| |
| |||||||
Log-Analyse und Auswertung: Internet Explorer öffnet sich von selbst und spammt WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.04.2013, 23:15
| #1 |
 |  Internet Explorer öffnet sich von selbst und spammt Werbung Hallo liebe Forengemeinde, erst einmal toll, dass es Leute wie euch gibt, die so bereitwillig helfen, dickes Lob! Mein Problem ist folgendes: Mein Internet Explorer hat sich vor etwa 2 Stunden mehrfach von selbst geöffnet und mir Werbung gespammt. Ich vermute mal, dass ich mir irgendwo eine Malware eingefangen habe. Mein Avira-Antivir hat keine Viren oder Malware gefunden, deshalb bitte ich euch um Hilfe. Habe die Schritte in der Anleitung befolgt und poste nun die Logs: Code:
ATTFilter OTL logfile created on: 12.04.2013 23:42:04 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,93 Gb Available Physical Memory | 73,19% Memory free 8,00 Gb Paging File | 6,71 Gb Available in Paging File | 83,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,59 Gb Total Space | 22,83 Gb Free Space | 38,97% Space Free | Partition Type: NTFS Drive D: | 106,85 Gb Total Space | 78,62 Gb Free Space | 73,58% Space Free | Partition Type: NTFS Drive E: | 144,13 Gb Total Space | 98,96 Gb Free Space | 68,66% Space Free | Partition Type: NTFS Drive F: | 22,46 Gb Total Space | 21,99 Gb Free Space | 97,90% Space Free | Partition Type: NTFS Drive G: | 133,63 Gb Total Space | 96,31 Gb Free Space | 72,08% Space Free | Partition Type: NTFS Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.12 22:46:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe PRC - [2013.03.29 14:46:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.29 14:45:38 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.29 14:45:38 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Avira\AntiVir Desktop\avguard.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.29 14:46:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.29 14:45:38 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.16 19:44:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.29 14:46:06 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.29 14:46:06 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.29 14:46:06 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A F1 F9 BE 30 27 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: E:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: E:\Firefox\components [2013.04.12 11:39:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: E:\Firefox\plugins [2013.02.22 20:07:00 | 000,000,000 | ---D | M] [2013.02.23 05:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2013.02.23 15:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\i0x42wj2.default\extensions [2013.02.23 15:00:22 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\i0x42wj2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] E:\ATI Radeon HD6850 Drivers\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] E:\WinAmp\winampa.exe (Nullsoft, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - E:\Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - E:\Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4533827-722D-47DB-8C0F-7647F7959C13}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.03.14 10:50:14 | 000,002,498 | ---- | M] () - E:\autofill.conf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 22:46:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2013.04.11 15:13:39 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Audacity [2013.04.11 14:06:08 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\.minecraft [2013.04.11 12:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader [2013.04.11 12:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader [2013.04.06 22:29:41 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\Welt 1 [2013.04.06 15:55:35 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\shader [2013.03.29 14:46:19 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 14:46:19 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.29 14:46:19 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [1 C:\Users\Christoph\Documents\*.tmp files -> C:\Users\Christoph\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.12 23:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.12 23:30:33 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 23:30:33 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 23:27:38 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.12 23:27:38 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.12 23:27:38 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.12 23:27:38 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.12 23:27:38 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.12 23:23:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.12 23:23:16 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2013.04.12 22:56:12 | 000,377,856 | ---- | M] () -- C:\Users\Christoph\Desktop\gmer_2.1.19163.exe [2013.04.12 22:46:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2013.04.12 22:45:12 | 000,000,000 | ---- | M] () -- C:\Users\Christoph\defogger_reenable [2013.04.12 22:43:38 | 000,050,477 | ---- | M] () -- C:\Users\Christoph\Desktop\Defogger.exe [2013.04.12 20:37:13 | 000,000,627 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.11 15:13:36 | 000,000,701 | ---- | M] () -- C:\Users\Christoph\Desktop\Audacity.lnk [2013.04.11 15:09:58 | 000,000,600 | ---- | M] () -- C:\Users\Christoph\Desktop\mp3DirectCut.lnk [2013.04.11 14:38:21 | 000,342,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.11 12:18:48 | 000,000,812 | ---- | M] () -- C:\Users\Christoph\Desktop\SUPER - Verknüpfung.lnk [2013.04.11 12:06:34 | 000,000,755 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.29 14:46:06 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.29 14:46:06 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.29 14:46:06 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [1 C:\Users\Christoph\Documents\*.tmp files -> C:\Users\Christoph\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.12 22:56:11 | 000,377,856 | ---- | C] () -- C:\Users\Christoph\Desktop\gmer_2.1.19163.exe [2013.04.12 22:45:12 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\defogger_reenable [2013.04.12 22:43:34 | 000,050,477 | ---- | C] () -- C:\Users\Christoph\Desktop\Defogger.exe [2013.04.11 15:13:36 | 000,000,701 | ---- | C] () -- C:\Users\Christoph\Desktop\Audacity.lnk [2013.04.11 15:13:36 | 000,000,701 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.04.11 15:09:58 | 000,000,600 | ---- | C] () -- C:\Users\Christoph\Desktop\mp3DirectCut.lnk [2013.04.11 12:18:48 | 000,000,812 | ---- | C] () -- C:\Users\Christoph\Desktop\SUPER - Verknüpfung.lnk [2013.04.11 12:05:41 | 000,000,755 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2013.03.09 17:53:23 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2013.02.23 13:47:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.12 15:24:46 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\.minecraft [2013.04.11 17:28:39 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Audacity [2013.03.09 16:32:12 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Canneverbe Limited [2013.04.12 19:41:13 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ [2013.02.23 16:59:52 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Origin [2013.02.23 12:01:33 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\texstudio ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.04.2013 22:49:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,29% Memory free
8,00 Gb Paging File | 6,38 Gb Available in Paging File | 79,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 21,44 Gb Free Space | 36,59% Space Free | Partition Type: NTFS
Drive D: | 106,85 Gb Total Space | 78,62 Gb Free Space | 73,58% Space Free | Partition Type: NTFS
Drive E: | 144,13 Gb Total Space | 98,96 Gb Free Space | 68,66% Space Free | Partition Type: NTFS
Drive F: | 22,46 Gb Total Space | 21,99 Gb Free Space | 97,90% Space Free | Partition Type: NTFS
Drive G: | 133,63 Gb Total Space | 97,70 Gb Free Space | 73,11% Space Free | Partition Type: NTFS
Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\WinAmp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\WinAmp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\WinAmp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\WinAmp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{191A164F-AACA-434E-ACA3-15BDC1259FE6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{315851C9-A902-4C32-81C5-52CBF0915413}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39D8250A-8C9D-4617-84E1-0EB3B1BCE99A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3FF99080-9A64-4E86-9C3D-57BB7944456E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4114C454-72F4-4188-A8AB-9B00B5079083}" = lport=137 | protocol=17 | dir=in | app=system |
"{534C0862-B534-4FA8-B743-349F4E097198}" = lport=139 | protocol=6 | dir=in | app=system |
"{670BC13C-658B-4212-98AD-37134ACFC0A0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74980768-9BEC-494F-A76D-81FBC9D09B00}" = lport=10243 | protocol=6 | dir=in | app=system |
"{75F7AC39-826E-49C9-B7E3-0FAC751033A5}" = rport=137 | protocol=17 | dir=out | app=system |
"{7C75E201-06E0-415B-B92B-97B1C9BD576B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{866E7243-B54E-4D60-9CE4-A27356E595A9}" = lport=445 | protocol=6 | dir=in | app=system |
"{AA7266FD-75EC-485D-B4DD-B3F6D60646BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{BF602830-16B5-4CC1-AE0A-AD27F148EE84}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D278B00A-14DB-40FF-918C-12213FD293AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E347FDF9-CA4B-4832-A540-6749F7EEC0B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7D49C43-F84E-419B-9E86-7499EC5D424B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC8F975C-B3E0-4051-A6BD-2B9B66998B6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{EFF1E49E-9F35-443E-A9D2-B661C29ECDCE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5DC62BE-22C1-4764-B1EB-7C988E6F97E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F86C54E5-1E5B-4D06-B45D-94CD9404F85B}" = rport=138 | protocol=17 | dir=out | app=system |
"{FEDCBD2E-93DC-460C-82A5-1E8574AA0056}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036021A7-2DDA-4592-8717-0927CB92FF5B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0C8960C1-E03F-46F4-A82A-26D09A57E339}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1B607BA8-8AF6-470A-8492-5C97D5D5495B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{3723373F-981E-4F21-9667-ECA111E6843B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{571EF207-7F26-4EBD-9888-CA8F7E2209DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5737F885-41F0-4D4F-9435-7D9A4A5EF603}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C2066A9-B6CD-4F09-BB2D-F0A74D57CEE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5FE1DA88-3F44-4E62-BE6A-98584923F7BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C7BB903-9EDE-4BA3-9171-D3396E92E484}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{889FF016-A33E-490C-86A4-2D29B68476B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8B037CE2-B74A-4878-AB6C-103C6A100932}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A74393D2-F028-4142-A42C-DC97F5BF4512}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A872BD4C-2CFF-4669-AB13-2F03598BF73E}" = protocol=6 | dir=out | app=system |
"{AF3381E9-9460-4090-95DD-A0D1122FB999}" = protocol=17 | dir=in | app=e:\office\office14\onenote.exe |
"{B4DA8A0E-ADDD-4F79-A89C-70E5E843CD1A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B837435B-CFE9-4649-8233-CF6F11358160}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C7794020-FAAB-4D66-9142-9852F3436558}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB7A232B-D9C2-44C7-9C36-76A251ED8839}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{E4ECAB38-E19D-4C16-BF09-01AED4409BED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB386B16-F2EC-4AFE-8A21-E1EEC229F50B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F121D9D3-0EB8-46B9-B621-7FBC9055B8EC}" = protocol=6 | dir=in | app=e:\office\office14\onenote.exe |
"{F796D32E-F998-4895-8131-7E06152350DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F985F56E-7291-4BDA-AA9E-6D0099B2B347}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{27FD348C-5233-46C0-98B9-96B5F007CF5A}E:\java\bin\javaw.exe" = protocol=6 | dir=in | app=e:\java\bin\javaw.exe |
"TCP Query User{54311DD2-56C2-4002-9D96-5DF9F8EADC82}E:\icq\icq7.5\icq.exe" = protocol=6 | dir=in | app=e:\icq\icq7.5\icq.exe |
"TCP Query User{6D250151-187A-47B7-A4A6-0FD686C0CD07}E:\winamp\winamp.exe" = protocol=6 | dir=in | app=e:\winamp\winamp.exe |
"UDP Query User{0E6CED3B-A7E0-46CA-8061-AA146B0CFE77}E:\java\bin\javaw.exe" = protocol=17 | dir=in | app=e:\java\bin\javaw.exe |
"UDP Query User{B7E0C262-8203-487B-BFCA-84D754369ED6}E:\winamp\winamp.exe" = protocol=17 | dir=in | app=e:\winamp\winamp.exe |
"UDP Query User{B95488AB-8D0B-4D07-93F0-7C7A319FFC76}E:\icq\icq7.5\icq.exe" = protocol=17 | dir=in | app=e:\icq\icq7.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{44610EE0-C908-D8F1-425D-914A5B745DEA}" = AMD Drag and Drop Transcoding
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.03.2013 11:31:14 | Computer Name = Christoph-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Christoph\Downloads\SoftonicDownloader_fuer_nosgba.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 11.03.2013 11:35:19 | Computer Name = Christoph-PC | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.3.3234 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b64 Startzeit:
01ce1e6de66f9f27 Endzeit: 10 Anwendungspfad: E:\WinAmp\winamp.exe Berichts-ID: 41b96996-8a61-11e2-8bd9-6c626dc1bfbb
Error - 30.03.2013 09:13:12 | Computer Name = Christoph-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Christoph\Downloads\SoftonicDownloader_fuer_nosgba.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 06.04.2013 09:41:06 | Computer Name = Christoph-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.170.2 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13e4 Startzeit:
01ce32cc524b761b Endzeit: 7 Anwendungspfad: E:\Java\bin\javaw.exe Berichts-ID: 9df6d985-9ebf-11e2-b901-6c626dc1bfbb
Error - 06.04.2013 09:42:20 | Computer Name = Christoph-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.170.2 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 131c Startzeit:
01ce32cc808444e9 Endzeit: 11 Anwendungspfad: E:\Java\bin\javaw.exe Berichts-ID: cae260d5-9ebf-11e2-b901-6c626dc1bfbb
Error - 06.04.2013 09:44:01 | Computer Name = Christoph-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.170.2 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1254 Startzeit:
01ce32cc9286be4d Endzeit: 8 Anwendungspfad: E:\Java\bin\javaw.exe Berichts-ID: 06a73dcd-9ec0-11e2-b901-6c626dc1bfbb
Error - 06.04.2013 09:58:10 | Computer Name = Christoph-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.170.2 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 314 Startzeit:
01ce32ceaf606d9f Endzeit: 10 Anwendungspfad: E:\Java\bin\javaw.exe Berichts-ID: 0091adff-9ec2-11e2-b901-6c626dc1bfbb
Error - 06.04.2013 10:14:01 | Computer Name = Christoph-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.170.2 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a20 Startzeit:
01ce32d0e058230e Endzeit: 9 Anwendungspfad: E:\Java\bin\javaw.exe Berichts-ID: 381c892a-9ec4-11e2-b901-6c626dc1bfbb
Error - 11.04.2013 06:03:23 | Computer Name = Christoph-PC | Source = Application Error | ID = 1000
Error - 11.04.2013 06:17:33 | Computer Name = Christoph-PC | Source = Application
Hang | ID = 1002
Description = Programm ytd.exe, Version 4.0.0.11 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 86c
Startzeit: 01ce369c40312bc0
Endzeit: 5
Anwendungspfad: E:\Youtube Downloader\YTD Video Downloader\ytd.exe
Berichts-ID: 0029835c-a291-11e2-b0c1-6c626dc1bfbb
Error - 11.04.2013 08:40:32 | Computer Name = Christoph-PC | Source = Application
Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.170.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a80
Startzeit: 01ce36b1879bece4
Endzeit: 33
Anwendungspfad: E:\Java\bin\javaw.exe
Berichts-ID:
Error encountered while reading event logs.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-13 00:03:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500413AS rev.JC45 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kgtiruod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002df1000 45 bytes [00, 00, 15, 00, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002df102f 17 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- EOF - GMER 2.1 ----
Über Antworten würde ich mich sehr freuen! Viele Grüße, Chris |
|
18.04.2013, 14:01
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Internet Explorer öffnet sich von selbst und spammt Werbung Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
20.04.2013, 12:03
| #3 |
| | Internet Explorer öffnet sich von selbst und spammt Werbung Hallo cosinus,
__________________danke für deine Hilfe und sorry, dass ich erst jetzt antworte. Die Professional-Version habe ich deshalb, weil ich sie über die Uni per MSDNAA bekommen habe. Was ich vorhin vergessen hatte: Am 13.04.2013 ist das passiert, dass sich der Internet Explorer von alleine geöffnet hat. Ich nutze ausschließlich Firefox, aber der greift ja auch auf den Internetexplorer zurück, soweit ich weiss. Habe gleich darauf einen Virenscan gemacht. Avira (allerdings nur die Freeversion!) hat aber nichts gefunden und es ist seitdem auch nicht wieder passiert, dass sich der Internet Explorer von alleine geöffnet hat. Hier der Avira-Log vom 13.04.2013: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 13. April 2013 18:43
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CHRISTOPH-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3499 49286 Bytes 19.03.2013 16:29:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 29.03.2013 12:45:40
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15
LUKE.DLL : 13.6.0.902 67808 Bytes 29.03.2013 12:46:01
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19.03.2013 19:30:32
AVREG.DLL : 13.6.0.940 250592 Bytes 19.03.2013 19:30:32
avlode.dll : 13.6.2.940 434912 Bytes 29.03.2013 12:45:39
avlode.rdf : 13.0.0.46 15591 Bytes 29.03.2013 12:46:07
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 12:52:19
VBASE001.VDF : 7.11.70.1 2048 Bytes 04.04.2013 12:52:19
VBASE002.VDF : 7.11.70.2 2048 Bytes 04.04.2013 12:52:19
VBASE003.VDF : 7.11.70.3 2048 Bytes 04.04.2013 12:52:19
VBASE004.VDF : 7.11.70.4 2048 Bytes 04.04.2013 12:52:20
VBASE005.VDF : 7.11.70.5 2048 Bytes 04.04.2013 12:52:20
VBASE006.VDF : 7.11.70.6 2048 Bytes 04.04.2013 12:52:20
VBASE007.VDF : 7.11.70.7 2048 Bytes 04.04.2013 12:52:20
VBASE008.VDF : 7.11.70.8 2048 Bytes 04.04.2013 12:52:20
VBASE009.VDF : 7.11.70.9 2048 Bytes 04.04.2013 12:52:20
VBASE010.VDF : 7.11.70.10 2048 Bytes 04.04.2013 12:52:20
VBASE011.VDF : 7.11.70.11 2048 Bytes 04.04.2013 12:52:21
VBASE012.VDF : 7.11.70.12 2048 Bytes 04.04.2013 12:52:21
VBASE013.VDF : 7.11.70.13 2048 Bytes 04.04.2013 12:52:21
VBASE014.VDF : 7.11.70.103 136192 Bytes 05.04.2013 13:05:43
VBASE015.VDF : 7.11.70.183 183808 Bytes 06.04.2013 15:29:50
VBASE016.VDF : 7.11.71.9 145920 Bytes 08.04.2013 09:56:24
VBASE017.VDF : 7.11.71.115 169472 Bytes 10.04.2013 09:56:25
VBASE018.VDF : 7.11.71.197 172544 Bytes 11.04.2013 09:56:25
VBASE019.VDF : 7.11.72.17 135168 Bytes 12.04.2013 14:35:36
VBASE020.VDF : 7.11.72.18 2048 Bytes 12.04.2013 14:35:36
VBASE021.VDF : 7.11.72.19 2048 Bytes 12.04.2013 14:35:36
VBASE022.VDF : 7.11.72.20 2048 Bytes 12.04.2013 14:35:37
VBASE023.VDF : 7.11.72.21 2048 Bytes 12.04.2013 14:35:37
VBASE024.VDF : 7.11.72.22 2048 Bytes 12.04.2013 14:35:37
VBASE025.VDF : 7.11.72.23 2048 Bytes 12.04.2013 14:35:37
VBASE026.VDF : 7.11.72.24 2048 Bytes 12.04.2013 14:35:37
VBASE027.VDF : 7.11.72.25 2048 Bytes 12.04.2013 14:35:37
VBASE028.VDF : 7.11.72.26 2048 Bytes 12.04.2013 14:35:37
VBASE029.VDF : 7.11.72.27 2048 Bytes 12.04.2013 14:35:37
VBASE030.VDF : 7.11.72.28 2048 Bytes 12.04.2013 14:35:37
VBASE031.VDF : 7.11.72.92 151040 Bytes 13.04.2013 15:41:02
Engineversion : 8.2.12.26
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.106 483709 Bytes 12.04.2013 02:35:43
AESCN.DLL : 8.1.10.4 131446 Bytes 29.03.2013 12:45:34
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 13:52:39
AEPACK.DLL : 8.3.2.6 827767 Bytes 29.03.2013 12:45:34
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 13:14:36
AEHEUR.DLL : 8.1.4.286 5845369 Bytes 12.04.2013 02:35:42
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.7.2 442741 Bytes 29.03.2013 12:45:30
AEEXP.DLL : 8.4.0.18 192886 Bytes 12.04.2013 02:35:43
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 23.02.2013 09:26:21
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.480 26480 Bytes 17.12.2012 09:45:53
AVPREF.DLL : 13.6.0.480 51056 Bytes 17.12.2012 09:44:10
AVREP.DLL : 13.6.0.480 178544 Bytes 17.12.2012 09:44:38
AVARKT.DLL : 13.6.0.902 260832 Bytes 29.03.2013 12:45:35
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 29.03.2013 12:45:37
SQLITE3.DLL : 3.7.0.1 397704 Bytes 18.12.2012 08:31:21
AVSMTP.DLL : 13.6.0.480 62832 Bytes 17.12.2012 09:45:13
NETNT.DLL : 13.6.0.480 16240 Bytes 17.12.2012 09:53:50
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.6.0.976 69344 Bytes 29.03.2013 12:45:24
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: E:\Avira\AntiVir Desktop\quicksysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Samstag, 13. April 2013 18:43
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '152' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '152' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '209' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1548' Dateien ).
Ende des Suchlaufs: Samstag, 13. April 2013 18:44
Benötigte Zeit: 00:10 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
2353 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
2353 Dateien ohne Befall
10 Archive wurden durchsucht
0 Warnungen
0 Hinweise
 chris0806 |
|
20.04.2013, 17:44
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet sich von selbst und spammt Werbung Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2013, 15:13
| #5 |
| | Internet Explorer öffnet sich von selbst und spammt Werbung Hallo cosinus, erst einmal entschuldigung, dass ich mich erst jetzt melde, leider war es mir unter der Woche nicht möglich. Ich bitte Dich/euch daher, mir trotzdem weiter zu helfen, werde jetzt wirklich dran bleiben. Hier die Logfiles: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.27.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Christoph :: CHRISTOPH-PC [administrator]
27.04.2013 15:44:03
mbar-log-2013-04-27 (15-44-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28141
Time elapsed: 6 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-27 16:00:57
-----------------------------
16:00:57.393 OS Version: Windows x64 6.1.7601 Service Pack 1
16:00:57.393 Number of processors: 4 586 0x403
16:00:57.393 ComputerName: CHRISTOPH-PC UserName: Christoph
16:01:01.091 Initialize success
16:01:13.181 AVAST engine defs: 13042700
16:01:20.840 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:01:20.840 Disk 0 Vendor: ST3500413AS JC45 Size: 476940MB BusType: 3
16:01:20.949 Disk 0 MBR read successfully
16:01:20.965 Disk 0 MBR scan
16:01:20.965 Disk 0 Windows 7 default MBR code
16:01:20.981 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:01:21.012 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 59999 MB offset 206848
16:01:21.027 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 136838 MB offset 123084800
16:01:21.027 Disk 0 Partition - 00 0F Extended LBA 280001 MB offset 403329024
16:01:21.059 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 109413 MB offset 403331072
16:01:21.059 Disk 0 Partition - 00 05 Extended 147588 MB offset 627408896
16:01:21.105 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 147587 MB offset 627410944
16:01:21.121 Disk 0 Partition - 00 05 Extended 22999 MB offset 1153748992
16:01:21.152 Disk 0 Partition 6 00 07 HPFS/NTFS NTFS 22998 MB offset 929671168
16:01:21.308 Disk 0 scanning C:\Windows\system32\drivers
16:01:33.367 Service scanning
16:01:51.292 Modules scanning
16:01:51.292 Disk 0 trace - called modules:
16:01:51.338 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:01:51.354 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a40060]
16:01:51.354 3 CLASSPNP.SYS[fffff880018f043f] -> nt!IofCallDriver -> [0xfffffa8003ac5d10]
16:01:51.370 5 ACPI.sys[fffff88000f2a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003ae2060]
16:01:51.385 Scan finished successfully
16:02:39.823 Disk 0 MBR has been saved successfully to "C:\Users\Christoph\Desktop\MBR.dat"
16:02:39.823 The log file has been saved successfully to "C:\Users\Christoph\Desktop\aswMBR.txt"
Code:
ATTFilter 16:04:59.0106 2884 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:05:00.0073 2884 ============================================================
16:05:00.0073 2884 Current date / time: 2013/04/27 16:05:00.0073
16:05:00.0073 2884 SystemInfo:
16:05:00.0073 2884
16:05:00.0073 2884 OS Version: 6.1.7601 ServicePack: 1.0
16:05:00.0073 2884 Product type: Workstation
16:05:00.0073 2884 ComputerName: CHRISTOPH-PC
16:05:00.0073 2884 UserName: Christoph
16:05:00.0073 2884 Windows directory: C:\Windows
16:05:00.0073 2884 System windows directory: C:\Windows
16:05:00.0073 2884 Running under WOW64
16:05:00.0073 2884 Processor architecture: Intel x64
16:05:00.0073 2884 Number of processors: 4
16:05:00.0073 2884 Page size: 0x1000
16:05:00.0073 2884 Boot type: Normal boot
16:05:00.0073 2884 ============================================================
16:05:00.0806 2884 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:05:00.0822 2884 ============================================================
16:05:00.0822 2884 \Device\Harddisk0\DR0:
16:05:00.0822 2884 MBR partitions:
16:05:00.0822 2884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:05:00.0822 2884 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x752F800
16:05:00.0822 2884 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7562000, BlocksNum 0x10B43000
16:05:00.0837 2884 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x180A5800, BlocksNum 0xD5B2800
16:05:00.0853 2884 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x25658800, BlocksNum 0x12041800
16:05:00.0869 2884 \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x3769A800, BlocksNum 0x2CEB000
16:05:00.0869 2884 ============================================================
16:05:00.0900 2884 C: <-> \Device\Harddisk0\DR0\Partition2
16:05:00.0947 2884 D: <-> \Device\Harddisk0\DR0\Partition4
16:05:00.0978 2884 E: <-> \Device\Harddisk0\DR0\Partition5
16:05:01.0009 2884 F: <-> \Device\Harddisk0\DR0\Partition6
16:05:01.0149 2884 G: <-> \Device\Harddisk0\DR0\Partition3
16:05:01.0149 2884 ============================================================
16:05:01.0149 2884 Initialize success
16:05:01.0149 2884 ============================================================
16:06:01.0848 1032 ============================================================
16:06:01.0848 1032 Scan started
16:06:01.0848 1032 Mode: Manual; SigCheck; TDLFS;
16:06:01.0848 1032 ============================================================
16:06:02.0410 1032 ================ Scan system memory ========================
16:06:02.0410 1032 System memory - ok
16:06:02.0425 1032 ================ Scan services =============================
16:06:02.0566 1032 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:06:02.0675 1032 1394ohci - ok
16:06:02.0690 1032 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:06:02.0706 1032 ACPI - ok
16:06:02.0722 1032 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:06:02.0753 1032 AcpiPmi - ok
16:06:02.0831 1032 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:06:02.0862 1032 AdobeFlashPlayerUpdateSvc - ok
16:06:02.0909 1032 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:06:02.0924 1032 adp94xx - ok
16:06:02.0940 1032 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:06:02.0956 1032 adpahci - ok
16:06:02.0956 1032 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:06:02.0971 1032 adpu320 - ok
16:06:02.0987 1032 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:06:03.0018 1032 AeLookupSvc - ok
16:06:03.0065 1032 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:06:03.0112 1032 AFD - ok
16:06:03.0143 1032 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:06:03.0158 1032 agp440 - ok
16:06:03.0158 1032 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:06:03.0190 1032 ALG - ok
16:06:03.0205 1032 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:06:03.0221 1032 aliide - ok
16:06:03.0236 1032 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:06:03.0299 1032 AMD External Events Utility - ok
16:06:03.0314 1032 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:06:03.0330 1032 amdide - ok
16:06:03.0346 1032 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:06:03.0361 1032 AmdK8 - ok
16:06:03.0548 1032 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:06:03.0798 1032 amdkmdag - ok
16:06:03.0829 1032 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:06:03.0860 1032 amdkmdap - ok
16:06:03.0876 1032 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:06:03.0892 1032 AmdPPM - ok
16:06:03.0938 1032 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:06:03.0970 1032 amdsata - ok
16:06:03.0985 1032 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:06:04.0001 1032 amdsbs - ok
16:06:04.0016 1032 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:06:04.0016 1032 amdxata - ok
16:06:04.0094 1032 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService E:\Avira\AntiVir Desktop\sched.exe
16:06:04.0126 1032 AntiVirSchedulerService - ok
16:06:04.0141 1032 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService E:\Avira\AntiVir Desktop\avguard.exe
16:06:04.0157 1032 AntiVirService - ok
16:06:04.0204 1032 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:06:04.0250 1032 AppID - ok
16:06:04.0282 1032 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:06:04.0344 1032 AppIDSvc - ok
16:06:04.0360 1032 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:06:04.0406 1032 Appinfo - ok
16:06:04.0453 1032 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:06:04.0500 1032 AppMgmt - ok
16:06:04.0531 1032 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:06:04.0531 1032 arc - ok
16:06:04.0547 1032 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:06:04.0562 1032 arcsas - ok
16:06:04.0578 1032 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:06:04.0625 1032 AsyncMac - ok
16:06:04.0640 1032 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:06:04.0640 1032 atapi - ok
16:06:04.0672 1032 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:06:04.0687 1032 AtiHDAudioService - ok
16:06:04.0734 1032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:06:04.0796 1032 AudioEndpointBuilder - ok
16:06:04.0812 1032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:06:04.0843 1032 AudioSrv - ok
16:06:04.0874 1032 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:06:05.0171 1032 avgntflt - ok
16:06:05.0171 1032 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:06:05.0186 1032 avipbb - ok
16:06:05.0202 1032 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:06:05.0218 1032 avkmgr - ok
16:06:05.0233 1032 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:06:05.0311 1032 AxInstSV - ok
16:06:05.0342 1032 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:06:05.0389 1032 b06bdrv - ok
16:06:05.0405 1032 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:06:05.0420 1032 b57nd60a - ok
16:06:05.0452 1032 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:06:05.0467 1032 BDESVC - ok
16:06:05.0483 1032 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:06:05.0545 1032 Beep - ok
16:06:05.0576 1032 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:06:05.0608 1032 BFE - ok
16:06:05.0639 1032 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:06:05.0732 1032 BITS - ok
16:06:05.0732 1032 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:06:05.0764 1032 blbdrive - ok
16:06:05.0779 1032 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:06:05.0810 1032 bowser - ok
16:06:05.0842 1032 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:06:05.0873 1032 BrFiltLo - ok
16:06:05.0888 1032 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:06:05.0904 1032 BrFiltUp - ok
16:06:05.0935 1032 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:06:05.0966 1032 Browser - ok
16:06:05.0982 1032 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:06:06.0013 1032 Brserid - ok
16:06:06.0013 1032 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:06:06.0044 1032 BrSerWdm - ok
16:06:06.0060 1032 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:06:06.0091 1032 BrUsbMdm - ok
16:06:06.0107 1032 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:06:06.0138 1032 BrUsbSer - ok
16:06:06.0154 1032 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:06:06.0169 1032 BTHMODEM - ok
16:06:06.0216 1032 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:06:06.0294 1032 bthserv - ok
16:06:06.0310 1032 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:06:06.0341 1032 cdfs - ok
16:06:06.0372 1032 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:06:06.0419 1032 cdrom - ok
16:06:06.0481 1032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:06:06.0559 1032 CertPropSvc - ok
16:06:06.0590 1032 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:06:06.0622 1032 circlass - ok
16:06:06.0653 1032 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:06:06.0668 1032 CLFS - ok
16:06:06.0715 1032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:06:06.0715 1032 clr_optimization_v2.0.50727_32 - ok
16:06:06.0746 1032 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:06:06.0762 1032 clr_optimization_v2.0.50727_64 - ok
16:06:06.0809 1032 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:06:06.0840 1032 clr_optimization_v4.0.30319_32 - ok
16:06:06.0871 1032 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:06:06.0887 1032 clr_optimization_v4.0.30319_64 - ok
16:06:06.0902 1032 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:06:06.0918 1032 CmBatt - ok
16:06:06.0949 1032 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:06:06.0965 1032 cmdide - ok
16:06:06.0996 1032 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:06:07.0058 1032 CNG - ok
16:06:07.0090 1032 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:06:07.0090 1032 Compbatt - ok
16:06:07.0121 1032 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:06:07.0152 1032 CompositeBus - ok
16:06:07.0168 1032 COMSysApp - ok
16:06:07.0183 1032 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:06:07.0183 1032 crcdisk - ok
16:06:07.0214 1032 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:06:07.0246 1032 CryptSvc - ok
16:06:07.0277 1032 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:06:07.0308 1032 CSC - ok
16:06:07.0339 1032 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:06:07.0370 1032 CscService - ok
16:06:07.0386 1032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:06:07.0417 1032 DcomLaunch - ok
16:06:07.0464 1032 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:06:07.0495 1032 defragsvc - ok
16:06:07.0511 1032 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:06:07.0542 1032 DfsC - ok
16:06:07.0573 1032 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:06:07.0589 1032 Dhcp - ok
16:06:07.0620 1032 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:06:07.0636 1032 discache - ok
16:06:07.0651 1032 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:06:07.0667 1032 Disk - ok
16:06:07.0682 1032 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:06:07.0714 1032 Dnscache - ok
16:06:07.0745 1032 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:06:07.0807 1032 dot3svc - ok
16:06:07.0823 1032 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:06:07.0854 1032 DPS - ok
16:06:07.0885 1032 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:06:07.0916 1032 drmkaud - ok
16:06:07.0963 1032 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:06:08.0010 1032 DXGKrnl - ok
16:06:08.0026 1032 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:06:08.0057 1032 EapHost - ok
16:06:08.0119 1032 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:06:08.0228 1032 ebdrv - ok
16:06:08.0244 1032 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:06:08.0275 1032 EFS - ok
16:06:08.0322 1032 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:06:08.0369 1032 ehRecvr - ok
16:06:08.0384 1032 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:06:08.0400 1032 ehSched - ok
16:06:08.0431 1032 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:06:08.0447 1032 elxstor - ok
16:06:08.0462 1032 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:06:08.0478 1032 ErrDev - ok
16:06:08.0494 1032 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:06:08.0540 1032 EventSystem - ok
16:06:08.0556 1032 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:06:08.0587 1032 exfat - ok
16:06:08.0587 1032 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:06:08.0618 1032 fastfat - ok
16:06:08.0665 1032 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:06:08.0681 1032 Fax - ok
16:06:08.0712 1032 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:06:08.0728 1032 fdc - ok
16:06:08.0759 1032 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:06:08.0790 1032 fdPHost - ok
16:06:08.0790 1032 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:06:08.0821 1032 FDResPub - ok
16:06:08.0837 1032 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:06:08.0837 1032 FileInfo - ok
16:06:08.0852 1032 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:06:08.0884 1032 Filetrace - ok
16:06:08.0899 1032 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:06:08.0899 1032 flpydisk - ok
16:06:08.0930 1032 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:06:08.0930 1032 FltMgr - ok
16:06:08.0962 1032 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
16:06:08.0993 1032 FontCache - ok
16:06:09.0024 1032 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:06:09.0040 1032 FontCache3.0.0.0 - ok
16:06:09.0055 1032 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:06:09.0055 1032 FsDepends - ok
16:06:09.0086 1032 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:06:09.0086 1032 Fs_Rec - ok
16:06:09.0118 1032 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:06:09.0133 1032 fvevol - ok
16:06:09.0149 1032 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:06:09.0149 1032 gagp30kx - ok
16:06:09.0180 1032 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:06:09.0227 1032 gpsvc - ok
16:06:09.0227 1032 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:06:09.0258 1032 hcw85cir - ok
16:06:09.0289 1032 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:06:09.0305 1032 HdAudAddService - ok
16:06:09.0336 1032 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:06:09.0352 1032 HDAudBus - ok
16:06:09.0367 1032 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:06:09.0383 1032 HidBatt - ok
16:06:09.0398 1032 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:06:09.0414 1032 HidBth - ok
16:06:09.0430 1032 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:06:09.0445 1032 HidIr - ok
16:06:09.0461 1032 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:06:09.0492 1032 hidserv - ok
16:06:09.0539 1032 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:06:09.0539 1032 HidUsb - ok
16:06:09.0570 1032 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:06:09.0632 1032 hkmsvc - ok
16:06:09.0648 1032 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:06:09.0679 1032 HomeGroupListener - ok
16:06:09.0710 1032 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:06:09.0742 1032 HomeGroupProvider - ok
16:06:09.0773 1032 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:06:09.0788 1032 HpSAMD - ok
16:06:09.0820 1032 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:06:09.0866 1032 HTTP - ok
16:06:09.0898 1032 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:06:09.0913 1032 hwpolicy - ok
16:06:09.0960 1032 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:06:09.0991 1032 i8042prt - ok
16:06:10.0007 1032 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:06:10.0022 1032 iaStorV - ok
16:06:10.0054 1032 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:06:10.0085 1032 idsvc - ok
16:06:10.0100 1032 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:06:10.0100 1032 iirsp - ok
16:06:10.0132 1032 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:06:10.0178 1032 IKEEXT - ok
16:06:10.0194 1032 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:06:10.0210 1032 intelide - ok
16:06:10.0225 1032 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:06:10.0225 1032 intelppm - ok
16:06:10.0256 1032 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:06:10.0319 1032 IPBusEnum - ok
16:06:10.0334 1032 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:06:10.0381 1032 IpFilterDriver - ok
16:06:10.0412 1032 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:06:10.0428 1032 iphlpsvc - ok
16:06:10.0459 1032 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:06:10.0475 1032 IPMIDRV - ok
16:06:10.0490 1032 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:06:10.0522 1032 IPNAT - ok
16:06:10.0537 1032 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:06:10.0568 1032 IRENUM - ok
16:06:10.0568 1032 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:06:10.0584 1032 isapnp - ok
16:06:10.0600 1032 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:06:10.0600 1032 iScsiPrt - ok
16:06:10.0615 1032 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:06:10.0615 1032 kbdclass - ok
16:06:10.0646 1032 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:06:10.0693 1032 kbdhid - ok
16:06:10.0709 1032 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:06:10.0724 1032 KeyIso - ok
16:06:10.0740 1032 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:06:10.0756 1032 KSecDD - ok
16:06:10.0787 1032 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:06:10.0802 1032 KSecPkg - ok
16:06:10.0818 1032 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:06:10.0865 1032 ksthunk - ok
16:06:10.0880 1032 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:06:10.0912 1032 KtmRm - ok
16:06:10.0943 1032 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:06:10.0974 1032 LanmanServer - ok
16:06:10.0990 1032 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:06:11.0021 1032 LanmanWorkstation - ok
16:06:11.0052 1032 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:06:11.0083 1032 lltdio - ok
16:06:11.0114 1032 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:06:11.0161 1032 lltdsvc - ok
16:06:11.0177 1032 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:06:11.0192 1032 lmhosts - ok
16:06:11.0224 1032 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:06:11.0224 1032 LSI_FC - ok
16:06:11.0255 1032 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:06:11.0286 1032 LSI_SAS - ok
16:06:11.0286 1032 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:06:11.0302 1032 LSI_SAS2 - ok
16:06:11.0317 1032 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:06:11.0317 1032 LSI_SCSI - ok
16:06:11.0348 1032 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:06:11.0395 1032 luafv - ok
16:06:11.0411 1032 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:06:11.0442 1032 Mcx2Svc - ok
16:06:11.0442 1032 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:06:11.0458 1032 megasas - ok
16:06:11.0473 1032 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:06:11.0489 1032 MegaSR - ok
16:06:11.0504 1032 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:06:11.0551 1032 MMCSS - ok
16:06:11.0551 1032 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:06:11.0582 1032 Modem - ok
16:06:11.0614 1032 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:06:11.0676 1032 monitor - ok
16:06:11.0707 1032 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:06:11.0738 1032 mouclass - ok
16:06:11.0738 1032 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:06:11.0770 1032 mouhid - ok
16:06:11.0785 1032 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:06:11.0801 1032 mountmgr - ok
16:06:11.0801 1032 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:06:11.0816 1032 mpio - ok
16:06:11.0832 1032 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:06:11.0848 1032 mpsdrv - ok
16:06:11.0879 1032 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:06:11.0972 1032 MpsSvc - ok
16:06:12.0004 1032 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:06:12.0035 1032 MRxDAV - ok
16:06:12.0066 1032 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:06:12.0082 1032 mrxsmb - ok
16:06:12.0097 1032 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:06:12.0128 1032 mrxsmb10 - ok
16:06:12.0144 1032 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:06:12.0160 1032 mrxsmb20 - ok
16:06:12.0191 1032 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:06:12.0191 1032 msahci - ok
16:06:12.0222 1032 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:06:12.0238 1032 msdsm - ok
16:06:12.0253 1032 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:06:12.0284 1032 MSDTC - ok
16:06:12.0300 1032 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:06:12.0316 1032 Msfs - ok
16:06:12.0331 1032 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:06:12.0362 1032 mshidkmdf - ok
16:06:12.0378 1032 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:06:12.0394 1032 msisadrv - ok
16:06:12.0409 1032 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:06:12.0440 1032 MSiSCSI - ok
16:06:12.0456 1032 msiserver - ok
16:06:12.0456 1032 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:06:12.0487 1032 MSKSSRV - ok
16:06:12.0487 1032 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:06:12.0518 1032 MSPCLOCK - ok
16:06:12.0518 1032 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:06:12.0550 1032 MSPQM - ok
16:06:12.0565 1032 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:06:12.0581 1032 MsRPC - ok
16:06:12.0612 1032 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:06:12.0612 1032 mssmbios - ok
16:06:12.0628 1032 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:06:12.0643 1032 MSTEE - ok
16:06:12.0659 1032 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:06:12.0674 1032 MTConfig - ok
16:06:12.0674 1032 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:06:12.0690 1032 Mup - ok
16:06:12.0721 1032 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:06:12.0737 1032 napagent - ok
16:06:12.0768 1032 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:06:12.0784 1032 NativeWifiP - ok
16:06:12.0846 1032 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:06:12.0893 1032 NDIS - ok
16:06:12.0893 1032 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:06:12.0940 1032 NdisCap - ok
16:06:12.0940 1032 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:06:12.0986 1032 NdisTapi - ok
16:06:13.0002 1032 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:06:13.0033 1032 Ndisuio - ok
16:06:13.0064 1032 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:06:13.0096 1032 NdisWan - ok
16:06:13.0111 1032 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:06:13.0142 1032 NDProxy - ok
16:06:13.0174 1032 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:06:13.0220 1032 NetBIOS - ok
16:06:13.0252 1032 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:06:13.0267 1032 NetBT - ok
16:06:13.0283 1032 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:06:13.0298 1032 Netlogon - ok
16:06:13.0314 1032 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:06:13.0361 1032 Netman - ok
16:06:13.0361 1032 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:06:13.0408 1032 netprofm - ok
16:06:13.0439 1032 [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
16:06:13.0470 1032 netr7364 - ok
16:06:13.0486 1032 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:06:13.0486 1032 NetTcpPortSharing - ok
16:06:13.0517 1032 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:06:13.0532 1032 nfrd960 - ok
16:06:13.0564 1032 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:06:13.0579 1032 NlaSvc - ok
16:06:13.0595 1032 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:06:13.0626 1032 Npfs - ok
16:06:13.0642 1032 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:06:13.0673 1032 nsi - ok
16:06:13.0688 1032 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:06:13.0720 1032 nsiproxy - ok
16:06:13.0766 1032 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:06:13.0829 1032 Ntfs - ok
16:06:13.0860 1032 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:06:13.0876 1032 Null - ok
16:06:13.0922 1032 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:06:13.0922 1032 nvraid - ok
16:06:13.0938 1032 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:06:13.0938 1032 nvstor - ok
16:06:13.0954 1032 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:06:13.0969 1032 nv_agp - ok
16:06:13.0985 1032 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:06:14.0000 1032 ohci1394 - ok
16:06:14.0078 1032 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:06:14.0094 1032 ose - ok
16:06:14.0266 1032 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:06:14.0375 1032 osppsvc - ok
16:06:14.0406 1032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:06:14.0406 1032 p2pimsvc - ok
16:06:14.0437 1032 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:06:14.0453 1032 p2psvc - ok
16:06:14.0468 1032 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:06:14.0468 1032 Parport - ok
16:06:14.0484 1032 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:06:14.0500 1032 partmgr - ok
16:06:14.0515 1032 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:06:14.0531 1032 PcaSvc - ok
16:06:14.0531 1032 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:06:14.0546 1032 pci - ok
16:06:14.0578 1032 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:06:14.0578 1032 pciide - ok
16:06:14.0593 1032 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:06:14.0593 1032 pcmcia - ok
16:06:14.0609 1032 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:06:14.0609 1032 pcw - ok
16:06:14.0640 1032 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:06:14.0671 1032 PEAUTH - ok
16:06:14.0718 1032 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:06:14.0749 1032 PeerDistSvc - ok
16:06:14.0796 1032 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:06:14.0843 1032 PerfHost - ok
16:06:14.0905 1032 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:06:14.0983 1032 pla - ok
16:06:15.0014 1032 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:06:15.0030 1032 PlugPlay - ok
16:06:15.0046 1032 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:06:15.0046 1032 PNRPAutoReg - ok
16:06:15.0061 1032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:06:15.0077 1032 PNRPsvc - ok
16:06:15.0092 1032 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:06:15.0124 1032 PolicyAgent - ok
16:06:15.0155 1032 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:06:15.0358 1032 Power - ok
16:06:15.0389 1032 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:06:15.0420 1032 PptpMiniport - ok
16:06:15.0436 1032 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:06:15.0436 1032 Processor - ok
16:06:15.0467 1032 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:06:15.0498 1032 ProfSvc - ok
16:06:15.0514 1032 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:06:15.0514 1032 ProtectedStorage - ok
16:06:15.0560 1032 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:06:15.0732 1032 Psched - ok
16:06:15.0779 1032 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:06:15.0810 1032 ql2300 - ok
16:06:15.0826 1032 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:06:15.0841 1032 ql40xx - ok
16:06:15.0857 1032 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:06:15.0872 1032 QWAVE - ok
16:06:15.0888 1032 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:06:15.0904 1032 QWAVEdrv - ok
16:06:15.0919 1032 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:06:15.0982 1032 RasAcd - ok
16:06:15.0997 1032 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:06:16.0028 1032 RasAgileVpn - ok
16:06:16.0044 1032 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:06:16.0075 1032 RasAuto - ok
16:06:16.0091 1032 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:06:16.0122 1032 Rasl2tp - ok
16:06:16.0138 1032 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:06:16.0184 1032 RasMan - ok
16:06:16.0200 1032 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:06:16.0231 1032 RasPppoe - ok
16:06:16.0247 1032 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:06:16.0278 1032 RasSstp - ok
16:06:16.0294 1032 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:06:16.0325 1032 rdbss - ok
16:06:16.0340 1032 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:06:16.0356 1032 rdpbus - ok
16:06:16.0372 1032 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:06:16.0387 1032 RDPCDD - ok
16:06:16.0418 1032 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:06:16.0418 1032 RDPDR - ok
16:06:16.0450 1032 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:06:16.0481 1032 RDPENCDD - ok
16:06:16.0481 1032 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:06:16.0512 1032 RDPREFMP - ok
16:06:16.0559 1032 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:06:16.0590 1032 RdpVideoMiniport - ok
16:06:16.0621 1032 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:06:16.0637 1032 RDPWD - ok
16:06:16.0668 1032 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:06:16.0684 1032 rdyboost - ok
16:06:16.0730 1032 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:06:16.0762 1032 RemoteAccess - ok
16:06:16.0808 1032 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:06:16.0886 1032 RemoteRegistry - ok
16:06:16.0886 1032 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:06:16.0933 1032 RpcEptMapper - ok
16:06:16.0933 1032 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:06:16.0964 1032 RpcLocator - ok
16:06:16.0980 1032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:06:17.0011 1032 RpcSs - ok
16:06:17.0042 1032 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:06:17.0105 1032 rspndr - ok
16:06:17.0120 1032 RSUSBSTOR - ok
16:06:17.0152 1032 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:06:17.0198 1032 RTL8167 - ok
16:06:17.0214 1032 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:06:17.0230 1032 s3cap - ok
16:06:17.0245 1032 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:06:17.0245 1032 SamSs - ok
16:06:17.0276 1032 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:06:17.0276 1032 sbp2port - ok
16:06:17.0308 1032 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:06:17.0323 1032 SCardSvr - ok
16:06:17.0354 1032 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:06:17.0370 1032 scfilter - ok
16:06:17.0417 1032 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:06:17.0495 1032 Schedule - ok
16:06:17.0510 1032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:06:17.0526 1032 SCPolicySvc - ok
16:06:17.0557 1032 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:06:17.0573 1032 SDRSVC - ok
16:06:17.0604 1032 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:06:17.0666 1032 secdrv - ok
16:06:17.0682 1032 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:06:17.0698 1032 seclogon - ok
16:06:17.0713 1032 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:06:17.0744 1032 SENS - ok
16:06:17.0760 1032 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:06:17.0776 1032 SensrSvc - ok
16:06:17.0791 1032 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:06:17.0807 1032 Serenum - ok
16:06:17.0822 1032 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:06:17.0854 1032 Serial - ok
16:06:17.0869 1032 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:06:17.0900 1032 sermouse - ok
16:06:17.0947 1032 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:06:18.0025 1032 SessionEnv - ok
16:06:18.0041 1032 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:06:18.0056 1032 sffdisk - ok
16:06:18.0056 1032 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:06:18.0072 1032 sffp_mmc - ok
16:06:18.0072 1032 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:06:18.0088 1032 sffp_sd - ok
16:06:18.0119 1032 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:06:18.0134 1032 sfloppy - ok
16:06:18.0181 1032 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:06:18.0275 1032 SharedAccess - ok
16:06:18.0290 1032 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:06:18.0337 1032 ShellHWDetection - ok
16:06:18.0337 1032 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:06:18.0353 1032 SiSRaid2 - ok
16:06:18.0368 1032 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:06:18.0384 1032 SiSRaid4 - ok
16:06:18.0384 1032 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:06:18.0431 1032 Smb - ok
16:06:18.0446 1032 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:06:18.0462 1032 SNMPTRAP - ok
16:06:18.0462 1032 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:06:18.0478 1032 spldr - ok
16:06:18.0509 1032 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:06:18.0524 1032 Spooler - ok
16:06:18.0618 1032 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:06:18.0727 1032 sppsvc - ok
16:06:18.0727 1032 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:06:18.0758 1032 sppuinotify - ok
16:06:18.0790 1032 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:06:18.0821 1032 srv - ok
16:06:18.0836 1032 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:06:18.0852 1032 srv2 - ok
16:06:18.0852 1032 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:06:18.0868 1032 srvnet - ok
16:06:18.0899 1032 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:06:18.0961 1032 SSDPSRV - ok
16:06:18.0977 1032 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:06:18.0992 1032 SstpSvc - ok
16:06:19.0024 1032 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:06:19.0024 1032 stexstor - ok
16:06:19.0055 1032 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:06:19.0133 1032 stisvc - ok
16:06:19.0148 1032 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:06:19.0164 1032 storflt - ok
16:06:19.0180 1032 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:06:19.0195 1032 StorSvc - ok
16:06:19.0226 1032 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:06:19.0258 1032 storvsc - ok
16:06:19.0273 1032 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:06:19.0273 1032 swenum - ok
16:06:19.0304 1032 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:06:19.0351 1032 swprv - ok
16:06:19.0414 1032 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:06:19.0476 1032 SysMain - ok
16:06:19.0492 1032 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:06:19.0507 1032 TabletInputService - ok
16:06:19.0538 1032 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:06:19.0585 1032 TapiSrv - ok
16:06:19.0616 1032 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:06:19.0663 1032 TBS - ok
16:06:19.0710 1032 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:06:19.0772 1032 Tcpip - ok
16:06:19.0804 1032 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:06:19.0835 1032 TCPIP6 - ok
16:06:19.0850 1032 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:06:19.0866 1032 tcpipreg - ok
16:06:19.0882 1032 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:06:19.0897 1032 TDPIPE - ok
16:06:19.0928 1032 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:06:19.0944 1032 TDTCP - ok
16:06:19.0960 1032 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:06:19.0975 1032 tdx - ok
16:06:20.0006 1032 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:06:20.0022 1032 TermDD - ok
16:06:20.0038 1032 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:06:20.0069 1032 TermService - ok
16:06:20.0100 1032 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:06:20.0116 1032 Themes - ok
16:06:20.0131 1032 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:06:20.0194 1032 THREADORDER - ok
16:06:20.0194 1032 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:06:20.0225 1032 TrkWks - ok
16:06:20.0256 1032 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:06:20.0287 1032 TrustedInstaller - ok
16:06:20.0318 1032 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:06:20.0350 1032 tssecsrv - ok
16:06:20.0381 1032 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:06:20.0412 1032 TsUsbFlt - ok
16:06:20.0459 1032 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:06:20.0537 1032 tunnel - ok
16:06:20.0568 1032 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:06:20.0568 1032 uagp35 - ok
16:06:20.0599 1032 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:06:20.0646 1032 udfs - ok
16:06:20.0677 1032 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:06:20.0693 1032 UI0Detect - ok
16:06:20.0708 1032 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:06:20.0724 1032 uliagpkx - ok
16:06:20.0755 1032 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:06:20.0771 1032 umbus - ok
16:06:20.0786 1032 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:06:20.0818 1032 UmPass - ok
16:06:20.0849 1032 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:06:20.0880 1032 UmRdpService - ok
16:06:20.0911 1032 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:06:20.0942 1032 upnphost - ok
16:06:20.0974 1032 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:06:20.0974 1032 usbccgp - ok
16:06:21.0005 1032 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:06:21.0036 1032 usbcir - ok
16:06:21.0052 1032 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:06:21.0067 1032 usbehci - ok
16:06:21.0083 1032 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:06:21.0114 1032 usbhub - ok
16:06:21.0114 1032 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:06:21.0130 1032 usbohci - ok
16:06:21.0145 1032 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:06:21.0176 1032 usbprint - ok
16:06:21.0192 1032 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:06:21.0208 1032 USBSTOR - ok
16:06:21.0223 1032 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:06:21.0239 1032 usbuhci - ok
16:06:21.0254 1032 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:06:21.0301 1032 UxSms - ok
16:06:21.0317 1032 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:06:21.0332 1032 VaultSvc - ok
16:06:21.0348 1032 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:06:21.0348 1032 vdrvroot - ok
16:06:21.0395 1032 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:06:21.0457 1032 vds - ok
16:06:21.0473 1032 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:06:21.0473 1032 vga - ok
16:06:21.0488 1032 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:06:21.0520 1032 VgaSave - ok
16:06:21.0535 1032 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:06:21.0551 1032 vhdmp - ok
16:06:21.0566 1032 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:06:21.0566 1032 viaide - ok
16:06:21.0582 1032 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:06:21.0598 1032 vmbus - ok
16:06:21.0598 1032 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:06:21.0613 1032 VMBusHID - ok
16:06:21.0629 1032 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:06:21.0644 1032 volmgr - ok
16:06:21.0676 1032 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:06:21.0676 1032 volmgrx - ok
16:06:21.0707 1032 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:06:21.0707 1032 volsnap - ok
16:06:21.0738 1032 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:06:21.0754 1032 vsmraid - ok
16:06:21.0800 1032 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:06:21.0878 1032 VSS - ok
16:06:21.0894 1032 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:06:21.0894 1032 vwifibus - ok
16:06:21.0910 1032 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:06:21.0972 1032 vwififlt - ok
16:06:22.0003 1032 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:06:22.0034 1032 vwifimp - ok
16:06:22.0066 1032 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:06:22.0112 1032 W32Time - ok
16:06:22.0128 1032 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:06:22.0144 1032 WacomPen - ok
16:06:22.0175 1032 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:06:22.0237 1032 WANARP - ok
16:06:22.0253 1032 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:06:22.0284 1032 Wanarpv6 - ok
16:06:22.0315 1032 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:06:22.0362 1032 wbengine - ok
16:06:22.0378 1032 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:06:22.0393 1032 WbioSrvc - ok
16:06:22.0409 1032 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:06:22.0424 1032 wcncsvc - ok
16:06:22.0440 1032 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:06:22.0440 1032 WcsPlugInService - ok
16:06:22.0456 1032 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:06:22.0471 1032 Wd - ok
16:06:22.0502 1032 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:06:22.0518 1032 Wdf01000 - ok
16:06:22.0534 1032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:06:22.0549 1032 WdiServiceHost - ok
16:06:22.0549 1032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:06:22.0565 1032 WdiSystemHost - ok
16:06:22.0580 1032 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:06:22.0612 1032 WebClient - ok
16:06:22.0627 1032 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:06:22.0658 1032 Wecsvc - ok
16:06:22.0658 1032 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:06:22.0690 1032 wercplsupport - ok
16:06:22.0705 1032 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:06:22.0736 1032 WerSvc - ok
16:06:22.0752 1032 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:06:22.0768 1032 WfpLwf - ok
16:06:22.0799 1032 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:06:22.0799 1032 WIMMount - ok
16:06:22.0814 1032 WinDefend - ok
16:06:22.0814 1032 WinHttpAutoProxySvc - ok
16:06:22.0861 1032 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:06:22.0892 1032 Winmgmt - ok
16:06:22.0955 1032 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:06:23.0048 1032 WinRM - ok
16:06:23.0080 1032 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:06:23.0111 1032 Wlansvc - ok
16:06:23.0126 1032 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:06:23.0142 1032 WmiAcpi - ok
16:06:23.0173 1032 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:06:23.0189 1032 wmiApSrv - ok
16:06:23.0204 1032 WMPNetworkSvc - ok
16:06:23.0220 1032 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:06:23.0236 1032 WPCSvc - ok
16:06:23.0251 1032 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:06:23.0267 1032 WPDBusEnum - ok
16:06:23.0282 1032 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:06:23.0314 1032 ws2ifsl - ok
16:06:23.0329 1032 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:06:23.0360 1032 wscsvc - ok
16:06:23.0360 1032 WSearch - ok
16:06:23.0407 1032 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:06:23.0454 1032 wuauserv - ok
16:06:23.0485 1032 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:06:23.0516 1032 WudfPf - ok
16:06:23.0532 1032 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:06:23.0563 1032 WUDFRd - ok
16:06:23.0579 1032 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:06:23.0594 1032 wudfsvc - ok
16:06:23.0610 1032 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:06:23.0626 1032 WwanSvc - ok
16:06:23.0641 1032 ================ Scan global ===============================
16:06:23.0657 1032 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:06:23.0688 1032 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:06:23.0688 1032 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:06:23.0719 1032 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:06:23.0719 1032 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:06:23.0719 1032 [Global] - ok
16:06:23.0735 1032 ================ Scan MBR ==================================
16:06:23.0735 1032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:06:23.0969 1032 \Device\Harddisk0\DR0 - ok
16:06:23.0969 1032 ================ Scan VBR ==================================
16:06:23.0969 1032 [ 47B2639991FE0EC46499B2140C9E0807 ] \Device\Harddisk0\DR0\Partition1
16:06:23.0984 1032 \Device\Harddisk0\DR0\Partition1 - ok
16:06:24.0016 1032 [ 5058DC8B8B51A981FD3B9507D06D4C21 ] \Device\Harddisk0\DR0\Partition2
16:06:24.0016 1032 \Device\Harddisk0\DR0\Partition2 - ok
16:06:24.0031 1032 [ 19CF73CA722DCC1AB00B1F49EA67D456 ] \Device\Harddisk0\DR0\Partition3
16:06:24.0031 1032 \Device\Harddisk0\DR0\Partition3 - ok
16:06:24.0047 1032 [ 4F94A99CB98FB4A2E9FD048B2A13F3EE ] \Device\Harddisk0\DR0\Partition4
16:06:24.0062 1032 \Device\Harddisk0\DR0\Partition4 - ok
16:06:24.0078 1032 [ 380716673AE00811DE7E7D1A50903677 ] \Device\Harddisk0\DR0\Partition5
16:06:24.0078 1032 \Device\Harddisk0\DR0\Partition5 - ok
16:06:24.0094 1032 [ E725412C025CE2754DCA7203CB49CB7A ] \Device\Harddisk0\DR0\Partition6
16:06:24.0094 1032 \Device\Harddisk0\DR0\Partition6 - ok
16:06:24.0109 1032 ============================================================
16:06:24.0109 1032 Scan finished
16:06:24.0109 1032 ============================================================
16:06:24.0125 3568 Detected object count: 0
16:06:24.0125 3568 Actual detected object count: 0
16:07:47.0759 0912 Deinitialize success
Vielen herzlichen Dank an alle Helfer Viele Grüße, chris0806 Geändert von chris0806 (27.04.2013 um 15:15 Uhr) Grund: Ergänzung |
|
27.04.2013, 17:41
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet sich von selbst und spammt Werbung JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Internet Explorer öffnet sich von selbst und spammt Werbung |
|
28.04.2013, 14:13
| #7 |
| | Internet Explorer öffnet sich von selbst und spammt Werbung Okay, hier sind die Logs: JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.1 (04.27.2013:1)
OS: Windows 7 Professional x64
Ran by Christoph on 28.04.2013 at 14:46:34,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.04.2013 at 14:48:45,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.202 - Datei am 28/04/2013 um 14:57:43 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Christoph - CHRISTOPH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christoph\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Datei : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\i0x42wj2.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [768 octets] - [28/04/2013 14:57:43]
########## EOF - C:\AdwCleaner[S1].txt - [827 octets] ##########
Code:
ATTFilter OTL logfile created on: 28.04.2013 15:02:42 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,73% Memory free 8,00 Gb Paging File | 6,70 Gb Available in Paging File | 83,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,59 Gb Total Space | 22,84 Gb Free Space | 38,99% Space Free | Partition Type: NTFS Drive D: | 106,85 Gb Total Space | 78,62 Gb Free Space | 73,58% Space Free | Partition Type: NTFS Drive E: | 144,13 Gb Total Space | 98,82 Gb Free Space | 68,56% Space Free | Partition Type: NTFS Drive F: | 22,46 Gb Total Space | 21,99 Gb Free Space | 97,90% Space Free | Partition Type: NTFS Drive G: | 133,63 Gb Total Space | 96,29 Gb Free Space | 72,06% Space Free | Partition Type: NTFS Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools) PRC - E:\Firefox\firefox.exe (Mozilla Corporation) PRC - E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - E:\ATI Radeon HD6850 Drivers\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) ========== Modules (No Company Name) ========== MOD - E:\Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-451399578-3343251901-2304358289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-451399578-3343251901-2304358289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-451399578-3343251901-2304358289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A F1 F9 BE 30 27 CE 01 [binary data] IE - HKU\S-1-5-21-451399578-3343251901-2304358289-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-451399578-3343251901-2304358289-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-451399578-3343251901-2304358289-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: E:\Java 64-Bit\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: E:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: E:\Firefox\components [2013.04.12 11:39:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: E:\Firefox\plugins [2013.02.22 20:07:00 | 000,000,000 | ---D | M] [2013.02.23 05:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2013.02.23 15:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\i0x42wj2.default\extensions [2013.02.23 15:00:22 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\i0x42wj2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java 64-Bit\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java 64-Bit\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] E:\ATI Radeon HD6850 Drivers\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - E:\Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - E:\Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4533827-722D-47DB-8C0F-7647F7959C13}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.03.14 10:50:14 | 000,002,498 | ---- | M] () - E:\autofill.conf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.28 14:46:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.28 14:46:29 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.28 14:34:18 | 000,536,737 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Christoph\Desktop\JRT.exe [2013.04.27 21:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.27 21:32:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.27 21:32:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.27 21:32:54 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.27 16:04:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe [2013.04.27 15:46:12 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe [2013.04.27 15:36:25 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\mbar [2013.04.14 01:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.04.13 20:17:27 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.04.13 20:17:26 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.04.13 20:17:26 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.04.13 20:17:21 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.04.13 20:17:21 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.04.13 20:17:21 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.04.12 22:46:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2013.04.11 15:13:39 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Audacity [2013.04.11 14:34:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.11 14:34:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.11 14:34:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.11 14:34:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.11 14:34:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.11 14:34:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.11 14:34:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.11 14:34:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.11 14:34:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.11 14:34:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.11 14:34:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.11 14:34:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.11 14:34:03 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.11 14:34:03 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.11 14:34:03 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.11 14:06:08 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\.minecraft [2013.04.11 11:57:09 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.11 11:57:09 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.11 11:57:09 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.11 11:57:08 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.11 11:57:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.11 11:57:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.06 22:29:41 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\Welt 1 [2013.04.06 15:55:35 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\shader [1 C:\Users\Christoph\Documents\*.tmp files -> C:\Users\Christoph\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.28 15:05:59 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 15:05:59 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 15:05:09 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.28 15:05:09 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.28 15:05:09 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.28 15:05:09 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.28 15:05:09 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.28 14:58:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.28 14:58:37 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2013.04.28 14:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.28 14:34:21 | 000,619,461 | ---- | M] () -- C:\Users\Christoph\Desktop\adwcleaner.exe [2013.04.28 14:34:18 | 000,536,737 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Christoph\Desktop\JRT.exe [2013.04.27 16:04:30 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe [2013.04.27 16:02:39 | 000,000,512 | ---- | M] () -- C:\Users\Christoph\Desktop\MBR.dat [2013.04.27 15:47:41 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe [2013.04.20 13:55:30 | 001,420,800 | ---- | M] () -- C:\Users\Christoph\Desktop\Mathe-Tool_Word2007_v2.dot [2013.04.14 01:23:29 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.14 01:23:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.13 20:17:17 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.04.13 20:17:17 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.04.13 20:17:17 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.04.13 20:17:17 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.04.13 20:17:17 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.04.13 20:17:17 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.04.12 22:56:12 | 000,377,856 | ---- | M] () -- C:\Users\Christoph\Desktop\gmer_2.1.19163.exe [2013.04.12 22:46:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2013.04.12 22:43:38 | 000,050,477 | ---- | M] () -- C:\Users\Christoph\Desktop\Defogger.exe [2013.04.12 20:37:13 | 000,000,627 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.11 15:13:36 | 000,000,701 | ---- | M] () -- C:\Users\Christoph\Desktop\Audacity.lnk [2013.04.11 15:09:58 | 000,000,600 | ---- | M] () -- C:\Users\Christoph\Desktop\mp3DirectCut.lnk [2013.04.11 14:38:21 | 000,342,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.11 12:18:48 | 000,000,812 | ---- | M] () -- C:\Users\Christoph\Desktop\SUPER - Verknüpfung.lnk [2013.04.11 12:06:34 | 000,000,755 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [1 C:\Users\Christoph\Documents\*.tmp files -> C:\Users\Christoph\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.28 14:34:21 | 000,619,461 | ---- | C] () -- C:\Users\Christoph\Desktop\adwcleaner.exe [2013.04.27 16:02:39 | 000,000,512 | ---- | C] () -- C:\Users\Christoph\Desktop\MBR.dat [2013.04.20 13:55:30 | 001,420,800 | ---- | C] () -- C:\Users\Christoph\Desktop\Mathe-Tool_Word2007_v2.dot [2013.04.12 22:56:11 | 000,377,856 | ---- | C] () -- C:\Users\Christoph\Desktop\gmer_2.1.19163.exe [2013.04.12 22:43:34 | 000,050,477 | ---- | C] () -- C:\Users\Christoph\Desktop\Defogger.exe [2013.04.11 15:13:36 | 000,000,701 | ---- | C] () -- C:\Users\Christoph\Desktop\Audacity.lnk [2013.04.11 15:13:36 | 000,000,701 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.04.11 15:09:58 | 000,000,600 | ---- | C] () -- C:\Users\Christoph\Desktop\mp3DirectCut.lnk [2013.04.11 12:18:48 | 000,000,812 | ---- | C] () -- C:\Users\Christoph\Desktop\SUPER - Verknüpfung.lnk [2013.04.11 12:05:41 | 000,000,755 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2013.03.09 17:53:23 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2013.02.23 13:47:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.04.2013 15:02:42 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,73% Memory free
8,00 Gb Paging File | 6,70 Gb Available in Paging File | 83,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 22,84 Gb Free Space | 38,99% Space Free | Partition Type: NTFS
Drive D: | 106,85 Gb Total Space | 78,62 Gb Free Space | 73,58% Space Free | Partition Type: NTFS
Drive E: | 144,13 Gb Total Space | 98,82 Gb Free Space | 68,56% Space Free | Partition Type: NTFS
Drive F: | 22,46 Gb Total Space | 21,99 Gb Free Space | 97,90% Space Free | Partition Type: NTFS
Drive G: | 133,63 Gb Total Space | 96,29 Gb Free Space | 72,06% Space Free | Partition Type: NTFS
Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-451399578-3343251901-2304358289-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\WinAmp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\WinAmp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\WinAmp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\WinAmp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\WinAmp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{191A164F-AACA-434E-ACA3-15BDC1259FE6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{315851C9-A902-4C32-81C5-52CBF0915413}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39D8250A-8C9D-4617-84E1-0EB3B1BCE99A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3FF99080-9A64-4E86-9C3D-57BB7944456E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4114C454-72F4-4188-A8AB-9B00B5079083}" = lport=137 | protocol=17 | dir=in | app=system |
"{534C0862-B534-4FA8-B743-349F4E097198}" = lport=139 | protocol=6 | dir=in | app=system |
"{670BC13C-658B-4212-98AD-37134ACFC0A0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74980768-9BEC-494F-A76D-81FBC9D09B00}" = lport=10243 | protocol=6 | dir=in | app=system |
"{75F7AC39-826E-49C9-B7E3-0FAC751033A5}" = rport=137 | protocol=17 | dir=out | app=system |
"{7C75E201-06E0-415B-B92B-97B1C9BD576B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{866E7243-B54E-4D60-9CE4-A27356E595A9}" = lport=445 | protocol=6 | dir=in | app=system |
"{AA7266FD-75EC-485D-B4DD-B3F6D60646BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{BF602830-16B5-4CC1-AE0A-AD27F148EE84}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D278B00A-14DB-40FF-918C-12213FD293AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E347FDF9-CA4B-4832-A540-6749F7EEC0B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7D49C43-F84E-419B-9E86-7499EC5D424B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC8F975C-B3E0-4051-A6BD-2B9B66998B6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{EFF1E49E-9F35-443E-A9D2-B661C29ECDCE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5DC62BE-22C1-4764-B1EB-7C988E6F97E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F86C54E5-1E5B-4D06-B45D-94CD9404F85B}" = rport=138 | protocol=17 | dir=out | app=system |
"{FEDCBD2E-93DC-460C-82A5-1E8574AA0056}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036021A7-2DDA-4592-8717-0927CB92FF5B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0C8960C1-E03F-46F4-A82A-26D09A57E339}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1B607BA8-8AF6-470A-8492-5C97D5D5495B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{3723373F-981E-4F21-9667-ECA111E6843B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{571EF207-7F26-4EBD-9888-CA8F7E2209DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5737F885-41F0-4D4F-9435-7D9A4A5EF603}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C2066A9-B6CD-4F09-BB2D-F0A74D57CEE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5FE1DA88-3F44-4E62-BE6A-98584923F7BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C7BB903-9EDE-4BA3-9171-D3396E92E484}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{889FF016-A33E-490C-86A4-2D29B68476B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8B037CE2-B74A-4878-AB6C-103C6A100932}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A74393D2-F028-4142-A42C-DC97F5BF4512}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A872BD4C-2CFF-4669-AB13-2F03598BF73E}" = protocol=6 | dir=out | app=system |
"{AF3381E9-9460-4090-95DD-A0D1122FB999}" = protocol=17 | dir=in | app=e:\office\office14\onenote.exe |
"{B4DA8A0E-ADDD-4F79-A89C-70E5E843CD1A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B837435B-CFE9-4649-8233-CF6F11358160}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C7794020-FAAB-4D66-9142-9852F3436558}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB7A232B-D9C2-44C7-9C36-76A251ED8839}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{E4ECAB38-E19D-4C16-BF09-01AED4409BED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB386B16-F2EC-4AFE-8A21-E1EEC229F50B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F121D9D3-0EB8-46B9-B621-7FBC9055B8EC}" = protocol=6 | dir=in | app=e:\office\office14\onenote.exe |
"{F796D32E-F998-4895-8131-7E06152350DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F985F56E-7291-4BDA-AA9E-6D0099B2B347}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{27FD348C-5233-46C0-98B9-96B5F007CF5A}E:\java\bin\javaw.exe" = protocol=6 | dir=in | app=e:\java\bin\javaw.exe |
"TCP Query User{54311DD2-56C2-4002-9D96-5DF9F8EADC82}E:\icq\icq7.5\icq.exe" = protocol=6 | dir=in | app=e:\icq\icq7.5\icq.exe |
"TCP Query User{6D250151-187A-47B7-A4A6-0FD686C0CD07}E:\winamp\winamp.exe" = protocol=6 | dir=in | app=e:\winamp\winamp.exe |
"UDP Query User{0E6CED3B-A7E0-46CA-8061-AA146B0CFE77}E:\java\bin\javaw.exe" = protocol=17 | dir=in | app=e:\java\bin\javaw.exe |
"UDP Query User{B7E0C262-8203-487B-BFCA-84D754369ED6}E:\winamp\winamp.exe" = protocol=17 | dir=in | app=e:\winamp\winamp.exe |
"UDP Query User{B95488AB-8D0B-4D07-93F0-7C7A319FFC76}E:\icq\icq7.5\icq.exe" = protocol=17 | dir=in | app=e:\icq\icq7.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{44610EE0-C908-D8F1-425D-914A5B745DEA}" = AMD Drag and Drop Transcoding
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-451399578-3343251901-2304358289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 28.04.2013 08:56:57 | Computer Name = Christoph-PC | Source = DCOM | ID = 10010
Description =
< End of report >
chris |
|
28.04.2013, 19:33
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet sich von selbst und spammt Werbung Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2013, 23:07
| #9 |
| | Internet Explorer öffnet sich von selbst und spammt Werbung Hallo cosinus, Malewarebytes hat nichts gefunden, aber ESET hat angeschlagen. Die Logfiles: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.28.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christoph :: CHRISTOPH-PC [Administrator] 28.04.2013 21:23:50 mbam-log-2013-04-28 (21-23-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 470652 Laufzeit: 50 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Wichtig: Der Scan ging dann nach der Entdeckung nicht mehr weiter (stand bei 37%), sodass ich abbrechen musste. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fc80c1a68a15534aa6e35b74773809f1
# engine=13715
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-28 09:58:27
# local_time=2013-04-28 11:58:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 16185 232609597 8971 0
# compatibility_mode=5893 16776574 100 94 5572808 118816157 0 0
# scanned=138804
# found=1
# cleaned=0
# scan_time=2687
sh=7F3218C4A99E0DCCDC6160EBC5531A6726BEA37E ft=0 fh=0000000000000000 vn="JS/Kryptik.AY trojan" ac=I fn="E:\CHRISTOPH-PC\Backup Set 2011-05-14 022754\Backup Files 2011-05-28 130003\Backup files 1.zip"
chris |
|
29.04.2013, 09:55
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet sich von selbst und spammt Werbung Nur ein Fund in einem alten Backup-Set, das kann man ignorieren Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2013, 10:19
| #11 |
| | Internet Explorer öffnet sich von selbst und spammt Werbung Hallo cosinus, ja ich bin jetzt auch beruhigt. Das Problem trat auch nicht erneut auf, aber ich dachte mir eben, lieber gleich reagieren als abwarten. Ich möchte Dir ein dickes Lob ausrichten und vielen Dank sagen! Finde es super, dass es Foren wie dieses gibt und die dazu passenden User;-) In die Links, die du geschickt hast, lese mich mich jetzt ein, auch dafür vielen Dank! Viele Grüße, chris |
|
29.04.2013, 10:31
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet sich von selbst und spammt Werbung Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/ Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2013, 11:56
| #13 |
| | Internet Explorer öffnet sich von selbst und spammt Werbung Hi, danke für die tollen Abschlusstipps, werde mich dran halten;-) Nochmal vielen Dank und alles Gute! Viele Grüße, chris |
|
| Themen zu Internet Explorer öffnet sich von selbst und spammt Werbung |
| autorun, bho, error, fehler, firefox, flash player, format, helper, home, install.exe, internet, internet explorer, keine viren, logfile, malware, malware gefunden, plug-in, problem, realtek, registry, richtlinie, rundll, scan, security, senden, super, svchost.exe, udp, viren, werbung, windows, youtube downloader |
Linear-Darstellung
