0713 1636  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:58:53.0729 1636  KSecPkg - ok
08:58:53.0760 1636  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:58:53.0807 1636  KtmRm - ok
08:58:53.0838 1636  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:58:53.0885 1636  LanmanServer - ok
08:58:53.0916 1636  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:58:53.0963 1636  LanmanWorkstation - ok
08:58:53.0994 1636  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:58:54.0041 1636  lltdio - ok
08:58:54.0072 1636  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:58:54.0119 1636  lltdsvc - ok
08:58:54.0150 1636  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:58:54.0181 1636  lmhosts - ok
08:58:54.0228 1636  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:58:54.0244 1636  LSI_FC - ok
08:58:54.0259 1636  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:58:54.0275 1636  LSI_SAS - ok
08:58:54.0291 1636  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:58:54.0306 1636  LSI_SAS2 - ok
08:58:54.0322 1636  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:58:54.0337 1636  LSI_SCSI - ok
08:58:54.0369 1636  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
08:58:54.0400 1636  luafv - ok
08:58:54.0447 1636  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
08:58:54.0462 1636  MBAMProtector - ok
08:58:54.0525 1636  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:58:54.0540 1636  MBAMScheduler - ok
08:58:54.0571 1636  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:58:54.0603 1636  MBAMService - ok
08:58:54.0743 1636  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
08:58:54.0759 1636  McComponentHostService - ok
08:58:54.0790 1636  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:58:54.0805 1636  Mcx2Svc - ok
08:58:54.0899 1636  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:58:54.0915 1636  MDM ( UnsignedFile.Multi.Generic ) - warning
08:58:54.0915 1636  MDM - detected UnsignedFile.Multi.Generic (1)
08:58:54.0961 1636  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:58:54.0961 1636  megasas - ok
08:58:55.0008 1636  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:58:55.0024 1636  MegaSR - ok
08:58:55.0039 1636  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
08:58:55.0086 1636  MMCSS - ok
08:58:55.0102 1636  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
08:58:55.0133 1636  Modem - ok
08:58:55.0164 1636  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:58:55.0195 1636  monitor - ok
08:58:55.0211 1636  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:58:55.0227 1636  mouclass - ok
08:58:55.0242 1636  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:58:55.0258 1636  mouhid - ok
08:58:55.0289 1636  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:58:55.0305 1636  mountmgr - ok
08:58:55.0383 1636  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:58:55.0398 1636  MozillaMaintenance - ok
08:58:55.0429 1636  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:58:55.0445 1636  mpio - ok
08:58:55.0461 1636  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:58:55.0539 1636  mpsdrv - ok
08:58:55.0585 1636  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:58:55.0632 1636  MpsSvc - ok
08:58:55.0679 1636  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:58:55.0710 1636  MRxDAV - ok
08:58:55.0741 1636  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:58:55.0773 1636  mrxsmb - ok
08:58:55.0819 1636  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:58:55.0835 1636  mrxsmb10 - ok
08:58:55.0851 1636  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:58:55.0866 1636  mrxsmb20 - ok
08:58:55.0882 1636  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
08:58:55.0897 1636  msahci - ok
08:58:55.0944 1636  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:58:55.0944 1636  msdsm - ok
08:58:55.0975 1636  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
08:58:56.0007 1636  MSDTC - ok
08:58:56.0053 1636  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:58:56.0085 1636  Msfs - ok
08:58:56.0085 1636  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:58:56.0116 1636  mshidkmdf - ok
08:58:56.0131 1636  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:58:56.0147 1636  msisadrv - ok
08:58:56.0194 1636  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:58:56.0241 1636  MSiSCSI - ok
08:58:56.0241 1636  msiserver - ok
08:58:56.0272 1636  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:58:56.0303 1636  MSKSSRV - ok
08:58:56.0319 1636  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:58:56.0350 1636  MSPCLOCK - ok
08:58:56.0365 1636  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:58:56.0397 1636  MSPQM - ok
08:58:56.0428 1636  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:58:56.0443 1636  MsRPC - ok
08:58:56.0443 1636  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
08:58:56.0459 1636  mssmbios - ok
08:58:56.0475 1636  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:58:56.0506 1636  MSTEE - ok
08:58:56.0521 1636  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:58:56.0537 1636  MTConfig - ok
08:58:56.0568 1636  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:58:56.0568 1636  Mup - ok
08:58:56.0615 1636  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
08:58:56.0646 1636  napagent - ok
08:58:56.0693 1636  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:58:56.0709 1636  NativeWifiP - ok
08:58:56.0755 1636  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:58:56.0787 1636  NDIS - ok
08:58:56.0818 1636  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:58:56.0865 1636  NdisCap - ok
08:58:56.0896 1636  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:58:56.0927 1636  NdisTapi - ok
08:58:56.0958 1636  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:58:56.0974 1636  Ndisuio - ok
08:58:57.0005 1636  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:58:57.0036 1636  NdisWan - ok
08:58:57.0067 1636  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:58:57.0114 1636  NDProxy - ok
08:58:57.0145 1636  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:58:57.0192 1636  NetBIOS - ok
08:58:57.0239 1636  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:58:57.0286 1636  NetBT - ok
08:58:57.0301 1636  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
08:58:57.0317 1636  Netlogon - ok
08:58:57.0364 1636  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
08:58:57.0411 1636  Netman - ok
08:58:57.0426 1636  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
08:58:57.0457 1636  netprofm - ok
08:58:57.0489 1636  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:58:57.0504 1636  NetTcpPortSharing - ok
08:58:57.0551 1636  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:58:57.0567 1636  nfrd960 - ok
08:58:57.0582 1636  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:58:57.0598 1636  NlaSvc - ok
08:58:57.0629 1636  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:58:57.0660 1636  Npfs - ok
08:58:57.0660 1636  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
08:58:57.0691 1636  nsi - ok
08:58:57.0707 1636  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:58:57.0754 1636  nsiproxy - ok
08:58:57.0801 1636  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:58:57.0863 1636  Ntfs - ok
08:58:57.0879 1636  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
08:58:57.0925 1636  Null - ok
08:58:57.0972 1636  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:58:57.0988 1636  nvraid - ok
08:58:58.0035 1636  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:58:58.0050 1636  nvstor - ok
08:58:58.0081 1636  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:58:58.0097 1636  nv_agp - ok
08:58:58.0175 1636  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:58:58.0191 1636  odserv - ok
08:58:58.0237 1636  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:58:58.0269 1636  ohci1394 - ok
08:58:58.0331 1636  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:58:58.0331 1636  ose - ok
08:58:58.0378 1636  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:58:58.0425 1636  p2pimsvc - ok
08:58:58.0471 1636  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:58:58.0487 1636  p2psvc - ok
08:58:58.0518 1636  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:58:58.0534 1636  Parport - ok
08:58:58.0565 1636  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:58:58.0581 1636  partmgr - ok
08:58:58.0596 1636  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
08:58:58.0612 1636  Parvdm - ok
08:58:58.0659 1636  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:58:58.0690 1636  PcaSvc - ok
08:58:58.0737 1636  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
08:58:58.0752 1636  pci - ok
08:58:58.0752 1636  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
08:58:58.0768 1636  pciide - ok
08:58:58.0783 1636  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:58:58.0799 1636  pcmcia - ok
08:58:58.0830 1636  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
08:58:58.0830 1636  pcw - ok
08:58:58.0877 1636  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:58:58.0924 1636  PEAUTH - ok
08:58:59.0002 1636  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
08:58:59.0064 1636  PeerDistSvc - ok
08:58:59.0127 1636  [ 021968ED24B4E44BABAF11FBF8C4FB86 ] phaudlwr        C:\Windows\system32\DRIVERS\phaudlwr.sys
08:58:59.0142 1636  phaudlwr - ok
08:58:59.0220 1636  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
08:58:59.0298 1636  pla - ok
08:58:59.0329 1636  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:58:59.0345 1636  PlugPlay - ok
08:58:59.0423 1636  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:58:59.0439 1636  PNRPAutoReg - ok
08:58:59.0501 1636  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:58:59.0517 1636  PNRPsvc - ok
08:58:59.0548 1636  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:58:59.0595 1636  PolicyAgent - ok
08:58:59.0641 1636  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
08:58:59.0688 1636  Power - ok
08:58:59.0719 1636  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:58:59.0766 1636  PptpMiniport - ok
08:58:59.0797 1636  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:58:59.0829 1636  Processor - ok
08:58:59.0860 1636  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
08:58:59.0891 1636  ProfSvc - ok
08:58:59.0907 1636  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:58:59.0922 1636  ProtectedStorage - ok
08:58:59.0969 1636  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:59:00.0000 1636  Psched - ok
08:59:00.0063 1636  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:59:00.0125 1636  ql2300 - ok
08:59:00.0156 1636  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:59:00.0172 1636  ql40xx - ok
08:59:00.0219 1636  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
08:59:00.0250 1636  QWAVE - ok
08:59:00.0265 1636  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:59:00.0281 1636  QWAVEdrv - ok
08:59:00.0312 1636  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:59:00.0359 1636  RasAcd - ok
08:59:00.0406 1636  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:59:00.0437 1636  RasAgileVpn - ok
08:59:00.0468 1636  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
08:59:00.0484 1636  RasAuto - ok
08:59:00.0515 1636  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:59:00.0546 1636  Rasl2tp - ok
08:59:00.0609 1636  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
08:59:00.0640 1636  RasMan - ok
08:59:00.0655 1636  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:59:00.0687 1636  RasPppoe - ok
08:59:00.0718 1636  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:59:00.0765 1636  RasSstp - ok
08:59:00.0796 1636  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:59:00.0843 1636  rdbss - ok
08:59:00.0858 1636  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:59:00.0874 1636  rdpbus - ok
08:59:00.0905 1636  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:59:00.0952 1636  RDPCDD - ok
08:59:00.0983 1636  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
08:59:01.0030 1636  RDPDR - ok
08:59:01.0061 1636  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:59:01.0108 1636  RDPENCDD - ok
08:59:01.0123 1636  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:59:01.0170 1636  RDPREFMP - ok
08:59:01.0201 1636  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:59:01.0233 1636  RDPWD - ok
08:59:01.0279 1636  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:59:01.0295 1636  rdyboost - ok
08:59:01.0342 1636  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:59:01.0373 1636  RemoteAccess - ok
08:59:01.0404 1636  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:59:01.0451 1636  RemoteRegistry - ok
08:59:01.0482 1636  [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
08:59:01.0513 1636  rimmptsk - ok
08:59:01.0529 1636  [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
08:59:01.0560 1636  rimsptsk - ok
08:59:01.0591 1636  [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
08:59:01.0623 1636  rismxdp - ok
08:59:01.0638 1636  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:59:01.0669 1636  RpcEptMapper - ok
08:59:01.0701 1636  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
08:59:01.0716 1636  RpcLocator - ok
08:59:01.0732 1636  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
08:59:01.0763 1636  RpcSs - ok
08:59:01.0810 1636  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:59:01.0857 1636  rspndr - ok
08:59:01.0888 1636  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
08:59:01.0919 1636  s3cap - ok
08:59:01.0950 1636  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
08:59:01.0950 1636  SamSs - ok
08:59:01.0997 1636  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:59:02.0013 1636  sbp2port - ok
08:59:02.0028 1636  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:59:02.0059 1636  SCardSvr - ok
08:59:02.0091 1636  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:59:02.0122 1636  scfilter - ok
08:59:02.0169 1636  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
08:59:02.0231 1636  Schedule - ok
08:59:02.0247 1636  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:59:02.0262 1636  SCPolicySvc - ok
08:59:02.0293 1636  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
08:59:02.0325 1636  sdbus - ok
08:59:02.0356 1636  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:59:02.0403 1636  SDRSVC - ok
08:59:02.0449 1636  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:59:02.0481 1636  secdrv - ok
08:59:02.0512 1636  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
08:59:02.0559 1636  seclogon - ok
08:59:02.0590 1636  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
08:59:02.0621 1636  SENS - ok
08:59:02.0668 1636  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:59:02.0699 1636  SensrSvc - ok
08:59:02.0715 1636  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:59:02.0730 1636  Serenum - ok
08:59:02.0746 1636  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:59:02.0793 1636  Serial - ok
08:59:02.0808 1636  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:59:02.0839 1636  sermouse - ok
08:59:02.0886 1636  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:59:02.0917 1636  SessionEnv - ok
08:59:02.0949 1636  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
08:59:02.0964 1636  sffdisk - ok
08:59:02.0995 1636  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:59:03.0011 1636  sffp_mmc - ok
08:59:03.0027 1636  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
08:59:03.0042 1636  sffp_sd - ok
08:59:03.0089 1636  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:59:03.0105 1636  sfloppy - ok
08:59:03.0151 1636  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:59:03.0183 1636  SharedAccess - ok
08:59:03.0229 1636  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:59:03.0276 1636  ShellHWDetection - ok
08:59:03.0292 1636  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
08:59:03.0292 1636  sisagp - ok
08:59:03.0323 1636  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:59:03.0339 1636  SiSRaid2 - ok
08:59:03.0354 1636  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:59:03.0370 1636  SiSRaid4 - ok
08:59:03.0448 1636  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
08:59:03.0463 1636  SkypeUpdate - ok
08:59:03.0510 1636  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:59:03.0557 1636  Smb - ok
08:59:03.0604 1636  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:59:03.0651 1636  SNMPTRAP - ok
08:59:03.0697 1636  [ 437198C0D349B0E0D4305D3081C5E912 ] SPC530          C:\Windows\system32\drivers\SPC530.sys
08:59:03.0744 1636  SPC530 - ok
08:59:03.0760 1636  [ 92E0CE241498B483404A957E709329CC ] SPC530m         C:\Windows\system32\drivers\SPC530m.sys
08:59:03.0775 1636  SPC530m - ok
08:59:03.0791 1636  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:59:03.0807 1636  spldr - ok
08:59:03.0853 1636  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
08:59:03.0900 1636  Spooler - ok
08:59:04.0025 1636  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
08:59:04.0150 1636  sppsvc - ok
08:59:04.0181 1636  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:59:04.0212 1636  sppuinotify - ok
08:59:04.0243 1636  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:59:04.0290 1636  srv - ok
08:59:04.0337 1636  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:59:04.0368 1636  srv2 - ok
08:59:04.0399 1636  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
08:59:04.0431 1636  SrvHsfHDA - ok
08:59:04.0477 1636  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
08:59:04.0509 1636  SrvHsfV92 - ok
08:59:04.0540 1636  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
08:59:04.0555 1636  SrvHsfWinac - ok
08:59:04.0602 1636  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:59:04.0602 1636  srvnet - ok
08:59:04.0633 1636  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:59:04.0680 1636  SSDPSRV - ok
08:59:04.0727 1636  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
08:59:04.0743 1636  ssmdrv - ok
08:59:04.0774 1636  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:59:04.0821 1636  SstpSvc - ok
08:59:04.0852 1636  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
08:59:04.0867 1636  stexstor - ok
08:59:04.0914 1636  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
08:59:04.0961 1636  StiSvc - ok
08:59:04.0977 1636  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
08:59:04.0977 1636  storflt - ok
08:59:05.0008 1636  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
08:59:05.0039 1636  StorSvc - ok
08:59:05.0086 1636  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
08:59:05.0101 1636  storvsc - ok
08:59:05.0117 1636  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
08:59:05.0133 1636  swenum - ok
08:59:05.0179 1636  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
08:59:05.0211 1636  swprv - ok
08:59:05.0273 1636  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
08:59:05.0320 1636  SysMain - ok
08:59:05.0335 1636  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:59:05.0367 1636  TabletInputService - ok
08:59:05.0413 1636  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:59:05.0445 1636  TapiSrv - ok
08:59:05.0460 1636  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
08:59:05.0491 1636  TBS - ok
08:59:05.0569 1636  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:59:05.0632 1636  Tcpip - ok
08:59:05.0710 1636  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:59:05.0741 1636  TCPIP6 - ok
08:59:05.0772 1636  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:59:05.0803 1636  tcpipreg - ok
08:59:05.0835 1636  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:59:05.0850 1636  TDPIPE - ok
08:59:05.0881 1636  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:59:05.0897 1636  TDTCP - ok
08:59:05.0928 1636  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:59:05.0959 1636  tdx - ok
08:59:05.0975 1636  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
08:59:05.0991 1636  TermDD - ok
08:59:06.0006 1636  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
08:59:06.0069 1636  TermService - ok
08:59:06.0115 1636  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
08:59:06.0147 1636  Themes - ok
08:59:06.0162 1636  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
08:59:06.0193 1636  THREADORDER - ok
08:59:06.0209 1636  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
08:59:06.0240 1636  TrkWks - ok
08:59:06.0303 1636  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:59:06.0334 1636  TrustedInstaller - ok
08:59:06.0381 1636  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:59:06.0412 1636  tssecsrv - ok
08:59:06.0443 1636  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:59:06.0474 1636  TsUsbFlt - ok
08:59:06.0521 1636  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:59:06.0552 1636  tunnel - ok
08:59:06.0583 1636  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
08:59:06.0599 1636  uagp35 - ok
08:59:06.0615 1636  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:59:06.0661 1636  udfs - ok
08:59:06.0693 1636  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:59:06.0708 1636  UI0Detect - ok
08:59:06.0755 1636  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:59:06.0771 1636  uliagpkx - ok
08:59:06.0817 1636  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:59:06.0833 1636  umbus - ok
08:59:06.0849 1636  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:59:06.0880 1636  UmPass - ok
08:59:06.0927 1636  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
08:59:06.0942 1636  UmRdpService - ok
08:59:06.0989 1636  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
08:59:07.0020 1636  upnphost - ok
08:59:07.0051 1636  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
08:59:07.0083 1636  usbaudio - ok
08:59:07.0114 1636  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:59:07.0145 1636  usbccgp - ok
08:59:07.0176 1636  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:59:07.0192 1636  usbcir - ok
08:59:07.0223 1636  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:59:07.0239 1636  usbehci - ok
08:59:07.0301 1636  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:59:07.0317 1636  usbhub - ok
08:59:07.0348 1636  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
08:59:07.0379 1636  usbohci - ok
08:59:07.0395 1636  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:59:07.0395 1636  usbprint - ok
08:59:07.0441 1636  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:59:07.0473 1636  usbscan - ok
08:59:07.0504 1636  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:59:07.0535 1636  USBSTOR - ok
08:59:07.0566 1636  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
08:59:07.0582 1636  usbuhci - ok
08:59:07.0613 1636  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
08:59:07.0629 1636  UxSms - ok
08:59:07.0644 1636  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
08:59:07.0660 1636  VaultSvc - ok
08:59:07.0691 1636  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:59:07.0707 1636  vdrvroot - ok
08:59:07.0753 1636  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
08:59:07.0816 1636  vds - ok
08:59:07.0831 1636  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:59:07.0863 1636  vga - ok
08:59:07.0894 1636  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:59:07.0925 1636  VgaSave - ok
08:59:07.0956 1636  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:59:07.0972 1636  vhdmp - ok
08:59:08.0003 1636  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
08:59:08.0019 1636  viaagp - ok
08:59:08.0050 1636  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
08:59:08.0081 1636  ViaC7 - ok
08:59:08.0112 1636  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
08:59:08.0112 1636  viaide - ok
08:59:08.0143 1636  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
08:59:08.0159 1636  vmbus - ok
08:59:08.0175 1636  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
08:59:08.0190 1636  VMBusHID - ok
08:59:08.0206 1636  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:59:08.0221 1636  volmgr - ok
08:59:08.0268 1636  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:59:08.0299 1636  volmgrx - ok
08:59:08.0315 1636  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:59:08.0331 1636  volsnap - ok
08:59:08.0346 1636  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:59:08.0362 1636  vsmraid - ok
08:59:08.0424 1636  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
08:59:08.0502 1636  VSS - ok
08:59:08.0518 1636  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:59:08.0549 1636  vwifibus - ok
08:59:08.0580 1636  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:59:08.0596 1636  vwififlt - ok
08:59:08.0627 1636  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
08:59:08.0643 1636  vwifimp - ok
08:59:08.0674 1636  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
08:59:08.0721 1636  W32Time - ok
08:59:08.0752 1636  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:59:08.0783 1636  WacomPen - ok
08:59:08.0814 1636  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:59:08.0845 1636  WANARP - ok
08:59:08.0845 1636  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:59:08.0877 1636  Wanarpv6 - ok
08:59:09.0001 1636  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
08:59:09.0079 1636  WatAdminSvc - ok
08:59:09.0142 1636  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
08:59:09.0220 1636  wbengine - ok
08:59:09.0251 1636  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:59:09.0267 1636  WbioSrvc - ok
08:59:09.0313 1636  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:59:09.0360 1636  wcncsvc - ok
08:59:09.0376 1636  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:59:09.0407 1636  WcsPlugInService - ok
08:59:09.0438 1636  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:59:09.0454 1636  Wd - ok
08:59:09.0501 1636  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:59:09.0532 1636  Wdf01000 - ok
08:59:09.0547 1636  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:59:09.0594 1636  WdiServiceHost - ok
08:59:09.0610 1636  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:59:09.0625 1636  WdiSystemHost - ok
08:59:09.0657 1636  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
08:59:09.0688 1636  WebClient - ok
08:59:09.0703 1636  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:59:09.0735 1636  Wecsvc - ok
08:59:09.0750 1636  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:59:09.0797 1636  wercplsupport - ok
08:59:09.0828 1636  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:59:09.0859 1636  WerSvc - ok
08:59:09.0891 1636  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:59:09.0922 1636  WfpLwf - ok
08:59:09.0937 1636  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:59:09.0953 1636  WIMMount - ok
08:59:10.0031 1636  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:59:10.0078 1636  WinDefend - ok
08:59:10.0078 1636  WinHttpAutoProxySvc - ok
08:59:10.0140 1636  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:59:10.0187 1636  Winmgmt - ok
08:59:10.0249 1636  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
08:59:10.0312 1636  WinRM - ok
08:59:10.0374 1636  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:59:10.0390 1636  WinUsb - ok
08:59:10.0437 1636  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:59:10.0483 1636  Wlansvc - ok
08:59:10.0515 1636  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:59:10.0530 1636  WmiAcpi - ok
08:59:10.0561 1636  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:59:10.0593 1636  wmiApSrv - ok
08:59:10.0671 1636  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:59:10.0749 1636  WMPNetworkSvc - ok
08:59:10.0780 1636  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:59:10.0811 1636  WPCSvc - ok
08:59:10.0842 1636  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:59:10.0873 1636  WPDBusEnum - ok
08:59:10.0889 1636  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:59:10.0936 1636  ws2ifsl - ok
08:59:10.0951 1636  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
08:59:10.0967 1636  wscsvc - ok
08:59:10.0983 1636  WSearch - ok
08:59:11.0061 1636  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
08:59:11.0139 1636  wuauserv - ok
08:59:11.0185 1636  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:59:11.0217 1636  WudfPf - ok
08:59:11.0248 1636  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:59:11.0279 1636  WUDFRd - ok
08:59:11.0310 1636  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:59:11.0326 1636  wudfsvc - ok
08:59:11.0373 1636  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:59:11.0404 1636  WwanSvc - ok
08:59:11.0482 1636  [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
08:59:11.0513 1636  yukonw7 - ok
08:59:11.0529 1636  ================ Scan global ===============================
08:59:11.0560 1636  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
08:59:11.0607 1636  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
08:59:11.0622 1636  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
08:59:11.0653 1636  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
08:59:11.0685 1636  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
08:59:11.0700 1636  [Global] - ok
08:59:11.0700 1636  ================ Scan MBR ==================================
08:59:11.0716 1636  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:59:12.0043 1636  \Device\Harddisk0\DR0 - ok
08:59:12.0043 1636  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
08:59:12.0153 1636  \Device\Harddisk1\DR1 - ok
08:59:12.0168 1636  ================ Scan VBR ==================================
08:59:12.0184 1636  [ E42E4169D9EA06558D6E391129529F43 ] \Device\Harddisk0\DR0\Partition1
08:59:12.0184 1636  \Device\Harddisk0\DR0\Partition1 - ok
08:59:12.0199 1636  [ 3F629D79619C37C742A8245805ECEC2D ] \Device\Harddisk0\DR0\Partition2
08:59:12.0199 1636  \Device\Harddisk0\DR0\Partition2 - ok
08:59:12.0199 1636  [ 367063298B82F90014A3C6330C521CC6 ] \Device\Harddisk1\DR1\Partition1
08:59:12.0199 1636  \Device\Harddisk1\DR1\Partition1 - ok
08:59:12.0199 1636  ============================================================
08:59:12.0199 1636  Scan finished
08:59:12.0199 1636  ============================================================
08:59:12.0231 1628  Detected object count: 1
08:59:12.0231 1628  Actual detected object count: 1
09:09:45.0264 1628  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:45.0264 1628  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:10:01.0629 1604  Deinitialize success
         
Herzlichen Dank noch einmal!
John

Alt 27.03.2013, 12:43   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Wieso bist du die ganze Zeit im abgesicherten Modus? Läuft der normale nicht?
__________________
Logs bitte immer in CODE-Tags posten

Alt 27.03.2013, 12:58   #9
JVG
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Reine Unkenntnis! =) Anfags hielt ich das für besser, weil ich nicht wusste, was mich erwartet. Meine Freundin hatte den Rechner einfach panisch ausgemacht, nachdem sie ihren Fehler bemerkte ("Post AG" Attachment geöffnet - ja wir haben dann darüber gesprochen!). Ich dachte schlicht das sei ungefährlicher... oder nicht? Also, kann ich auch Gefahrlos normal hochfahren?

Alt 27.03.2013, 15:26   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Ja, bitte den normalem Modus verwenden und die Logs bitte nochmal machen.
__________________
Logs bitte immer in CODE-Tags posten

Alt 27.03.2013, 18:34   #11
JVG
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Sorry, war mir nicht klar, dass dadurch das Ergebnis verfälscht werden könnte. Es war insgesamt etwas schwieriger mit den Scans: aswMBR hat erst im 4. Anlauf geklappt. Möglicherweise lag das an Konflikten mit den Echtzeitscannern von Avira und Malwarbytes, die sich im Rahmen der Installationen breitgemacht hatten. Nach Ausschalten beider ging es dann. Zuvor haben sie aber fleißig Trojaner gefunden und in Quarantäne gepackt. Ich hänge die Logfiles ebenfalls an. Ich vermute, dass deswegen die Tools auch nichts mehr gefunden haben...?

MBAR war wieder unauffällig:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.27.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Fr Fee :: FRFEE-PC [administrator]

27.03.2013 16:27:49
mbar-log-2013-03-27 (16-27-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 25254
Time elapsed: 12 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

aswMBR hat gezickt, dann aber das ausgespuckt:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-27 17:50:55
-----------------------------
17:50:55.028    OS Version: Windows 6.1.7601 Service Pack 1
17:50:55.028    Number of processors: 2 586 0xF0D
17:50:55.028    ComputerName: FRFEE-PC  UserName: Fr Fee
17:50:55.917    Initialize success
17:51:12.484    AVAST engine defs: 13032601
17:51:20.003    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
17:51:20.003    Disk 0 Vendor: WDC_WD1600BEVT-75ZCT1 11.01A11 Size: 152627MB BusType: 11
17:51:20.175    Disk 0 MBR read successfully
17:51:20.190    Disk 0 MBR scan
17:51:20.206    Disk 0 Windows 7 default MBR code
17:51:20.206    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      101 MB offset 63
17:51:20.237    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 208896
17:51:20.253    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       139723 MB offset 21180416
17:51:20.268    Disk 0 Partition - 00     0F Extended LBA              2560 MB offset 307335168
17:51:20.331    Disk 0 Partition 4 00     DD              MSDOS5.0     2559 MB offset 307337216
17:51:20.346    Disk 0 scanning sectors +312578048
17:51:20.409    Disk 0 scanning C:\Windows\system32\drivers
17:51:37.865    Service scanning
17:52:10.968    Modules scanning
17:52:20.500    Disk 0 trace - called modules:
17:52:20.516    
17:52:21.545    AVAST engine scan C:\Windows
17:52:24.790    AVAST engine scan C:\Windows\system32
17:58:07.601    AVAST engine scan C:\Windows\system32\drivers
17:58:28.333    AVAST engine scan C:\Users\Fr Fee
18:26:06.664    AVAST engine scan C:\ProgramData
18:27:58.466    Scan finished successfully
18:29:06.795    Disk 0 MBR has been saved successfully to "F:\Log 2\MBR.dat"
18:29:06.826    The log file has been saved successfully to "F:\Log 2\aswMBR.txt"
         

TDSS-Killer:

Code:
ATTFilter
17:35:31.0562 0936  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:35:31.0609 0936  ============================================================
17:35:31.0609 0936  Current date / time: 2013/03/27 17:35:31.0609
17:35:31.0609 0936  SystemInfo:
17:35:31.0609 0936  
17:35:31.0609 0936  OS Version: 6.1.7601 ServicePack: 1.0
17:35:31.0609 0936  Product type: Workstation
17:35:31.0609 0936  ComputerName: FRFEE-PC
17:35:31.0609 0936  UserName: Fr Fee
17:35:31.0609 0936  Windows directory: C:\Windows
17:35:31.0609 0936  System windows directory: C:\Windows
17:35:31.0609 0936  Processor architecture: Intel x86
17:35:31.0609 0936  Number of processors: 2
17:35:31.0609 0936  Page size: 0x1000
17:35:31.0609 0936  Boot type: Normal boot
17:35:31.0609 0936  ============================================================
17:35:33.0185 0936  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:35:33.0200 0936  Drive \Device\Harddisk1\DR1 - Size: 0x3D300000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:35:33.0200 0936  ============================================================
17:35:33.0200 0936  \Device\Harddisk0\DR0:
17:35:33.0200 0936  MBR partitions:
17:35:33.0200 0936  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1400000
17:35:33.0200 0936  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1433000, BlocksNum 0x110E5FF8
17:35:33.0949 0936  \Device\Harddisk1\DR1:
17:35:33.0949 0936  MBR partitions:
17:35:33.0949 0936  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1E97B0
17:35:33.0949 0936  ============================================================
17:35:33.0980 0936  C: <-> \Device\Harddisk0\DR0\Partition2
17:35:34.0370 0936  D: <-> \Device\Harddisk0\DR0\Partition1
17:35:34.0370 0936  ============================================================
17:35:34.0370 0936  Initialize success
17:35:34.0370 0936  ============================================================
17:35:45.0509 3032  ============================================================
17:35:45.0509 3032  Scan started
17:35:45.0509 3032  Mode: Manual; SigCheck; TDLFS; 
17:35:45.0509 3032  ============================================================
17:35:46.0928 3032  ================ Scan system memory ========================
17:35:46.0928 3032  System memory - ok
17:35:46.0928 3032  ================ Scan services =============================
17:35:47.0100 3032  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:35:47.0303 3032  1394ohci - ok
17:35:47.0350 3032  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:35:47.0396 3032  ACPI - ok
17:35:47.0428 3032  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:35:47.0521 3032  AcpiPmi - ok
17:35:47.0646 3032  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:35:47.0693 3032  AdobeARMservice - ok
17:35:47.0802 3032  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:35:47.0833 3032  AdobeFlashPlayerUpdateSvc - ok
17:35:47.0896 3032  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:35:47.0989 3032  adp94xx - ok
17:35:48.0020 3032  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:35:48.0067 3032  adpahci - ok
17:35:48.0083 3032  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:35:48.0130 3032  adpu320 - ok
17:35:48.0161 3032  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:35:48.0332 3032  AeLookupSvc - ok
17:35:48.0379 3032  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
17:35:48.0488 3032  AFD - ok
17:35:48.0520 3032  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:35:48.0566 3032  agp440 - ok
17:35:48.0613 3032  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
17:35:48.0691 3032  aic78xx - ok
17:35:48.0722 3032  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
17:35:48.0800 3032  ALG - ok
17:35:48.0832 3032  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:35:48.0863 3032  aliide - ok
17:35:48.0878 3032  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:35:48.0910 3032  amdagp - ok
17:35:48.0941 3032  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:35:48.0972 3032  amdide - ok
17:35:49.0019 3032  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:35:49.0097 3032  AmdK8 - ok
17:35:49.0112 3032  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:35:49.0190 3032  AmdPPM - ok
17:35:49.0237 3032  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:35:49.0268 3032  amdsata - ok
17:35:49.0300 3032  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:35:49.0331 3032  amdsbs - ok
17:35:49.0378 3032  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:35:49.0409 3032  amdxata - ok
17:35:51.0031 3032  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:35:51.0062 3032  AntiVirSchedulerService - ok
17:35:51.0156 3032  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:35:51.0187 3032  AntiVirService - ok
17:35:51.0234 3032  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
17:35:51.0312 3032  AppID - ok
17:35:51.0359 3032  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:35:51.0437 3032  AppIDSvc - ok
17:35:51.0499 3032  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
17:35:51.0577 3032  Appinfo - ok
17:35:51.0718 3032  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:35:51.0811 3032  AppMgmt - ok
17:35:51.0842 3032  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:35:51.0889 3032  arc - ok
17:35:51.0920 3032  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:35:51.0967 3032  arcsas - ok
17:35:51.0998 3032  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:35:52.0139 3032  AsyncMac - ok
17:35:52.0170 3032  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
17:35:52.0201 3032  atapi - ok
17:35:52.0264 3032  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:35:52.0357 3032  AudioEndpointBuilder - ok
17:35:52.0388 3032  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:35:52.0451 3032  Audiosrv - ok
17:35:52.0544 3032  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:35:52.0607 3032  avgntflt - ok
17:35:52.0700 3032  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:35:52.0732 3032  avipbb - ok
17:35:52.0794 3032  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:35:52.0841 3032  avkmgr - ok
17:35:52.0888 3032  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:35:52.0950 3032  AxInstSV - ok
17:35:52.0997 3032  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
17:35:53.0106 3032  b06bdrv - ok
17:35:53.0137 3032  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:35:53.0184 3032  b57nd60x - ok
17:35:53.0309 3032  [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
17:35:53.0418 3032  BCM43XX - ok
17:35:53.0449 3032  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:35:53.0512 3032  BDESVC - ok
17:35:53.0574 3032  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:35:53.0636 3032  Beep - ok
17:35:53.0699 3032  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
17:35:53.0777 3032  BFE - ok
17:35:53.0824 3032  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
17:35:53.0917 3032  BITS - ok
17:35:53.0933 3032  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:35:53.0980 3032  blbdrive - ok
17:35:54.0011 3032  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:35:54.0073 3032  bowser - ok
17:35:54.0120 3032  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:35:54.0214 3032  BrFiltLo - ok
17:35:54.0245 3032  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:35:54.0307 3032  BrFiltUp - ok
17:35:54.0338 3032  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
17:35:54.0401 3032  Browser - ok
17:35:54.0448 3032  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:35:54.0526 3032  Brserid - ok
17:35:54.0541 3032  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:35:54.0604 3032  BrSerWdm - ok
17:35:54.0619 3032  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:35:54.0666 3032  BrUsbMdm - ok
17:35:54.0697 3032  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:35:54.0760 3032  BrUsbSer - ok
17:35:54.0822 3032  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:35:54.0869 3032  BTHMODEM - ok
17:35:54.0931 3032  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
17:35:55.0009 3032  bthserv - ok
17:35:55.0087 3032  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:35:55.0150 3032  cdfs - ok
17:35:55.0228 3032  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:35:55.0274 3032  cdrom - ok
17:35:55.0306 3032  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:35:55.0399 3032  CertPropSvc - ok
17:35:55.0462 3032  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:35:55.0508 3032  circlass - ok
17:35:55.0540 3032  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
17:35:55.0586 3032  CLFS - ok
17:35:55.0742 3032  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:35:55.0789 3032  clr_optimization_v2.0.50727_32 - ok
17:35:55.0883 3032  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:35:55.0930 3032  clr_optimization_v4.0.30319_32 - ok
17:35:55.0992 3032  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:35:56.0039 3032  CmBatt - ok
17:35:56.0179 3032  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:35:56.0210 3032  cmdide - ok
17:35:56.0304 3032  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
17:35:56.0382 3032  CNG - ok
17:35:56.0444 3032  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:35:56.0476 3032  Compbatt - ok
17:35:56.0538 3032  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:35:56.0585 3032  CompositeBus - ok
17:35:56.0600 3032  COMSysApp - ok
17:35:56.0632 3032  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:35:56.0663 3032  crcdisk - ok
17:35:56.0725 3032  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:35:56.0803 3032  CryptSvc - ok
17:35:56.0881 3032  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
17:35:56.0975 3032  CSC - ok
17:35:57.0068 3032  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
17:35:57.0131 3032  CscService - ok
17:35:57.0162 3032  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:35:57.0240 3032  DcomLaunch - ok
17:35:57.0302 3032  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:35:57.0552 3032  defragsvc - ok
17:35:57.0614 3032  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:35:57.0739 3032  DfsC - ok
17:35:57.0817 3032  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:35:57.0911 3032  Dhcp - ok
17:35:57.0942 3032  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
17:35:58.0020 3032  discache - ok
17:35:58.0051 3032  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:35:58.0098 3032  Disk - ok
17:35:58.0129 3032  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:35:58.0223 3032  Dnscache - ok
17:35:58.0270 3032  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:35:58.0348 3032  dot3svc - ok
17:35:58.0410 3032  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
17:35:58.0504 3032  DPS - ok
17:35:58.0550 3032  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:35:58.0597 3032  drmkaud - ok
17:35:58.0644 3032  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:35:58.0722 3032  DXGKrnl - ok
17:35:58.0800 3032  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
17:35:58.0878 3032  EapHost - ok
17:35:59.0018 3032  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
17:35:59.0299 3032  ebdrv - ok
17:35:59.0330 3032  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
17:35:59.0377 3032  EFS - ok
17:35:59.0455 3032  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:35:59.0549 3032  ehRecvr - ok
17:35:59.0627 3032  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
17:35:59.0674 3032  ehSched - ok
17:35:59.0736 3032  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:35:59.0798 3032  elxstor - ok
17:36:00.0110 3032  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:36:00.0188 3032  ErrDev - ok
17:36:00.0235 3032  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
17:36:00.0329 3032  EventSystem - ok
17:36:00.0376 3032  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
17:36:00.0500 3032  exfat - ok
17:36:00.0516 3032  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:36:00.0594 3032  fastfat - ok
17:36:00.0703 3032  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
17:36:00.0766 3032  Fax - ok
17:36:00.0797 3032  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:36:00.0844 3032  fdc - ok
17:36:00.0922 3032  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
17:36:01.0000 3032  fdPHost - ok
17:36:01.0046 3032  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
17:36:01.0140 3032  FDResPub - ok
17:36:01.0171 3032  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:36:01.0202 3032  FileInfo - ok
17:36:01.0265 3032  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:36:01.0343 3032  Filetrace - ok
17:36:01.0374 3032  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:36:01.0421 3032  flpydisk - ok
17:36:01.0452 3032  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:36:01.0514 3032  FltMgr - ok
17:36:01.0608 3032  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
17:36:01.0733 3032  FontCache - ok
17:36:01.0858 3032  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:36:01.0889 3032  FontCache3.0.0.0 - ok
17:36:01.0936 3032  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:36:01.0967 3032  FsDepends - ok
17:36:02.0029 3032  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:36:02.0060 3032  Fs_Rec - ok
17:36:02.0107 3032  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:36:02.0170 3032  fvevol - ok
17:36:02.0232 3032  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:36:02.0279 3032  gagp30kx - ok
17:36:02.0326 3032  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:36:02.0435 3032  gpsvc - ok
17:36:02.0560 3032  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:36:02.0591 3032  gupdate - ok
17:36:02.0622 3032  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:36:02.0638 3032  gupdatem - ok
17:36:02.0669 3032  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:36:02.0762 3032  gusvc - ok
17:36:02.0809 3032  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:36:02.0856 3032  hcw85cir - ok
17:36:02.0934 3032  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:36:03.0012 3032  HdAudAddService - ok
17:36:03.0059 3032  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:36:03.0106 3032  HDAudBus - ok
17:36:03.0152 3032  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:36:03.0199 3032  HidBatt - ok
17:36:03.0215 3032  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:36:03.0277 3032  HidBth - ok
17:36:03.0308 3032  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:36:03.0371 3032  HidIr - ok
17:36:03.0402 3032  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
17:36:03.0496 3032  hidserv - ok
17:36:03.0558 3032  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:36:03.0683 3032  HidUsb - ok
17:36:03.0776 3032  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:36:03.0839 3032  hkmsvc - ok
17:36:03.0948 3032  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:36:04.0073 3032  HomeGroupListener - ok
17:36:04.0104 3032  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:36:04.0151 3032  HomeGroupProvider - ok
17:36:04.0198 3032  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:36:04.0244 3032  HpSAMD - ok
17:36:04.0322 3032  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:36:04.0416 3032  HTTP - ok
17:36:04.0432 3032  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:36:04.0478 3032  hwpolicy - ok
17:36:04.0556 3032  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:36:04.0619 3032  i8042prt - ok
17:36:04.0712 3032  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:36:04.0790 3032  iaStorV - ok
17:36:04.0884 3032  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:36:05.0040 3032  idsvc - ok
17:36:05.0274 3032  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:36:05.0586 3032  igfx - ok
17:36:05.0617 3032  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:36:05.0695 3032  iirsp - ok
17:36:05.0773 3032  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:36:05.0851 3032  IKEEXT - ok
17:36:05.0914 3032  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:36:05.0945 3032  intelide - ok
17:36:05.0976 3032  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:36:06.0007 3032  intelppm - ok
17:36:06.0038 3032  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:36:06.0116 3032  IPBusEnum - ok
17:36:06.0148 3032  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:36:06.0241 3032  IpFilterDriver - ok
17:36:06.0288 3032  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:36:06.0350 3032  iphlpsvc - ok
17:36:06.0382 3032  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:36:06.0460 3032  IPMIDRV - ok
17:36:06.0475 3032  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:36:06.0553 3032  IPNAT - ok
17:36:06.0569 3032  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:36:06.0647 3032  IRENUM - ok
17:36:06.0662 3032  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:36:06.0709 3032  isapnp - ok
17:36:06.0740 3032  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:36:06.0834 3032  iScsiPrt - ok
17:36:06.0881 3032  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:36:06.0912 3032  kbdclass - ok
17:36:06.0990 3032  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:36:07.0037 3032  kbdhid - ok
17:36:07.0052 3032  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
17:36:07.0084 3032  KeyIso - ok
17:36:07.0115 3032  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:36:07.0162 3032  KSecDD - ok
17:36:07.0193 3032  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:36:07.0240 3032  KSecPkg - ok
17:36:07.0271 3032  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:36:07.0396 3032  KtmRm - ok
17:36:07.0442 3032  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:36:07.0536 3032  LanmanServer - ok
17:36:07.0598 3032  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:36:07.0661 3032  LanmanWorkstation - ok
17:36:07.0708 3032  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:36:07.0786 3032  lltdio - ok
17:36:07.0817 3032  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:36:07.0942 3032  lltdsvc - ok
17:36:07.0973 3032  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:36:08.0066 3032  lmhosts - ok
17:36:08.0129 3032  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:36:08.0176 3032  LSI_FC - ok
17:36:08.0207 3032  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:36:08.0238 3032  LSI_SAS - ok
17:36:08.0269 3032  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:36:08.0316 3032  LSI_SAS2 - ok
17:36:08.0363 3032  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:36:08.0394 3032  LSI_SCSI - ok
17:36:08.0441 3032  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
17:36:08.0519 3032  luafv - ok
17:36:08.0566 3032  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:36:08.0597 3032  MBAMProtector - ok
17:36:08.0659 3032  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:36:08.0706 3032  MBAMScheduler - ok
17:36:08.0737 3032  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:36:08.0800 3032  MBAMService - ok
17:36:09.0127 3032  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
17:36:09.0174 3032  McComponentHostService - ok
17:36:09.0299 3032  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:36:09.0346 3032  Mcx2Svc - ok
17:36:09.0486 3032  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
17:36:09.0548 3032  MDM ( UnsignedFile.Multi.Generic ) - warning
17:36:09.0548 3032  MDM - detected UnsignedFile.Multi.Generic (1)
17:36:09.0580 3032  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:36:09.0626 3032  megasas - ok
17:36:09.0658 3032  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:36:09.0720 3032  MegaSR - ok
17:36:09.0736 3032  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
17:36:09.0829 3032  MMCSS - ok
17:36:09.0845 3032  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
17:36:09.0938 3032  Modem - ok
17:36:10.0016 3032  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:36:10.0048 3032  monitor - ok
17:36:10.0094 3032  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:36:10.0141 3032  mouclass - ok
17:36:10.0172 3032  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:36:10.0235 3032  mouhid - ok
17:36:10.0313 3032  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:36:10.0406 3032  mountmgr - ok
17:36:10.0484 3032  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:36:10.0531 3032  MozillaMaintenance - ok
17:36:10.0547 3032  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:36:10.0594 3032  mpio - ok
17:36:10.0687 3032  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:36:10.0796 3032  mpsdrv - ok
17:36:10.0890 3032  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:36:11.0015 3032  MpsSvc - ok
17:36:11.0046 3032  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:36:11.0140 3032  MRxDAV - ok
17:36:11.0186 3032  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:36:11.0249 3032  mrxsmb - ok
17:36:11.0296 3032  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:36:11.0358 3032  mrxsmb10 - ok
17:36:11.0389 3032  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:36:11.0498 3032  mrxsmb20 - ok
17:36:11.0576 3032  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
17:36:11.0608 3032  msahci - ok
17:36:11.0701 3032  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:36:11.0748 3032  msdsm - ok
17:36:11.0764 3032  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
17:36:11.0842 3032  MSDTC - ok
17:36:11.0888 3032  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:36:11.0951 3032  Msfs - ok
17:36:11.0966 3032  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:36:12.0060 3032  mshidkmdf - ok
17:36:12.0122 3032  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:36:12.0154 3032  msisadrv - ok
17:36:12.0200 3032  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:36:12.0294 3032  MSiSCSI - ok
17:36:12.0294 3032  msiserver - ok
17:36:12.0372 3032  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:36:12.0434 3032  MSKSSRV - ok
17:36:12.0497 3032  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:36:12.0575 3032  MSPCLOCK - ok
17:36:12.0590 3032  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:36:12.0731 3032  MSPQM - ok
17:36:12.0980 3032  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:36:13.0012 3032  MsRPC - ok
17:36:13.0058 3032  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:36:13.0090 3032  mssmbios - ok
17:36:13.0152 3032  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:36:13.0261 3032  MSTEE - ok
17:36:13.0339 3032  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:36:13.0402 3032  MTConfig - ok
17:36:13.0417 3032  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:36:13.0464 3032  Mup - ok
17:36:13.0526 3032  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
17:36:13.0620 3032  napagent - ok
17:36:13.0698 3032  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:36:13.0760 3032  NativeWifiP - ok
17:36:13.0838 3032  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:36:13.0885 3032  NDIS - ok
17:36:13.0963 3032  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:36:14.0041 3032  NdisCap - ok
17:36:14.0072 3032  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:36:14.0150 3032  NdisTapi - ok
17:36:14.0213 3032  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:36:14.0291 3032  Ndisuio - ok
17:36:14.0416 3032  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:36:14.0540 3032  NdisWan - ok
17:36:14.0603 3032  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:36:14.0743 3032  NDProxy - ok
17:36:14.0821 3032  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:36:14.0899 3032  NetBIOS - ok
17:36:14.0930 3032  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:36:15.0040 3032  NetBT - ok
17:36:15.0071 3032  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
17:36:15.0102 3032  Netlogon - ok
17:36:15.0149 3032  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
17:36:15.0227 3032  Netman - ok
17:36:15.0242 3032  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
17:36:15.0320 3032  netprofm - ok
17:36:15.0352 3032  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:36:15.0398 3032  NetTcpPortSharing - ok
17:36:15.0476 3032  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:36:15.0523 3032  nfrd960 - ok
17:36:15.0554 3032  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:36:15.0617 3032  NlaSvc - ok
17:36:15.0695 3032  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:36:15.0757 3032  Npfs - ok
17:36:15.0804 3032  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
17:36:15.0944 3032  nsi - ok
17:36:15.0960 3032  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:36:16.0054 3032  nsiproxy - ok
17:36:16.0132 3032  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:36:16.0256 3032  Ntfs - ok
17:36:16.0303 3032  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
17:36:16.0381 3032  Null - ok
17:36:16.0459 3032  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:36:16.0537 3032  nvraid - ok
17:36:16.0615 3032  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:36:16.0662 3032  nvstor - ok
17:36:16.0709 3032  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:36:16.0756 3032  nv_agp - ok
17:36:17.0146 3032  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:36:17.0208 3032  odserv - ok
17:36:17.0270 3032  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:36:17.0333 3032  ohci1394 - ok
17:36:17.0395 3032  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:36:17.0426 3032  ose - ok
17:36:17.0473 3032  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:36:17.0504 3032  p2pimsvc - ok
17:36:17.0567 3032  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:36:17.0707 3032  p2psvc - ok
17:36:17.0754 3032  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:36:17.0801 3032  Parport - ok
17:36:17.0832 3032  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:36:17.0863 3032  partmgr - ok
17:36:17.0972 3032  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:36:18.0113 3032  Parvdm - ok
17:36:18.0768 3032  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:36:18.0815 3032  PcaSvc - ok
17:36:18.0862 3032  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
17:36:18.0924 3032  pci - ok
17:36:18.0940 3032  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
17:36:18.0986 3032  pciide - ok
17:36:19.0018 3032  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:36:19.0049 3032  pcmcia - ok
17:36:19.0080 3032  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
17:36:19.0111 3032  pcw - ok
17:36:19.0174 3032  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:36:19.0298 3032  PEAUTH - ok
17:36:19.0392 3032  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:36:19.0439 3032  PeerDistSvc - ok
17:36:19.0517 3032  [ 021968ED24B4E44BABAF11FBF8C4FB86 ] phaudlwr        C:\Windows\system32\DRIVERS\phaudlwr.sys
17:36:19.0579 3032  phaudlwr - ok
17:36:19.0673 3032  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
17:36:19.0876 3032  pla - ok
17:36:19.0922 3032  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:36:20.0000 3032  PlugPlay - ok
17:36:20.0047 3032  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:36:20.0094 3032  PNRPAutoReg - ok
17:36:20.0125 3032  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:36:20.0156 3032  PNRPsvc - ok
17:36:20.0203 3032  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:36:20.0312 3032  PolicyAgent - ok
17:36:20.0390 3032  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
17:36:20.0468 3032  Power - ok
17:36:20.0546 3032  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:36:20.0749 3032  PptpMiniport - ok
17:36:20.0827 3032  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:36:20.0874 3032  Processor - ok
17:36:20.0936 3032  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
17:36:21.0124 3032  ProfSvc - ok
17:36:21.0358 3032  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:36:21.0389 3032  ProtectedStorage - ok
17:36:21.0623 3032  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:36:21.0685 3032  Psched - ok
17:36:21.0763 3032  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:36:21.0935 3032  ql2300 - ok
17:36:22.0013 3032  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:36:22.0060 3032  ql40xx - ok
17:36:22.0091 3032  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
17:36:22.0169 3032  QWAVE - ok
17:36:22.0184 3032  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:36:22.0231 3032  QWAVEdrv - ok
17:36:22.0372 3032  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:36:22.0543 3032  RasAcd - ok
17:36:22.0824 3032  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:36:22.0933 3032  RasAgileVpn - ok
17:36:22.0980 3032  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
17:36:23.0058 3032  RasAuto - ok
17:36:23.0120 3032  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:36:23.0198 3032  Rasl2tp - ok
17:36:23.0261 3032  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
17:36:23.0354 3032  RasMan - ok
17:36:23.0370 3032  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:36:23.0448 3032  RasPppoe - ok
17:36:23.0464 3032  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:36:23.0542 3032  RasSstp - ok
17:36:23.0573 3032  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:36:23.0666 3032  rdbss - ok
17:36:23.0698 3032  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:36:23.0729 3032  rdpbus - ok
17:36:23.0791 3032  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:36:23.0900 3032  RDPCDD - ok
17:36:23.0932 3032  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:36:23.0994 3032  RDPDR - ok
17:36:24.0025 3032  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:36:24.0103 3032  RDPENCDD - ok
17:36:24.0181 3032  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:36:24.0290 3032  RDPREFMP - ok
17:36:24.0337 3032  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:36:24.0400 3032  RDPWD - ok
17:36:24.0446 3032  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:36:24.0524 3032  rdyboost - ok
17:36:24.0556 3032  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:36:24.0665 3032  RemoteAccess - ok
17:36:24.0758 3032  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:36:24.0852 3032  RemoteRegistry - ok
17:36:24.0899 3032  [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
17:36:24.0977 3032  rimmptsk - ok
17:36:25.0008 3032  [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
17:36:25.0055 3032  rimsptsk - ok
17:36:25.0086 3032  [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
17:36:25.0133 3032  rismxdp - ok
17:36:25.0195 3032  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:36:25.0273 3032  RpcEptMapper - ok
17:36:25.0304 3032  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
17:36:25.0351 3032  RpcLocator - ok
17:36:25.0367 3032  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
17:36:25.0445 3032  RpcSs - ok
17:36:25.0523 3032  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:36:25.0679 3032  rspndr - ok
17:36:25.0710 3032  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:36:25.0960 3032  s3cap - ok
17:36:26.0287 3032  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
17:36:26.0318 3032  SamSs - ok
17:36:26.0365 3032  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:36:26.0396 3032  sbp2port - ok
17:36:26.0443 3032  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:36:26.0521 3032  SCardSvr - ok
17:36:26.0552 3032  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:36:26.0630 3032  scfilter - ok
17:36:26.0724 3032  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
17:36:26.0818 3032  Schedule - ok
17:36:26.0927 3032  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:36:26.0974 3032  SCPolicySvc - ok
17:36:27.0036 3032  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
17:36:27.0098 3032  sdbus - ok
17:36:27.0130 3032  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:36:27.0301 3032  SDRSVC - ok
17:36:27.0364 3032  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:36:27.0426 3032  secdrv - ok
17:36:27.0535 3032  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
17:36:27.0738 3032  seclogon - ok
17:36:27.0769 3032  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
17:36:27.0863 3032  SENS - ok
17:36:27.0910 3032  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:36:27.0988 3032  SensrSvc - ok
17:36:28.0019 3032  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:36:28.0081 3032  Serenum - ok
17:36:28.0097 3032  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:36:28.0159 3032  Serial - ok
17:36:28.0190 3032  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:36:28.0237 3032  sermouse - ok
17:36:28.0300 3032  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:36:28.0346 3032  SessionEnv - ok
17:36:28.0378 3032  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
17:36:28.0424 3032  sffdisk - ok
17:36:28.0440 3032  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:36:28.0487 3032  sffp_mmc - ok
17:36:28.0502 3032  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
17:36:28.0534 3032  sffp_sd - ok
17:36:28.0596 3032  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:36:28.0721 3032  sfloppy - ok
17:36:28.0783 3032  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:36:28.0892 3032  SharedAccess - ok
17:36:28.0939 3032  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:36:29.0033 3032  ShellHWDetection - ok
17:36:29.0064 3032  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:36:29.0111 3032  sisagp - ok
17:36:29.0158 3032  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:36:29.0189 3032  SiSRaid2 - ok
17:36:29.0220 3032  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:36:29.0251 3032  SiSRaid4 - ok
17:36:29.0345 3032  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:36:29.0470 3032  SkypeUpdate - ok
17:36:29.0501 3032  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:36:29.0594 3032  Smb - ok
17:36:29.0704 3032  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:36:29.0766 3032  SNMPTRAP - ok
17:36:29.0813 3032  [ 437198C0D349B0E0D4305D3081C5E912 ] SPC530          C:\Windows\system32\drivers\SPC530.sys
17:36:29.0906 3032  SPC530 - ok
17:36:29.0922 3032  [ 92E0CE241498B483404A957E709329CC ] SPC530m         C:\Windows\system32\drivers\SPC530m.sys
17:36:29.0953 3032  SPC530m - ok
17:36:29.0984 3032  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:36:30.0016 3032  spldr - ok
17:36:30.0062 3032  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
17:36:30.0156 3032  Spooler - ok
17:36:30.0296 3032  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
17:36:30.0421 3032  sppsvc - ok
17:36:30.0468 3032  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:36:30.0546 3032  sppuinotify - ok
17:36:30.0593 3032  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:36:30.0749 3032  srv - ok
17:36:30.0811 3032  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:36:30.0889 3032  srv2 - ok
17:36:30.0936 3032  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:36:30.0983 3032  SrvHsfHDA - ok
17:36:31.0030 3032  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:36:31.0139 3032  SrvHsfV92 - ok
17:36:31.0186 3032  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
17:36:31.0264 3032  SrvHsfWinac - ok
17:36:31.0295 3032  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:36:31.0342 3032  srvnet - ok
17:36:31.0373 3032  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:36:31.0451 3032  SSDPSRV - ok
17:36:31.0498 3032  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
17:36:31.0529 3032  ssmdrv - ok
17:36:31.0576 3032  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:36:31.0654 3032  SstpSvc - ok
17:36:31.0700 3032  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:36:31.0732 3032  stexstor - ok
17:36:31.0778 3032  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:36:31.0872 3032  StiSvc - ok
17:36:31.0919 3032  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:36:31.0950 3032  storflt - ok
17:36:32.0012 3032  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
17:36:32.0059 3032  StorSvc - ok
17:36:32.0106 3032  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:36:32.0153 3032  storvsc - ok
17:36:32.0168 3032  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:36:32.0200 3032  swenum - ok
17:36:32.0262 3032  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
17:36:32.0356 3032  swprv - ok
17:36:32.0418 3032  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
17:36:32.0480 3032  SysMain - ok
17:36:32.0496 3032  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:36:32.0558 3032  TabletInputService - ok
17:36:32.0683 3032  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:36:32.0777 3032  TapiSrv - ok
17:36:32.0792 3032  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
17:36:32.0870 3032  TBS - ok
17:36:32.0948 3032  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:36:33.0120 3032  Tcpip - ok
17:36:33.0198 3032  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:36:33.0276 3032  TCPIP6 - ok
17:36:33.0323 3032  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:36:33.0370 3032  tcpipreg - ok
17:36:33.0416 3032  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:36:33.0494 3032  TDPIPE - ok
17:36:33.0526 3032  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:36:33.0557 3032  TDTCP - ok
17:36:33.0588 3032  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:36:33.0728 3032  tdx - ok
17:36:33.0775 3032  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:36:33.0822 3032  TermDD - ok
17:36:33.0869 3032  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
17:36:33.0962 3032  TermService - ok
17:36:34.0056 3032  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
17:36:34.0118 3032  Themes - ok
17:36:34.0150 3032  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
17:36:34.0196 3032  THREADORDER - ok
17:36:34.0259 3032  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
17:36:34.0337 3032  TrkWks - ok
17:36:34.0399 3032  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:36:34.0493 3032  TrustedInstaller - ok
17:36:34.0586 3032  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:36:34.0727 3032  tssecsrv - ok
17:36:34.0774 3032  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:36:34.0805 3032  TsUsbFlt - ok
17:36:34.0852 3032  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:36:34.0914 3032  tunnel - ok
17:36:34.0945 3032  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:36:34.0992 3032  uagp35 - ok
17:36:35.0008 3032  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:36:35.0101 3032  udfs - ok
17:36:35.0148 3032  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:36:35.0195 3032  UI0Detect - ok
17:36:35.0257 3032  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:36:35.0288 3032  uliagpkx - ok
17:36:35.0320 3032  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:36:35.0366 3032  umbus - ok
17:36:35.0413 3032  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:36:35.0476 3032  UmPass - ok
17:36:35.0507 3032  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:36:35.0569 3032  UmRdpService - ok
17:36:35.0647 3032  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
17:36:35.0710 3032  upnphost - ok
17:36:35.0741 3032  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:36:35.0803 3032  usbaudio - ok
17:36:35.0881 3032  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:36:35.0959 3032  usbccgp - ok
17:36:36.0006 3032  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:36:36.0053 3032  usbcir - ok
17:36:36.0100 3032  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:36:36.0131 3032  usbehci - ok
17:36:36.0209 3032  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:36:36.0256 3032  usbhub - ok
17:36:36.0334 3032  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
17:36:36.0380 3032  usbohci - ok
17:36:36.0396 3032  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:36:36.0443 3032  usbprint - ok
17:36:36.0490 3032  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:36:36.0536 3032  usbscan - ok
17:36:36.0583 3032  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:36:36.0630 3032  USBSTOR - ok
17:36:36.0708 3032  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:36:36.0739 3032  usbuhci - ok
17:36:36.0770 3032  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
17:36:36.0817 3032  UxSms - ok
17:36:36.0895 3032  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
17:36:36.0926 3032  VaultSvc - ok
17:36:36.0958 3032  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:36:37.0004 3032  vdrvroot - ok
17:36:37.0051 3032  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
17:36:37.0176 3032  vds - ok
17:36:37.0207 3032  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:36:37.0270 3032  vga - ok
17:36:37.0285 3032  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:36:37.0348 3032  VgaSave - ok
17:36:37.0379 3032  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:36:37.0426 3032  vhdmp - ok
17:36:37.0472 3032  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:36:37.0504 3032  viaagp - ok
17:36:37.0535 3032  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
17:36:37.0582 3032  ViaC7 - ok
17:36:37.0613 3032  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
17:36:37.0644 3032  viaide - ok
17:36:37.0660 3032  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:36:37.0706 3032  vmbus - ok
17:36:37.0738 3032  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:36:37.0769 3032  VMBusHID - ok
17:36:37.0800 3032  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:36:37.0831 3032  volmgr - ok
17:36:37.0862 3032  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:36:37.0909 3032  volmgrx - ok
17:36:37.0940 3032  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:36:38.0003 3032  volsnap - ok
17:36:38.0034 3032  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:36:38.0081 3032  vsmraid - ok
17:36:38.0143 3032  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
17:36:38.0284 3032  VSS - ok
17:36:38.0299 3032  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:36:38.0346 3032  vwifibus - ok
17:36:38.0377 3032  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:36:38.0424 3032  vwififlt - ok
17:36:38.0471 3032  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:36:38.0502 3032  vwifimp - ok
17:36:38.0549 3032  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
17:36:38.0627 3032  W32Time - ok
17:36:38.0658 3032  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:36:38.0720 3032  WacomPen - ok
17:36:38.0752 3032  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:36:38.0814 3032  WANARP - ok
17:36:38.0830 3032  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:36:38.0876 3032  Wanarpv6 - ok
17:36:39.0017 3032  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:36:39.0251 3032  WatAdminSvc - ok
17:36:39.0329 3032  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
17:36:39.0454 3032  wbengine - ok
17:36:39.0485 3032  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:36:39.0547 3032  WbioSrvc - ok
17:36:39.0578 3032  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:36:39.0656 3032  wcncsvc - ok
17:36:39.0672 3032  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:36:39.0719 3032  WcsPlugInService - ok
17:36:39.0766 3032  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:36:39.0797 3032  Wd - ok
17:36:39.0844 3032  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:36:39.0937 3032  Wdf01000 - ok
17:36:39.0953 3032  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:36:40.0031 3032  WdiServiceHost - ok
17:36:40.0046 3032  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:36:40.0078 3032  WdiSystemHost - ok
17:36:40.0109 3032  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
17:36:40.0265 3032  WebClient - ok
17:36:40.0296 3032  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:36:40.0374 3032  Wecsvc - ok
17:36:40.0390 3032  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:36:40.0483 3032  wercplsupport - ok
17:36:40.0546 3032  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:36:40.0624 3032  WerSvc - ok
17:36:40.0686 3032  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:36:40.0748 3032  WfpLwf - ok
17:36:40.0780 3032  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:36:40.0811 3032  WIMMount - ok
17:36:40.0904 3032  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:36:40.0967 3032  WinDefend - ok
17:36:40.0982 3032  WinHttpAutoProxySvc - ok
17:36:41.0076 3032  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:36:41.0216 3032  Winmgmt - ok
17:36:41.0279 3032  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:36:41.0435 3032  WinRM - ok
17:36:41.0622 3032  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:36:41.0669 3032  WinUsb - ok
17:36:41.0747 3032  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:36:41.0856 3032  Wlansvc - ok
17:36:41.0903 3032  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:36:41.0934 3032  WmiAcpi - ok
17:36:41.0981 3032  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:36:42.0028 3032  wmiApSrv - ok
17:36:42.0184 3032  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:36:42.0277 3032  WMPNetworkSvc - ok
17:36:42.0324 3032  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:36:42.0371 3032  WPCSvc - ok
17:36:43.0026 3032  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:36:43.0073 3032  WPDBusEnum - ok
17:36:43.0229 3032  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:36:43.0307 3032  ws2ifsl - ok
17:36:43.0354 3032  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:36:43.0385 3032  wscsvc - ok
17:36:43.0400 3032  WSearch - ok
17:36:43.0525 3032  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:36:43.0619 3032  wuauserv - ok
17:36:43.0666 3032  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:36:43.0728 3032  WudfPf - ok
17:36:43.0822 3032  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:36:43.0884 3032  WUDFRd - ok
17:36:43.0978 3032  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:36:44.0009 3032  wudfsvc - ok
17:36:44.0071 3032  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:36:44.0149 3032  WwanSvc - ok
17:36:44.0258 3032  [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
17:36:44.0368 3032  yukonw7 - ok
17:36:44.0383 3032  ================ Scan global ===============================
17:36:44.0414 3032  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:36:44.0461 3032  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:36:44.0477 3032  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:36:44.0570 3032  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:36:44.0602 3032  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:36:44.0602 3032  [Global] - ok
17:36:44.0602 3032  ================ Scan MBR ==================================
17:36:44.0695 3032  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:36:45.0366 3032  \Device\Harddisk0\DR0 - ok
17:36:45.0382 3032  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:36:45.0538 3032  \Device\Harddisk1\DR1 - ok
17:36:45.0538 3032  ================ Scan VBR ==================================
17:36:45.0553 3032  [ E42E4169D9EA06558D6E391129529F43 ] \Device\Harddisk0\DR0\Partition1
17:36:45.0569 3032  \Device\Harddisk0\DR0\Partition1 - ok
17:36:45.0631 3032  [ 3F629D79619C37C742A8245805ECEC2D ] \Device\Harddisk0\DR0\Partition2
17:36:45.0631 3032  \Device\Harddisk0\DR0\Partition2 - ok
17:36:45.0647 3032  [ EC41BB0909901CB1AB7BFFB0008D8FAF ] \Device\Harddisk1\DR1\Partition1
17:36:45.0647 3032  \Device\Harddisk1\DR1\Partition1 - ok
17:36:45.0647 3032  ============================================================
17:36:45.0647 3032  Scan finished
17:36:45.0647 3032  ============================================================
17:36:45.0662 3104  Detected object count: 1
17:36:45.0662 3104  Actual detected object count: 1
17:37:05.0194 3104  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
17:37:05.0194 3104  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:47:56.0917 1224  Deinitialize success
         

Hier der aktuelle Quarantäne Stand von Antivir:

Code:
ATTFilter

Typ:	Datei
Quelle:	C:\Users\Fr Fee\dxygpfj.exe
Status:	Infiziert
Quarantäne-Objekt:	5441981e.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.20
Virendefinitionsdatei:	7.11.67.116
Meldung:	BDS/Androm.EB.69
Datum/Uhrzeit:	27.03.2013, 18:14


Typ:	Datei
Quelle:	C:\Users\Fr Fee\dxqmhhr.exe
Status:	Infiziert
Quarantäne-Objekt:	56fd94eb.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.20
Virendefinitionsdatei:	7.11.67.116
Meldung:	BDS/Androm.EB.69
Datum/Uhrzeit:	27.03.2013, 18:14


Typ:	Datei
Quelle:	C:\Users\Fr Fee\dxahap.exe
Status:	Infiziert
Quarantäne-Objekt:	5dd58127.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.20
Virendefinitionsdatei:	7.11.67.116
Meldung:	BDS/Androm.EB.69
Datum/Uhrzeit:	27.03.2013, 16:36


Typ:	Datei
Quelle:	C:\Users\Fr Fee\AppData\Roaming\Adlo\muuqwaa.exe
Status:	Infiziert
Quarantäne-Objekt:	453eae9d.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.20
Virendefinitionsdatei:	7.11.67.116
Meldung:	TR/Spy.ZBot.jvxg
Datum/Uhrzeit:	27.03.2013, 16:36


Typ:	Datei
Quelle:	C:\Users\Fr Fee\AppData\Local\Temp\1370819571.exe
Status:	Infiziert
Quarantäne-Objekt:	538dbd75.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.20
Virendefinitionsdatei:	7.11.67.116
Meldung:	TR/Spy.ZBot.jvxg
Datum/Uhrzeit:	27.03.2013, 16:27


Typ:	Datei
Quelle:	C:\Users\Fr Fee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\2fe23df8-41e999da
Status:	Infiziert
Quarantäne-Objekt:	56adcf74.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.12.14
Virendefinitionsdatei:	7.11.64.154
Meldung:	EXP/JAVA.Ternub.Gen
Datum/Uhrzeit:	26.03.2013, 08:48
         


Und Malwarebyte Protection hatte folgendes gefunden und in Quarantäne gepackt:

Code:
ATTFilter
2013/03/27 07:21:33 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting protection
2013/03/27 07:21:33 GMT	FRFEE-PC	Fr Fee	MESSAGE	Protection started successfully
2013/03/27 07:21:33 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting IP protection
2013/03/27 07:21:50 GMT	FRFEE-PC	Fr Fee	MESSAGE	IP Protection started successfully
2013/03/27 07:27:33 GMT	FRFEE-PC	Fr Fee	MESSAGE	Executing scheduled update:  Daily
2013/03/27 07:27:33 GMT	FRFEE-PC	Fr Fee	ERROR	Scheduled update failed:  No address found failed with error code 0
2013/03/27 07:50:30 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting database refresh
2013/03/27 07:50:30 GMT	FRFEE-PC	Fr Fee	MESSAGE	Stopping IP protection
2013/03/27 07:50:31 GMT	FRFEE-PC	Fr Fee	MESSAGE	IP Protection stopped successfully
2013/03/27 07:50:34 GMT	FRFEE-PC	Fr Fee	MESSAGE	Database refreshed successfully
2013/03/27 07:50:34 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting IP protection
2013/03/27 07:50:48 GMT	FRFEE-PC	Fr Fee	MESSAGE	IP Protection started successfully
2013/03/27 16:00:21 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting protection
2013/03/27 16:00:21 GMT	FRFEE-PC	Fr Fee	MESSAGE	Protection started successfully
2013/03/27 16:00:21 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting IP protection
2013/03/27 16:00:40 GMT	FRFEE-PC	Fr Fee	MESSAGE	IP Protection started successfully
2013/03/27 16:01:07 GMT	FRFEE-PC	Fr Fee	DETECTION	C:\Users\Fr Fee\AppData\Local\Temp\tmp812d3e06\23.exe	Trojan.FakeMS.PRGen	QUARANTINE
2013/03/27 16:10:08 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting database refresh
2013/03/27 16:10:08 GMT	FRFEE-PC	Fr Fee	MESSAGE	Stopping IP protection
2013/03/27 16:10:09 GMT	FRFEE-PC	Fr Fee	MESSAGE	IP Protection stopped successfully
2013/03/27 16:10:14 GMT	FRFEE-PC	Fr Fee	MESSAGE	Database refreshed successfully
2013/03/27 16:10:14 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting IP protection
2013/03/27 16:10:31 GMT	FRFEE-PC	Fr Fee	MESSAGE	IP Protection started successfully
2013/03/27 16:34:14 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting protection
2013/03/27 16:34:14 GMT	FRFEE-PC	Fr Fee	MESSAGE	Protection started successfully
2013/03/27 16:34:14 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting IP protection
2013/03/27 16:34:34 GMT	FRFEE-PC	Fr Fee	MESSAGE	IP Protection started successfully
2013/03/27 17:28:35 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting protection
2013/03/27 17:28:35 GMT	FRFEE-PC	Fr Fee	MESSAGE	Protection started successfully
2013/03/27 17:28:35 GMT	FRFEE-PC	Fr Fee	MESSAGE	Starting IP protection
2013/03/27 17:28:54 GMT	FRFEE-PC	Fr Fee	MESSAGE	IP Protection started successfully
         

Alt 28.03.2013, 11:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logs bitte immer in CODE-Tags posten

Alt 28.03.2013, 21:59   #13
JVG
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



Ok, Cosinus. Hier also das Combofix Logfile. Lief alles wie geschmiert:

Code:
ATTFilter
ComboFix 13-03-28.01 - Fr Fee 28.03.2013  19:24:44.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3062.2121 [GMT 0:00]
ausgef¸hrt von:: c:\users\Fr Fee\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-28 bis 2013-03-28  ))))))))))))))))))))))))))))))
.
.
2013-03-28 19:31 . 2013-03-28 19:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-28 06:58 . 2013-03-28 06:58	--------	d-----w-	c:\users\Fr Fee\AppData\Roaming\Leadertech
2013-03-26 12:09 . 2013-03-26 12:09	--------	d-----w-	c:\program files\7-Zip
2013-03-26 08:52 . 2013-03-26 08:52	--------	d-----w-	c:\users\Fr Fee\AppData\Roaming\Malwarebytes
2013-03-26 08:52 . 2013-03-26 08:52	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-26 08:52 . 2013-03-26 08:52	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-26 08:52 . 2012-12-14 16:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-26 08:51 . 2013-03-26 08:51	--------	d-----w-	c:\users\Fr Fee\AppData\Local\Programs
2013-03-26 07:51 . 2013-03-26 07:51	--------	d-----w-	c:\users\Fr Fee\AppData\Roaming\Avira
2013-03-26 07:50 . 2013-03-06 15:13	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-26 07:50 . 2013-02-27 12:22	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-26 07:50 . 2013-02-27 12:22	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-26 07:50 . 2013-03-26 07:50	--------	d-----w-	c:\programdata\Avira
2013-03-26 07:50 . 2013-03-26 07:50	--------	d-----w-	c:\program files\Avira
2013-03-26 07:21 . 2013-03-26 07:21	--------	d-----w-	c:\program files\Kaspersky Lab
2013-03-21 16:35 . 2013-03-27 16:36	--------	d-----w-	c:\users\Fr Fee\AppData\Roaming\Adlo
2013-03-21 16:35 . 2013-03-27 16:01	--------	d-----w-	c:\users\Fr Fee\AppData\Roaming\Zov
2013-03-19 18:09 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2587A025-A59F-4219-B65D-86B4C0777BBE}\mpengine.dll
2013-03-14 19:07 . 2013-02-12 03:32	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-28 08:18 . 2013-01-13 19:53	187392	----a-w-	c:\windows\system32\UIAnimation.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 21:23 . 2012-08-16 19:16	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-13 21:23 . 2011-06-07 21:22	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-13 08:29	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 08:29	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-17 01:28 . 2011-03-25 16:20	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-13 13:31	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 13:31	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 13:31	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 13:32	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 13:31	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 13:31	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-08 09:55 . 2013-03-08 09:55	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Fr Fee\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Fr Fee\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Fr Fee\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE" [2011-04-24 219008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-19 345312]
.
c:\users\Fr Fee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Fr Fee\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [x]
R3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [x]
R3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 21:23]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-25 16:03]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd64bc987ada46.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-25 16:03]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uStart Page = hxxp://home.sweetim.com/?st=6&barid={896DC53A-F781-11E1-983E-001D0962ED65}
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={896DC53A-F781-11E1-983E-001D0962ED65}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4D827BD6-16FE-4D66-9ED7-5624EB251094}: NameServer = 134.2.200.1,134.2.200.2
FF - ProfilePath - c:\users\Fr Fee\AppData\Roaming\Mozilla\Firefox\Profiles\eswjcej2.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={896DC53A-F781-11E1-983E-001D0962ED65}&src=2&crg=3.1010000.10011&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3632)
c:\users\Fr Fee\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
Zeit der Fertigstellung: 2013-03-28  19:34:29
ComboFix-quarantined-files.txt  2013-03-28 19:34
.
Vor Suchlauf: 8 Verzeichnis(se), 36.715.692.032 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 37.841.174.528 Bytes frei
.
- - End Of File - - DCA73B2000098B42EB24F9E576E104AF
         

Alt 29.03.2013, 01:16   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logs bitte immer in CODE-Tags posten

Alt 29.03.2013, 09:10   #15
JVG
 
EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Standard

EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes



So weit ich sehen konnte, lief wieder alles easy.

JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Professional x86
Ran by Fr Fee on 29.03.2013 at  8:22:54,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetim
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetpacks communicator
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4238205265-3827081884-3146971656-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\1clicktorrentfile
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\1clicktorrentfile1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\oneclick
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\oneclickmg
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sim-packages
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\sweetim.exe
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\Program Files\sweetim"



~~~ FireFox

Successfully deleted: [File] C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\user.js
Successfully deleted the following from C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\prefs.js

user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.cbid", "F4");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.crumb", "2011.03.25+09.48.30-toolbar002iad-DE-U3R1dHRnYXJ0LEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");
user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1354119086791");
user_pref("extensions.asktb.last-v", "3.11.3.100005");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.o", "101699");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "7");
user_pref("extensions.asktb.search-suggestions-enabled", false);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "5000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.v", "3.11.3.100013");
user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={896DC53A-F781-11E1-983E-001D0962ED65}&src=2&crg=3.1010000.10011&q=");
Emptied folder: C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\minidumps [1042 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.03.2013 at  8:27:49,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwCleaner

Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 29/03/2013 um 08:29:53 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Fr Fee - FRFEE-PC
# Bootmodus : Normal
# Ausgef¸hrt unter : C:\Users\Fr Fee\Desktop\adwcleaner.exe
# Option [Lˆschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelˆscht : C:\Program Files\1ClickDownload
Ordner Gelˆscht : C:\Program Files\Ask.com
Ordner Gelˆscht : C:\Users\Fr Fee\AppData\LocalLow\AskToolbar
Ordner Gelˆscht : C:\Users\Fr Fee\AppData\Roaming\Mozilla\Firefox\Profiles\eswjcej2.default\jetpack
Ordner Gelˆscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelˆscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Ordner Gelˆscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Schl¸ssel Gelˆscht : HKCU\Software\APN
Schl¸ssel Gelˆscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schl¸ssel Gelˆscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schl¸ssel Gelˆscht : HKCU\Software\Ask.com
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schl¸ssel Gelˆscht : HKLM\Software\APN
Schl¸ssel Gelˆscht : HKLM\Software\AskToolbar
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Wert Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Fr Fee\AppData\Roaming\Mozilla\Firefox\Profiles\eswjcej2.default\prefs.js

Gelˆscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

*************************

AdwCleaner[S1].txt - [18857 octets] - [29/03/2013 08:29:53]

########## EOF - C:\AdwCleaner[S1].txt - [18918 octets] ##########
         
OTL:

Code:
ATTFilter
OTL logfile created on: 29.03.2013 08:34:39 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fr Fee\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 73,41% Memory free
5,98 Gb Paging File | 5,15 Gb Available in Paging File | 86,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,45 Gb Total Space | 35,02 Gb Free Space | 25,67% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,73 Gb Free Space | 57,29% Space Free | Partition Type: NTFS
Drive F: | 977,04 Mb Total Space | 821,32 Mb Free Space | 84,06% Space Free | Partition Type: FAT32
 
Computer Name: FRFEE-PC | User Name: Fr Fee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fr Fee\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Users\Fr Fee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\FRFEE~1\AppData\Local\Temp\catchme.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (phaudlwr) -- C:\Windows\System32\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SPC530) -- C:\Windows\System32\drivers\SPC530.sys (                                                            )
DRV - (SPC530m) -- C:\Windows\System32\drivers\SPC530m.sys (                                                            )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 23 5F 14 04 C3 CD 01  [binary data]
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\..\SearchScopes\{53337977-395A-4D90-BFDD-FB881AF2296F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: online_downloaden@example.net:1.0.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 09:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 09:55:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 09:55:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 09:55:38 | 000,000,000 | ---D | M]
 
[2011.03.25 16:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fr Fee\AppData\Roaming\mozilla\Extensions
[2013.03.05 13:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fr Fee\AppData\Roaming\mozilla\Firefox\Profiles\eswjcej2.default\extensions
[2013.01.30 21:31:03 | 000,204,940 | ---- | M] () (No name found) -- C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\extensions\OneClickDownload@OneClickDownload.com.xpi
[2012.03.23 09:06:38 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.03.05 13:29:25 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.05.14 14:28:13 | 000,005,212 | ---- | M] () -- C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\searchplugins\ecosia.xml
[2013.03.08 09:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 09:55:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 09:55:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013.03.08 09:55:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.03.08 09:55:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.20 07:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 07:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.20 07:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 07:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 07:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 07:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Fr Fee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fr Fee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D827BD6-16FE-4D66-9ED7-5624EB251094}: NameServer = 134.2.200.1,134.2.200.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C0BF6FE-326F-4C5C-B99E-EC07FBCAB99F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.29 08:22:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.29 08:22:38 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.29 08:22:19 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Fr Fee\Desktop\JRT.exe
[2013.03.28 19:34:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.28 19:33:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.28 19:22:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.28 19:22:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.28 19:22:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.28 19:22:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.28 19:21:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.28 19:20:34 | 005,044,813 | R--- | C] (Swearware) -- C:\Users\Fr Fee\Desktop\ComboFix.exe
[2013.03.28 06:58:50 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Roaming\Leadertech
[2013.03.27 16:33:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.03.27 16:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.27 08:20:27 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Fr Fee\Desktop\aswMBR.exe
[2013.03.27 07:16:03 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\Desktop\mbar
[2013.03.27 07:15:03 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fr Fee\Desktop\tdsskiller.exe
[2013.03.26 12:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.26 12:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.03.26 08:52:31 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Roaming\Malwarebytes
[2013.03.26 08:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.26 08:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.26 08:52:19 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.26 08:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.26 08:51:57 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Local\Programs
[2013.03.26 08:51:43 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Fr Fee\Desktop\mbam-setup-1.70.0.1100.exe
[2013.03.26 08:51:43 | 006,697,472 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Fr Fee\Desktop\mbam-rules.exe
[2013.03.26 08:51:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fr Fee\Desktop\OTL.exe
[2013.03.26 07:51:21 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Roaming\Avira
[2013.03.26 07:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.26 07:50:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.26 07:50:36 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.26 07:50:36 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.26 07:50:36 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.26 07:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.26 07:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.26 07:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.03.21 16:35:44 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Roaming\Zov
[2013.03.21 16:35:44 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Roaming\Adlo
[2013.03.21 14:51:55 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\Desktop\Vorzeiger
[2013.03.20 12:51:14 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\Documents\Vikariat
[2013.03.14 19:07:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.13 17:05:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.13 17:05:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 17:05:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 17:05:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.13 17:05:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 17:05:07 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.13 17:05:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.13 17:05:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.08 09:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.28 08:18:09 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.28 08:17:51 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.28 08:17:48 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 08:17:48 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 08:17:48 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 08:17:47 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.28 08:17:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 08:17:44 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 08:17:44 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 08:17:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 08:17:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 08:17:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 08:17:43 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.28 08:17:42 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.28 08:17:42 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.28 08:17:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.28 08:17:41 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.28 08:17:41 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.28 08:17:41 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.28 08:17:41 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.28 08:17:41 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.28 08:17:41 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.28 08:17:41 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.28 08:17:40 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.28 08:17:39 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.29 09:22:34 | 000,609,993 | ---- | M] () -- C:\Users\Fr Fee\Desktop\adwcleaner.exe
[2013.03.29 09:22:12 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Fr Fee\Desktop\JRT.exe
[2013.03.29 08:39:07 | 000,016,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 08:39:07 | 000,016,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 08:38:05 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.29 08:38:05 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.29 08:38:05 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.29 08:38:05 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.29 08:31:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.29 08:31:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.29 08:31:14 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.29 08:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.28 21:51:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cd64bc987ada46.job
[2013.03.28 20:21:26 | 005,044,813 | R--- | M] (Swearware) -- C:\Users\Fr Fee\Desktop\ComboFix.exe
[2013.03.27 16:33:43 | 268,513,542 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.27 08:55:07 | 000,000,512 | ---- | M] () -- C:\Users\Fr Fee\Desktop\MBR.dat
[2013.03.27 08:14:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Fr Fee\Desktop\aswMBR.exe
[2013.03.27 08:13:58 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fr Fee\Desktop\tdsskiller.exe
[2013.03.27 08:13:58 | 000,004,096 | -H-- | M] () -- C:\Users\Fr Fee\Desktop\._tdsskiller.exe
[2013.03.27 08:13:28 | 000,004,096 | -H-- | M] () -- C:\Users\Fr Fee\Desktop\._aswMBR.exe
[2013.03.27 08:13:04 | 013,786,977 | ---- | M] () -- C:\Users\Fr Fee\Desktop\mbar-1.01.0.1021.zip
[2013.03.26 12:13:19 | 000,049,432 | ---- | M] () -- C:\Users\Fr Fee\Desktop\Desktop.zip
[2013.03.26 09:55:49 | 000,000,000 | ---- | M] () -- C:\Users\Fr Fee\defogger_reenable
[2013.03.26 09:43:50 | 000,377,856 | ---- | M] () -- C:\Users\Fr Fee\Desktop\gmer_2.1.19155.exe
[2013.03.26 09:43:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fr Fee\Desktop\OTL.exe
[2013.03.26 09:43:18 | 000,050,477 | ---- | M] () -- C:\Users\Fr Fee\Desktop\Defogger.exe
[2013.03.26 09:35:18 | 006,697,472 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Fr Fee\Desktop\mbam-rules.exe
[2013.03.26 09:35:02 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Fr Fee\Desktop\mbam-setup-1.70.0.1100.exe
[2013.03.26 08:52:20 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.26 07:50:49 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.16 18:36:25 | 000,037,545 | ---- | M] () -- C:\Users\Fr Fee\Desktop\the hat picture.jpg
[2013.03.13 21:23:01 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 21:23:01 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.08 19:32:16 | 000,017,258 | ---- | M] () -- C:\Users\Fr Fee\Desktop\jot.boy.jpg
[2013.03.06 15:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.02.27 12:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.02.27 12:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.29 08:22:08 | 000,609,993 | ---- | C] () -- C:\Users\Fr Fee\Desktop\adwcleaner.exe
[2013.03.28 19:22:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.28 19:22:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.28 19:22:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.28 19:22:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.28 19:22:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.27 16:33:43 | 268,513,542 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.27 08:55:07 | 000,000,512 | ---- | C] () -- C:\Users\Fr Fee\Desktop\MBR.dat
[2013.03.27 07:14:50 | 013,786,977 | ---- | C] () -- C:\Users\Fr Fee\Desktop\mbar-1.01.0.1021.zip
[2013.03.27 07:14:02 | 000,004,096 | -H-- | C] () -- C:\Users\Fr Fee\Desktop\._tdsskiller.exe
[2013.03.27 07:13:50 | 000,004,096 | -H-- | C] () -- C:\Users\Fr Fee\Desktop\._aswMBR.exe
[2013.03.26 12:13:19 | 000,049,432 | ---- | C] () -- C:\Users\Fr Fee\Desktop\Desktop.zip
[2013.03.26 09:55:49 | 000,000,000 | ---- | C] () -- C:\Users\Fr Fee\defogger_reenable
[2013.03.26 08:52:20 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.26 08:51:43 | 000,377,856 | ---- | C] () -- C:\Users\Fr Fee\Desktop\gmer_2.1.19155.exe
[2013.03.26 08:51:43 | 000,050,477 | ---- | C] () -- C:\Users\Fr Fee\Desktop\Defogger.exe
[2013.03.26 07:50:49 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.16 18:36:25 | 000,037,545 | ---- | C] () -- C:\Users\Fr Fee\Desktop\the hat picture.jpg
[2013.03.08 13:58:14 | 000,017,258 | ---- | C] () -- C:\Users\Fr Fee\Desktop\jot.boy.jpg
[2011.11.11 07:21:37 | 000,181,760 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2011.11.11 07:21:37 | 000,081,920 | ---- | C] () -- C:\Windows\System32\bwplay.exe
[2011.11.11 07:21:37 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011.11.11 07:21:36 | 001,982,464 | ---- | C] () -- C:\Windows\System32\bwbits70.dll
[2011.11.11 07:21:36 | 000,116,736 | ---- | C] () -- C:\Windows\System32\patchw.dll
[2011.06.13 16:28:03 | 000,486,912 | ---- | C] (                                                            ) -- C:\Windows\System32\drivers\SPC530.sys
[2011.06.13 16:28:03 | 000,007,680 | ---- | C] (                                                            ) -- C:\Windows\System32\drivers\SPC530m.sys
[2011.05.08 11:34:02 | 000,155,136 | ---- | C] () -- C:\Windows\System32\BWBITS32.DLL
[2011.05.08 11:34:02 | 000,144,288 | ---- | C] () -- C:\Windows\System32\BWBITS16.DLL
[2011.05.08 11:34:02 | 000,020,992 | ---- | C] () -- C:\Windows\System32\BWNTSEND.DLL
[2011.05.08 11:34:02 | 000,016,896 | ---- | C] () -- C:\Windows\System32\BWNTHOOK.DLL
[2011.05.08 11:34:02 | 000,008,352 | ---- | C] () -- C:\Windows\System32\BWSEND.DLL
[2011.05.08 11:34:02 | 000,006,496 | ---- | C] () -- C:\Windows\System32\BWSETUP.DLL
[2011.05.08 11:34:02 | 000,004,288 | ---- | C] () -- C:\Windows\System32\BWKBHOOK.DLL
[2011.03.28 20:39:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
OTL Extras:

Code:
ATTFilter
OTL Extras logfile created on: 29.03.2013 08:48:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fr Fee\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,64% Memory free
5,98 Gb Paging File | 5,05 Gb Available in Paging File | 84,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,45 Gb Total Space | 35,02 Gb Free Space | 25,66% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,73 Gb Free Space | 57,29% Space Free | Partition Type: NTFS
Drive F: | 977,04 Mb Total Space | 821,25 Mb Free Space | 84,05% Space Free | Partition Type: FAT32
 
Computer Name: FRFEE-PC | User Name: Fr Fee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026A61D3-10C4-494C-9A06-264024C2CFC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{06ACD3C0-2437-4EA3-BD5E-FD0FFBD09875}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1164B614-7F31-4564-8422-CF402D7EDCF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{246616E7-1289-47EA-8E88-7235994895AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3BCC5486-B8D1-4B14-B3BD-6F36FE92BE3A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3FE9DA33-CFBB-44BE-BD89-97C978C1C61C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{40169CE0-9093-4BA9-942C-AEB92958943A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5A0410B3-35A6-44E9-B7C1-EF08DABFD603}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F1D8D0B-CB86-41E7-AE23-1FDDB7E70538}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7BA30A59-DE32-42A5-9B0F-67FCAA236C85}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7C50B7B3-AB59-4339-BF57-E2C8BC0AE15A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{877E1642-E9B3-4013-8E25-669938E92D89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C888988-DDFB-44BC-BA34-0EDFEC488217}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8E87BAE0-96F0-4F21-8916-62B86004F59A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AC195BB3-382C-4CC1-94CC-21B0AD29D9CC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CA1EB03D-F549-425D-B98D-833E0CFBADE5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E899F091-C10C-42A1-AA0F-81624D39297F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EB02C9E4-8758-4E66-8EB9-8E12AAB73C3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED0ADF28-8808-40B3-A6B8-34FA6F35496B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F1A3C1AE-CE4D-476C-8554-7D8C958AA2F6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F4BB00AC-780B-45E2-A3F9-7437BF09E010}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033ED9B5-DFC6-49DF-928A-A41391D6F39D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{06D31A64-C23B-4FA9-BB53-C8AE8A0BF2D1}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{0B31C8F6-6E28-4C1E-8BFC-55E1B8307DBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{10263D70-9450-4C5B-AF9C-818F4F59736F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{10E30043-DD69-4A64-8F45-8B7236936D31}" = protocol=6 | dir=in | app=c:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe | 
"{16C7DE37-3519-49D1-B502-11288A74C043}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{21D73F38-80BE-4B14-AB6B-AC8778943C1D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2C0D28B9-8BCA-40A8-83F7-7EDAC39DA5AD}" = protocol=6 | dir=out | app=system | 
"{300C0FC1-3642-492F-BCCD-678EB12650E0}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{42AD624C-73BE-4CBF-B2C5-44B3E745E113}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{47C22302-C37F-4927-9293-A52F07233C90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{48554F34-AFAF-4B69-80C9-410418A784C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{561B3A7F-E5C7-4021-93FA-57218BF25FA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{69EBB9A0-50EC-455A-8552-DE1A5612B736}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{98A7EC8F-139E-4DF8-8B22-2B66A9522B97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7D5B0E1-ABA4-47C4-A395-5E9E3BDC90B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD88400A-E96C-4A48-9ACC-AD9C08A15845}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE4D1B8E-50A0-416F-8D87-E3448CFC99F2}" = protocol=17 | dir=in | app=c:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C2B49CBA-D409-40E3-8353-97A844EF869B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D34E5259-D1C4-4D5A-AB56-A89912EA9344}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E7F38171-4654-40DA-9573-B65005235CC1}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{E87E4F3C-9E85-4443-B670-42AEA73FA48B}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{F139ED8C-3001-410B-8C14-D39398237142}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{678AFF0E-0184-41DF-833C-EDD4F4A3FD40}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{BBC044CF-2380-48B3-AC50-90718D06EB9D}C:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{5B1A1542-326F-4925-9CCE-F9BCCEF3CAA0}C:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{C6F5FCB1-BC1E-4BD7-B0EE-DD2405575830}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{942E0955-C67C-474C-8D4E-63C23E93C13A}" = BibleWorks 7
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"BibleWorksDeinstKey" = BibleWorks
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"Samsung Printer Live Update" = Samsung Printer Live Update
"TVWiz" = Intel(R) TV Wizard
"WinRAR archiver" = WinRAR 4.10 Beta 3 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 19.04.2012 03:59:21 | Computer Name = FrFee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6415
 seconds with 4380 seconds of active time.  This session ended with a crash.
 
 
< End of report >
         
Danke!
Gruß,
John

Antwort

Themen zu EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes
antivir, avira, exp/2012-0507.ed, exp/blacole.fu.5, exp/cve-2012-0507.a.335, exp/cve-2012-0507.bk, exp/java.ternub.gen, free, freundin, gefunde, gescannt, laptop, lösungen, neu, ntdll.dll, poste, pum.userwload, theme, themen, trojan.ransom.ed, verseuchte, viren, ähnlich



Ähnliche Themen: EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes


  1. Win7 - Malwarebytes findet (Trojan.Downloader) und Avira - JAVA/Lamar.SAP.46
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (7)
  2. PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden
    Log-Analyse und Auswertung - 14.07.2013 (13)
  3. Avira Fund exp/java.ternub.gen
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (15)
  4. Malwarebytes hat Trojan.Ransom.SUGen gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (22)
  5. GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes
    Log-Analyse und Auswertung - 01.03.2013 (19)
  6. Avira Antivir findet JAVA/Agent.LP, EXP/JAVA.Ternub.Gen und EXP/CVE-2012-0507.AR
    Log-Analyse und Auswertung - 21.01.2013 (1)
  7. Funde von Avira & Malwarebytes A-M: Java-Virus JAVA/Rilly.CL & Trojan.Zbot.EPSF
    Plagegeister aller Art und deren Bekämpfung - 16.01.2013 (17)
  8. CRYPT.ZPACK.GEN2, JAVA.Ternub.gen und andere Schädlinge gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (14)
  9. AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (33)
  10. Avira-Quarantäneordner mit EXP/JAVA.Ternub.Gen und EXP/08-5353.AJ
    Log-Analyse und Auswertung - 28.09.2012 (9)
  11. EXP/java.ternub.gen gefunden und extrem langsamer Rechner
    Log-Analyse und Auswertung - 31.08.2012 (16)
  12. Trojan.Ransom mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (25)
  13. Avira meldet EXP/JAVA.Ternub.Gen
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (13)
  14. exp/java.ternub.gen gefunden
    Log-Analyse und Auswertung - 13.07.2012 (0)
  15. EXP/JAVA.Ternub.Gen gefunden
    Log-Analyse und Auswertung - 12.07.2012 (10)
  16. Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (27)
  17. (2x) was tun? Antivir hat EXP/JAVA.Ternub.Gen und TR/Crypt.ZPACK.Gen gefunden.
    Mülltonne - 24.03.2012 (1)

Zum Thema EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes - Liebe Trojaner-Board-Member, meine Freundin hat mir aus dem Urlaub einen Kulturbeutel mit Schnurrbärten und ihren von Viren verseuchten Laptop mitgebracht. Ich könnte Hilfe gebrauchen! Ich habe mich hier etwas umgesehen - EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes...
Archiv
Du betrachtest: EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.