| |
| |||||||
Log-Analyse und Auswertung: keine Bilder IE9 wiederholte VierenmeldungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
24.04.2013, 19:50
| #1 |
 |  keine Bilder IE9 wiederholte Vierenmeldungen Servus Spezialisten, da Ihr mir bereits einmal geholfen habt, bei dem Rechner von meinem Spezl, wende ich mich nun wieder an euch. Jetzt hats meinen eigenen Rechner erwischt. Es hat, vor ca. 3 Wochen, mit einem Virus angefangen wie mir Avira mitteilte (adware/Yontoo.Gen / danach Adware/Agent.NPO.142) Updates des Virenscanners waren zeitweise nicht mehr möglich, und jetzt konnten wir keine Bilder mehr im Internetexplorer ansehen. Habe mittlerweile Chrome installiert weil ein vernünftiges Arbeiten nicht mehr möglich war. habe die drei Programme laufen lassen. Defogger ok / OTL keine Exra.txt und GMER bricht ab (aufgrund eines Proplems wird GMER nicht richtig ausgeführt) also ich glaub bei meinem PC ist einiges im argen und ich hoffe auf eure hilfe. Im Anhang soweit möglich die geforderten Dateien plus Fehlermeldung gmer mit freundlichen Grüßen Schöffi |
|
24.04.2013, 23:47
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | keine Bilder IE9 wiederholte Vierenmeldungen Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
25.04.2013, 21:00
| #3 |
| | keine Bilder IE9 wiederholte Vierenmeldungen Hallo Cosinus,
__________________ich hab mir den rechner ueber die Firma gekauft, weil ich auch privat damit von zuhause aus arbeite,wenn ich nicht in der arbeit bin, aber zu neunzig prozent nutzen meine frau die tochter und mein sohn die kiste. logs werde ich erst morgen posten koennen, ich bin momentan arbeitsmaessig zu 100 % eingespannt und komm leider erst morgen abend oder sammstag dazu. ich hoffe du hilfst mir trotzdem weiter? schoeffi |
|
25.04.2013, 22:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keine Bilder IE9 wiederholte Vierenmeldungen Ok, danke für die Erkärung. Poste dann in deiner nächsten Antwort einfach erstmal alle relevanten schon vorhandenen Logs, mach bitte noch keine neuen Logs oders Scans mit Virenscannern.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.04.2013, 15:30
| #5 |
| | keine Bilder IE9 wiederholte Vierenmeldungen So hier die logs soweit ich was gefunden hab 1. Malwarbytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.17.05 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Schoeffi1 :: SCHOEFFI1-PC [Administrator] Schutz: Deaktiviert 17.02.2013 19:16:20 mbam-log-2013-02-17 (19-16-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|L:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 537731 Laufzeit: 55 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 E:\System Volume Information\_restore{DDA63C04-6484-40B2-B645-8616C4DFCD98}\RP453\A0787839.exe (Risktool.KillFiles) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\System Volume Information\_restore{DDA63C04-6484-40B2-B645-8616C4DFCD98}\RP453\A0787889.exe (Risktool.KillFiles) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\System Volume Information\_restore{DDA63C04-6484-40B2-B645-8616C4DFCD98}\RP453\A0792026.dll (Adware.GameSpyArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.28.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Schoeffi1 :: SCHOEFFI1-PC [Administrator] 28.03.2013 15:28:44 mbam-log-2013-03-28 (15-28-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 548698 Laufzeit: 1 Stunde(n), 35 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Schoeffi1\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.28.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Schoeffi1 :: SCHOEFFI1-PC [Administrator] 29.03.2013 19:12:06 mbam-log-2013-03-29 (19-12-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 548538 Laufzeit: 1 Stunde(n), 35 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.23.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Schoeffi1 :: SCHOEFFI1-PC [Administrator] 23.04.2013 18:18:02 mbam-log-2013-04-23 (18-18-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 539691 Laufzeit: 1 Stunde(n), 18 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Schoeffi1\AppData\Local\Temp\Temp1_Alcohol120_de_trial_7.b7612.zip\Alcohol120_de_trial_7.b7612.exe (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Schoeffi1\Documents\Download\Programme\Deamon Tools\daemon_tools.exe (Adware.Vomba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Schoeffi1\Downloads\Alcohol120_de_trial_7.b7612.zip (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Dokumente und Einstellungen\schoeffi\Eigene Dateien\Download\daemon_tools.exe (Adware.Vomba) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 23. April 2013 18:26
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : SCHOEFFI1-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3499 49286 Bytes 19.03.2013 16:29:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 30.03.2013 15:36:58
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 14:47:33
LUKE.DLL : 13.6.0.902 67808 Bytes 30.03.2013 15:37:05
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19.03.2013 20:15:46
AVREG.DLL : 13.6.0.940 250592 Bytes 19.03.2013 20:15:46
avlode.dll : 13.6.2.940 434912 Bytes 30.03.2013 15:36:57
avlode.rdf : 13.0.0.46 15591 Bytes 30.03.2013 15:37:07
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 15:42:56
VBASE001.VDF : 7.11.70.1 2048 Bytes 04.04.2013 15:42:56
VBASE002.VDF : 7.11.70.2 2048 Bytes 04.04.2013 15:42:56
VBASE003.VDF : 7.11.70.3 2048 Bytes 04.04.2013 15:42:56
VBASE004.VDF : 7.11.70.4 2048 Bytes 04.04.2013 15:42:57
VBASE005.VDF : 7.11.70.5 2048 Bytes 04.04.2013 15:42:57
VBASE006.VDF : 7.11.70.6 2048 Bytes 04.04.2013 15:42:57
VBASE007.VDF : 7.11.70.7 2048 Bytes 04.04.2013 15:42:57
VBASE008.VDF : 7.11.70.8 2048 Bytes 04.04.2013 15:42:57
VBASE009.VDF : 7.11.70.9 2048 Bytes 04.04.2013 15:42:57
VBASE010.VDF : 7.11.70.10 2048 Bytes 04.04.2013 15:42:58
VBASE011.VDF : 7.11.70.11 2048 Bytes 04.04.2013 15:42:58
VBASE012.VDF : 7.11.70.12 2048 Bytes 04.04.2013 15:42:58
VBASE013.VDF : 7.11.70.13 2048 Bytes 04.04.2013 15:42:58
VBASE014.VDF : 7.11.70.103 136192 Bytes 05.04.2013 16:12:44
VBASE015.VDF : 7.11.70.183 183808 Bytes 06.04.2013 14:13:06
VBASE016.VDF : 7.11.71.9 145920 Bytes 08.04.2013 13:41:14
VBASE017.VDF : 7.11.71.115 169472 Bytes 10.04.2013 14:32:07
VBASE018.VDF : 7.11.71.197 172544 Bytes 11.04.2013 17:06:12
VBASE019.VDF : 7.11.72.17 135168 Bytes 12.04.2013 11:37:57
VBASE020.VDF : 7.11.72.103 158208 Bytes 15.04.2013 16:15:40
VBASE021.VDF : 7.11.72.137 152064 Bytes 15.04.2013 16:15:40
VBASE022.VDF : 7.11.72.223 159232 Bytes 16.04.2013 13:35:52
VBASE023.VDF : 7.11.73.59 204288 Bytes 18.04.2013 12:07:51
VBASE024.VDF : 7.11.73.133 164864 Bytes 19.04.2013 12:07:51
VBASE025.VDF : 7.11.73.201 225792 Bytes 22.04.2013 12:46:12
VBASE026.VDF : 7.11.73.251 161280 Bytes 23.04.2013 16:09:40
VBASE027.VDF : 7.11.73.252 2048 Bytes 23.04.2013 16:09:40
VBASE028.VDF : 7.11.73.253 2048 Bytes 23.04.2013 16:09:40
VBASE029.VDF : 7.11.73.254 2048 Bytes 23.04.2013 16:09:40
VBASE030.VDF : 7.11.73.255 2048 Bytes 23.04.2013 16:09:40
VBASE031.VDF : 7.11.74.8 9728 Bytes 23.04.2013 16:09:40
Engineversion : 8.2.12.30
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.106 483709 Bytes 11.04.2013 17:06:15
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 15:47:10
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 14:44:37
AEPACK.DLL : 8.3.2.6 827767 Bytes 30.03.2013 15:36:54
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 12:48:44
AEHEUR.DLL : 8.1.4.302 5890425 Bytes 19.04.2013 12:07:55
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.7.2 442741 Bytes 26.03.2013 15:47:09
AEEXP.DLL : 8.4.0.22 196982 Bytes 19.04.2013 12:07:55
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 13:47:46
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.480 26480 Bytes 12.02.2013 14:05:22
AVPREF.DLL : 13.6.0.480 51056 Bytes 12.02.2013 14:05:25
AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 15:59:47
AVARKT.DLL : 13.6.0.902 260832 Bytes 30.03.2013 15:36:54
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 30.03.2013 15:36:56
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 12.02.2013 14:05:26
NETNT.DLL : 13.6.0.480 16240 Bytes 12.02.2013 14:05:42
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 14:47:31
RCTEXT.DLL : 13.6.0.976 69344 Bytes 30.03.2013 15:36:01
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5176b116\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Dienstag, 23. April 2013 18:26
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '155' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'atkexComSvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '224' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADDEL.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsRoutineController.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'EPUHelp.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'aaHMSvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'BJMYPRT.EXE' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'MultiScreen.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'VDeck.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsSysCtrlService.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'ifxspmgt.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'ifxtcs.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '204' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEMAIN.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'MagicPvt.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'IProsetMonitor.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'IfxPsdSv.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarMoneyOnlineUpdate.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSDrt.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpTna.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarWindServiceAE.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'viakaraokesrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'splwow64.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'PrivacyIconClient.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'IEXPLORE.EXE' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'IEXPLORE.EXE' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil10x_ActiveX.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Schoeffi1\AppData\Local\Temp\DIQ\recuva_027\software\setup__1474.exe'
C:\Users\Schoeffi1\AppData\Local\Temp\DIQ\recuva_027\software\setup__1474.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Agent.NPO.142
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5669265e.qua' verschoben!
Ende des Suchlaufs: Dienstag, 23. April 2013 18:26
Benötigte Zeit: 00:15 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1064 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1063 Dateien ohne Befall
2 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Code:
ATTFilter Exportierte Ereignisse:
23.04.2013 18:26 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Schoeffi1\AppData\Local\Temp\DIQ\recuva_027\software\setup__1474.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Agent.NPO.142'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5669265e.qua'
verschoben!
23.04.2013 18:25 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Schoeffi1\AppData\Local\Temp\DIQ\recuva_027\software\setup__1474.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.NPO.142' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
So ich hoffe du kannst etwas damit anfangen |
|
27.04.2013, 17:43
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keine Bilder IE9 wiederholte Vierenmeldungen Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> keine Bilder IE9 wiederholte Vierenmeldungen |
|
30.04.2013, 18:41
| #7 |
| | keine Bilder IE9 wiederholte Vierenmeldungen Servus Cosinus, hat soweit alles geklappt hier die log files 1. MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.30.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Schoeffi1 :: SCHOEFFI1-PC [administrator]
30.04.2013 19:01:27
mbar-log-2013-04-30 (19-01-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29700
Time elapsed: 4 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-30 19:06:53
-----------------------------
19:06:53.760 OS Version: Windows x64 6.1.7601 Service Pack 1
19:06:53.760 Number of processors: 8 586 0x3A09
19:06:53.760 ComputerName: SCHOEFFI1-PC UserName: Schoeffi1
19:06:57.401 Initialize success
19:07:51.358 AVAST engine defs: 13043000
19:08:10.243 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:08:10.246 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
19:08:10.249 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-5
19:08:10.252 Disk 1 Vendor: ST3360832AS 3.04 Size: 343399MB BusType: 3
19:08:10.335 Disk 0 MBR read successfully
19:08:10.338 Disk 0 MBR scan
19:08:10.344 Disk 0 Windows 7 default MBR code
19:08:10.350 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:08:10.360 Disk 0 Partition 2 00 1B Hidd FAT32 NTFS 13312 MB offset 206848
19:08:10.366 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 381547 MB offset 27469824
19:08:10.390 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 558907 MB offset 808878105
19:08:10.418 Disk 0 scanning C:\Windows\system32\drivers
19:08:18.410 Service scanning
19:08:31.583 Modules scanning
19:08:31.595 Disk 0 trace - called modules:
19:08:31.614 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:08:31.621 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007701790]
19:08:31.627 3 CLASSPNP.SYS[fffff8800197243f] -> nt!IofCallDriver -> [0xfffffa800713a520]
19:08:31.633 5 ACPI.sys[fffff8800114e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800713c060]
19:08:39.596 AVAST engine scan C:\Windows
19:08:49.012 AVAST engine scan C:\Windows\system32
19:10:37.760 AVAST engine scan C:\Windows\system32\drivers
19:10:46.569 AVAST engine scan C:\Users\Schoeffi1
19:14:52.144 AVAST engine scan C:\ProgramData
19:15:35.627 Scan finished successfully
19:26:21.295 Disk 0 MBR has been saved successfully to "C:\Users\Schoeffi1\Desktop\MBR.dat"
19:26:21.301 The log file has been saved successfully to "C:\Users\Schoeffi1\Desktop\aswMBR.txt"
Code:
ATTFilter 19:32:28.0133 3876 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:32:28.0297 3876 ============================================================
19:32:28.0297 3876 Current date / time: 2013/04/30 19:32:28.0297
19:32:28.0297 3876 SystemInfo:
19:32:28.0297 3876
19:32:28.0297 3876 OS Version: 6.1.7601 ServicePack: 1.0
19:32:28.0297 3876 Product type: Workstation
19:32:28.0297 3876 ComputerName: SCHOEFFI1-PC
19:32:28.0298 3876 UserName: Schoeffi1
19:32:28.0298 3876 Windows directory: C:\Windows
19:32:28.0298 3876 System windows directory: C:\Windows
19:32:28.0298 3876 Running under WOW64
19:32:28.0298 3876 Processor architecture: Intel x64
19:32:28.0298 3876 Number of processors: 8
19:32:28.0298 3876 Page size: 0x1000
19:32:28.0298 3876 Boot type: Normal boot
19:32:28.0298 3876 ============================================================
19:32:29.0084 3876 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:32:29.0098 3876 Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:32:29.0134 3876 ============================================================
19:32:29.0134 3876 \Device\Harddisk0\DR0:
19:32:29.0134 3876 MBR partitions:
19:32:29.0134 3876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:32:29.0134 3876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x2E935800
19:32:29.0134 3876 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30368019, BlocksNum 0x4439D9A8
19:32:29.0134 3876 \Device\Harddisk1\DR1:
19:32:29.0135 3876 MBR partitions:
19:32:29.0135 3876 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x14F5B402
19:32:29.0151 3876 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x14F5B480, BlocksNum 0x147870C3
19:32:29.0168 3876 \Device\Harddisk1\DR1\Partition3: MBR, Type 0xB, StartLBA 0x296E2582, BlocksNum 0x7D043F
19:32:29.0168 3876 ============================================================
19:32:29.0182 3876 C: <-> \Device\Harddisk0\DR0\Partition2
19:32:29.0221 3876 D: <-> \Device\Harddisk1\DR1\Partition1
19:32:29.0255 3876 E: <-> \Device\Harddisk1\DR1\Partition2
19:32:29.0255 3876 F: <-> \Device\Harddisk1\DR1\Partition3
19:32:29.0292 3876 G: <-> \Device\Harddisk0\DR0\Partition3
19:32:29.0292 3876 ============================================================
19:32:29.0292 3876 Initialize success
19:32:29.0292 3876 ============================================================
19:32:39.0351 1732 ============================================================
19:32:39.0351 1732 Scan started
19:32:39.0351 1732 Mode: Manual; SigCheck; TDLFS;
19:32:39.0351 1732 ============================================================
19:32:39.0737 1732 ================ Scan system memory ========================
19:32:39.0737 1732 System memory - ok
19:32:39.0738 1732 ================ Scan services =============================
19:32:39.0862 1732 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:32:39.0913 1732 1394ohci - ok
19:32:39.0934 1732 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:32:39.0949 1732 ACPI - ok
19:32:39.0957 1732 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:32:39.0967 1732 AcpiPmi - ok
19:32:40.0022 1732 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:32:40.0034 1732 AdobeARMservice - ok
19:32:40.0054 1732 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:32:40.0074 1732 adp94xx - ok
19:32:40.0087 1732 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:32:40.0096 1732 adpahci - ok
19:32:40.0105 1732 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:32:40.0112 1732 adpu320 - ok
19:32:40.0131 1732 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:32:40.0152 1732 AeLookupSvc - ok
19:32:40.0167 1732 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:32:40.0180 1732 AFD - ok
19:32:40.0189 1732 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:32:40.0197 1732 agp440 - ok
19:32:40.0208 1732 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:32:40.0217 1732 ALG - ok
19:32:40.0228 1732 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:32:40.0234 1732 aliide - ok
19:32:40.0260 1732 [ 24910B4F07F9DC586FA8AD38CABE524E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:32:40.0276 1732 AMD External Events Utility - ok
19:32:40.0301 1732 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:32:40.0312 1732 amdide - ok
19:32:40.0323 1732 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:32:40.0335 1732 AmdK8 - ok
19:32:40.0477 1732 [ 3F47D92F6D54263BF2CDEDAA6284D27C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:32:40.0535 1732 amdkmdag - ok
19:32:40.0549 1732 [ A171B311BAFF865AEEE3635D1226898E ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:32:40.0558 1732 amdkmdap - ok
19:32:40.0560 1732 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:32:40.0566 1732 AmdPPM - ok
19:32:40.0575 1732 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:32:40.0581 1732 amdsata - ok
19:32:40.0589 1732 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:32:40.0596 1732 amdsbs - ok
19:32:40.0609 1732 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:32:40.0614 1732 amdxata - ok
19:32:40.0654 1732 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:32:40.0666 1732 AntiVirSchedulerService - ok
19:32:40.0683 1732 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:32:40.0690 1732 AntiVirService - ok
19:32:40.0706 1732 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:32:40.0731 1732 AppID - ok
19:32:40.0746 1732 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:32:40.0765 1732 AppIDSvc - ok
19:32:40.0777 1732 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:32:40.0795 1732 Appinfo - ok
19:32:40.0855 1732 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:32:40.0865 1732 Apple Mobile Device - ok
19:32:40.0887 1732 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:32:40.0901 1732 AppMgmt - ok
19:32:40.0916 1732 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:32:40.0928 1732 arc - ok
19:32:40.0943 1732 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:32:40.0956 1732 arcsas - ok
19:32:41.0026 1732 [ 31E2470E61D5A390405BA41C279D8446 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
19:32:41.0061 1732 asComSvc - ok
19:32:41.0083 1732 [ 0466B91EE5767A769E9F8EDB8EF94DDB ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
19:32:41.0096 1732 asHmComSvc - ok
19:32:41.0273 1732 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
19:32:41.0282 1732 AsIO - ok
19:32:41.0301 1732 [ C7F7FA07C719A43ADBA5674F27893278 ] assd C:\Windows\system32\drivers\assd.sys
19:32:41.0309 1732 assd ( UnsignedFile.Multi.Generic ) - warning
19:32:41.0309 1732 assd - detected UnsignedFile.Multi.Generic (1)
19:32:41.0337 1732 [ AD8947D621FDCA48F1F39F4624B60AA1 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
19:32:41.0348 1732 AsSysCtrlService - ok
19:32:41.0362 1732 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
19:32:41.0370 1732 AsUpIO - ok
19:32:41.0391 1732 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:32:41.0425 1732 AsyncMac - ok
19:32:41.0440 1732 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:32:41.0446 1732 atapi - ok
19:32:41.0470 1732 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:32:41.0475 1732 AtiHDAudioService - ok
19:32:41.0496 1732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:32:41.0525 1732 AudioEndpointBuilder - ok
19:32:41.0531 1732 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:32:41.0552 1732 AudioSrv - ok
19:32:41.0569 1732 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:32:41.0575 1732 avgntflt - ok
19:32:41.0594 1732 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:32:41.0600 1732 avipbb - ok
19:32:41.0606 1732 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:32:41.0611 1732 avkmgr - ok
19:32:41.0635 1732 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:32:41.0645 1732 AxInstSV - ok
19:32:41.0662 1732 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:32:41.0670 1732 b06bdrv - ok
19:32:41.0691 1732 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:32:41.0698 1732 b57nd60a - ok
19:32:41.0711 1732 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:32:41.0718 1732 BDESVC - ok
19:32:41.0719 1732 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:32:41.0737 1732 Beep - ok
19:32:41.0758 1732 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:32:41.0779 1732 BFE - ok
19:32:41.0811 1732 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:32:41.0833 1732 BITS - ok
19:32:41.0844 1732 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:32:41.0851 1732 blbdrive - ok
19:32:41.0900 1732 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:32:41.0917 1732 Bonjour Service - ok
19:32:41.0926 1732 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:32:41.0939 1732 bowser - ok
19:32:41.0949 1732 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:32:41.0959 1732 BrFiltLo - ok
19:32:41.0962 1732 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:32:41.0972 1732 BrFiltUp - ok
19:32:41.0989 1732 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:32:41.0996 1732 Browser - ok
19:32:42.0000 1732 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:32:42.0007 1732 Brserid - ok
19:32:42.0010 1732 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:32:42.0018 1732 BrSerWdm - ok
19:32:42.0019 1732 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:32:42.0027 1732 BrUsbMdm - ok
19:32:42.0029 1732 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:32:42.0034 1732 BrUsbSer - ok
19:32:42.0072 1732 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:32:42.0084 1732 BthEnum - ok
19:32:42.0088 1732 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:32:42.0105 1732 BTHMODEM - ok
19:32:42.0109 1732 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:32:42.0124 1732 BthPan - ok
19:32:42.0136 1732 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:32:42.0145 1732 BTHPORT - ok
19:32:42.0152 1732 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:32:42.0170 1732 bthserv - ok
19:32:42.0184 1732 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:32:42.0190 1732 BTHUSB - ok
19:32:42.0201 1732 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:32:42.0219 1732 cdfs - ok
19:32:42.0233 1732 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:32:42.0240 1732 cdrom - ok
19:32:42.0256 1732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:32:42.0273 1732 CertPropSvc - ok
19:32:42.0289 1732 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:32:42.0296 1732 circlass - ok
19:32:42.0315 1732 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:32:42.0323 1732 CLFS - ok
19:32:42.0357 1732 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:32:42.0362 1732 clr_optimization_v2.0.50727_32 - ok
19:32:42.0397 1732 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:32:42.0408 1732 clr_optimization_v2.0.50727_64 - ok
19:32:42.0479 1732 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:32:42.0489 1732 clr_optimization_v4.0.30319_32 - ok
19:32:42.0513 1732 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:32:42.0521 1732 clr_optimization_v4.0.30319_64 - ok
19:32:42.0524 1732 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:32:42.0534 1732 CmBatt - ok
19:32:42.0548 1732 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:32:42.0553 1732 cmdide - ok
19:32:42.0582 1732 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:32:42.0593 1732 CNG - ok
19:32:42.0601 1732 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:32:42.0606 1732 Compbatt - ok
19:32:42.0627 1732 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:32:42.0634 1732 CompositeBus - ok
19:32:42.0636 1732 COMSysApp - ok
19:32:42.0649 1732 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:32:42.0654 1732 crcdisk - ok
19:32:42.0681 1732 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:32:42.0688 1732 CryptSvc - ok
19:32:42.0706 1732 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:32:42.0715 1732 CSC - ok
19:32:42.0737 1732 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:32:42.0747 1732 CscService - ok
19:32:42.0767 1732 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
19:32:42.0772 1732 CVirtA - ok
19:32:42.0828 1732 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
19:32:42.0853 1732 CVPND - ok
19:32:42.0864 1732 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
19:32:42.0871 1732 CVPNDRVA - ok
19:32:42.0894 1732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:32:42.0914 1732 DcomLaunch - ok
19:32:42.0937 1732 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:32:42.0956 1732 defragsvc - ok
19:32:42.0967 1732 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:32:42.0985 1732 DfsC - ok
19:32:43.0005 1732 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:32:43.0013 1732 Dhcp - ok
19:32:43.0020 1732 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:32:43.0038 1732 discache - ok
19:32:43.0062 1732 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:32:43.0069 1732 Disk - ok
19:32:43.0079 1732 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:32:43.0086 1732 dmvsc - ok
19:32:43.0118 1732 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
19:32:43.0130 1732 DNE - ok
19:32:43.0140 1732 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:32:43.0149 1732 Dnscache - ok
19:32:43.0164 1732 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:32:43.0187 1732 dot3svc - ok
19:32:43.0198 1732 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:32:43.0217 1732 DPS - ok
19:32:43.0229 1732 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:32:43.0236 1732 drmkaud - ok
19:32:43.0253 1732 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:32:43.0260 1732 dtsoftbus01 - ok
19:32:43.0277 1732 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:32:43.0289 1732 DXGKrnl - ok
19:32:43.0311 1732 [ E53D32044F4A03D64D6C91CF0A22A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
19:32:43.0319 1732 e1cexpress - ok
19:32:43.0334 1732 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:32:43.0353 1732 EapHost - ok
19:32:43.0409 1732 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:32:43.0437 1732 ebdrv - ok
19:32:43.0461 1732 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:32:43.0468 1732 EFS - ok
19:32:43.0517 1732 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:32:43.0539 1732 ehRecvr - ok
19:32:43.0550 1732 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:32:43.0564 1732 ehSched - ok
19:32:43.0587 1732 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:32:43.0598 1732 elxstor - ok
19:32:43.0607 1732 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:32:43.0614 1732 ErrDev - ok
19:32:43.0629 1732 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:32:43.0655 1732 EventSystem - ok
19:32:43.0657 1732 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:32:43.0676 1732 exfat - ok
19:32:43.0679 1732 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:32:43.0698 1732 fastfat - ok
19:32:43.0716 1732 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:32:43.0725 1732 Fax - ok
19:32:43.0736 1732 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:32:43.0742 1732 fdc - ok
19:32:43.0759 1732 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:32:43.0777 1732 fdPHost - ok
19:32:43.0786 1732 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:32:43.0804 1732 FDResPub - ok
19:32:43.0813 1732 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:32:43.0819 1732 FileInfo - ok
19:32:43.0826 1732 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:32:43.0844 1732 Filetrace - ok
19:32:43.0850 1732 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:32:43.0856 1732 flpydisk - ok
19:32:43.0870 1732 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:32:43.0877 1732 FltMgr - ok
19:32:43.0907 1732 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:32:43.0920 1732 FontCache - ok
19:32:43.0955 1732 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:32:43.0965 1732 FontCache3.0.0.0 - ok
19:32:43.0973 1732 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:32:43.0984 1732 FsDepends - ok
19:32:43.0994 1732 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:32:43.0999 1732 Fs_Rec - ok
19:32:44.0018 1732 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:32:44.0026 1732 fvevol - ok
19:32:44.0033 1732 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:32:44.0039 1732 gagp30kx - ok
19:32:44.0071 1732 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:32:44.0079 1732 GEARAspiWDM - ok
19:32:44.0110 1732 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:32:44.0154 1732 gpsvc - ok
19:32:44.0192 1732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:32:44.0202 1732 gupdate - ok
19:32:44.0212 1732 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:32:44.0222 1732 gupdatem - ok
19:32:44.0234 1732 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:32:44.0241 1732 hcw85cir - ok
19:32:44.0267 1732 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:32:44.0278 1732 HdAudAddService - ok
19:32:44.0292 1732 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:32:44.0302 1732 HDAudBus - ok
19:32:44.0304 1732 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:32:44.0311 1732 HidBatt - ok
19:32:44.0335 1732 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:32:44.0346 1732 HidBth - ok
19:32:44.0355 1732 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:32:44.0370 1732 HidIr - ok
19:32:44.0382 1732 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:32:44.0405 1732 hidserv - ok
19:32:44.0425 1732 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:32:44.0432 1732 HidUsb - ok
19:32:44.0442 1732 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:32:44.0472 1732 hkmsvc - ok
19:32:44.0487 1732 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:32:44.0495 1732 HomeGroupListener - ok
19:32:44.0512 1732 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:32:44.0520 1732 HomeGroupProvider - ok
19:32:44.0528 1732 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:32:44.0534 1732 HpSAMD - ok
19:32:44.0564 1732 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:32:44.0587 1732 HTTP - ok
19:32:44.0600 1732 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:32:44.0605 1732 hwpolicy - ok
19:32:44.0623 1732 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:32:44.0630 1732 i8042prt - ok
19:32:44.0647 1732 [ 87A72502C8AC5E89B5A46FF6E874F5C5 ] IAMTVE C:\Windows\system32\drivers\IAMTVE.sys
19:32:44.0658 1732 IAMTVE - ok
19:32:44.0662 1732 [ 5516F8E518A2F6A8755498F3E73957CF ] IAMTXPE C:\Windows\system32\drivers\IAMTXPE.sys
19:32:44.0672 1732 IAMTXPE - ok
19:32:44.0689 1732 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:32:44.0697 1732 iaStor - ok
19:32:44.0708 1732 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:32:44.0716 1732 iaStorV - ok
19:32:44.0748 1732 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:32:44.0759 1732 idsvc - ok
19:32:44.0818 1732 [ 8A74BC4483C3CC5CCA02A2FBC280A564 ] IFXSpMgtSrv C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe
19:32:44.0845 1732 IFXSpMgtSrv - ok
19:32:44.0864 1732 [ BBE0BDB5ACB449F7DCDAF050AB33745E ] IFXTCS C:\Program Files (x86)\Infineon\Security Platform Software\ifxtcs.exe
19:32:44.0877 1732 IFXTCS - ok
19:32:45.0076 1732 [ 983D0CA946ACA5240F2FBBAF44802912 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:32:45.0169 1732 igfx ( UnsignedFile.Multi.Generic ) - warning
19:32:45.0169 1732 igfx - detected UnsignedFile.Multi.Generic (1)
19:32:45.0180 1732 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:32:45.0185 1732 iirsp - ok
19:32:45.0222 1732 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:32:45.0255 1732 IKEEXT - ok
19:32:45.0273 1732 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:32:45.0277 1732 IntcDAud ( UnsignedFile.Multi.Generic ) - warning
19:32:45.0277 1732 IntcDAud - detected UnsignedFile.Multi.Generic (1)
19:32:45.0307 1732 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:32:45.0327 1732 Intel(R) Capability Licensing Service Interface - ok
19:32:45.0335 1732 [ FE098EF3DB8E8064CF6BE4CA6DD1FDF0 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
19:32:45.0342 1732 Intel(R) PROSet Monitoring Service - ok
19:32:45.0352 1732 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:32:45.0357 1732 intelide - ok
19:32:45.0366 1732 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
19:32:45.0373 1732 intelppm - ok
19:32:45.0386 1732 [ E45575812630B049CE0F679D87561A4D ] ioatdma1 C:\Windows\System32\Drivers\qd162x64.sys
19:32:45.0391 1732 ioatdma1 - ok
19:32:45.0407 1732 [ 2C23820DD9E81199E60F553EB50BC449 ] ioatdma2 C:\Windows\System32\Drivers\qd262x64.sys
19:32:45.0411 1732 ioatdma2 - ok
19:32:45.0434 1732 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:32:45.0464 1732 IPBusEnum - ok
19:32:45.0474 1732 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:32:45.0492 1732 IpFilterDriver - ok
19:32:45.0515 1732 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:32:45.0524 1732 iphlpsvc - ok
19:32:45.0527 1732 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:32:45.0533 1732 IPMIDRV - ok
19:32:45.0541 1732 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:32:45.0559 1732 IPNAT - ok
19:32:45.0580 1732 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:32:45.0589 1732 iPod Service - ok
19:32:45.0595 1732 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:32:45.0604 1732 IRENUM - ok
19:32:45.0613 1732 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:32:45.0618 1732 isapnp - ok
19:32:45.0630 1732 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:32:45.0637 1732 iScsiPrt - ok
19:32:45.0651 1732 [ D596D915CF091DA1F8CE4BD38BB5D509 ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys
19:32:45.0656 1732 iusb3hcs - ok
19:32:45.0670 1732 [ 023896E23B61543A15A230EED996D911 ] iusb3hub C:\Windows\system32\drivers\iusb3hub.sys
19:32:45.0678 1732 iusb3hub - ok
19:32:45.0685 1732 [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E ] iusb3xhc C:\Windows\system32\drivers\iusb3xhc.sys
19:32:45.0696 1732 iusb3xhc - ok
19:32:45.0759 1732 [ 16FB3C63287DC1E0061101012844F26F ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:32:45.0771 1732 jhi_service - ok
19:32:45.0781 1732 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:32:45.0791 1732 kbdclass - ok
19:32:45.0802 1732 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:32:45.0812 1732 kbdhid - ok
19:32:45.0817 1732 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:32:45.0824 1732 KeyIso - ok
19:32:45.0840 1732 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:32:45.0847 1732 KSecDD - ok
19:32:45.0863 1732 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:32:45.0870 1732 KSecPkg - ok
19:32:45.0878 1732 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:32:45.0898 1732 ksthunk - ok
19:32:45.0928 1732 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:32:45.0964 1732 KtmRm - ok
19:32:45.0994 1732 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:32:46.0029 1732 LanmanServer - ok
19:32:46.0056 1732 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:32:46.0089 1732 LanmanWorkstation - ok
19:32:46.0112 1732 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:32:46.0130 1732 lltdio - ok
19:32:46.0151 1732 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:32:46.0171 1732 lltdsvc - ok
19:32:46.0186 1732 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:32:46.0204 1732 lmhosts - ok
19:32:46.0282 1732 [ 8D7E37CDE7393D59C46A3A61D30C6228 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:32:46.0296 1732 LMS - ok
19:32:46.0317 1732 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:32:46.0330 1732 LSI_FC - ok
19:32:46.0344 1732 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:32:46.0355 1732 LSI_SAS - ok
19:32:46.0370 1732 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:32:46.0378 1732 LSI_SAS2 - ok
19:32:46.0389 1732 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:32:46.0398 1732 LSI_SCSI - ok
19:32:46.0416 1732 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:32:46.0443 1732 luafv - ok
19:32:46.0459 1732 magicpvt - ok
19:32:46.0495 1732 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:32:46.0506 1732 MBAMProtector - ok
19:32:46.0529 1732 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:32:46.0540 1732 MBAMScheduler - ok
19:32:46.0575 1732 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:32:46.0590 1732 MBAMService - ok
19:32:46.0603 1732 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:32:46.0614 1732 Mcx2Svc - ok
19:32:46.0619 1732 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:32:46.0627 1732 megasas - ok
19:32:46.0652 1732 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:32:46.0663 1732 MegaSR - ok
19:32:46.0683 1732 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:32:46.0690 1732 MEIx64 - ok
19:32:46.0711 1732 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:32:46.0739 1732 MMCSS - ok
19:32:46.0749 1732 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:32:46.0768 1732 Modem - ok
19:32:46.0780 1732 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:32:46.0788 1732 monitor - ok
19:32:46.0810 1732 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:32:46.0816 1732 mouclass - ok
19:32:46.0827 1732 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:32:46.0834 1732 mouhid - ok
19:32:46.0842 1732 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:32:46.0848 1732 mountmgr - ok
19:32:46.0891 1732 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:32:46.0901 1732 MozillaMaintenance - ok
19:32:46.0916 1732 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:32:46.0930 1732 mpio - ok
19:32:46.0944 1732 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:32:46.0984 1732 mpsdrv - ok
19:32:47.0001 1732 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:32:47.0023 1732 MpsSvc - ok
19:32:47.0026 1732 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:32:47.0036 1732 MRxDAV - ok
19:32:47.0053 1732 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:32:47.0059 1732 mrxsmb - ok
19:32:47.0071 1732 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:32:47.0079 1732 mrxsmb10 - ok
19:32:47.0089 1732 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:32:47.0096 1732 mrxsmb20 - ok
19:32:47.0107 1732 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:32:47.0113 1732 msahci - ok
19:32:47.0126 1732 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:32:47.0132 1732 msdsm - ok
19:32:47.0144 1732 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:32:47.0152 1732 MSDTC - ok
19:32:47.0162 1732 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:32:47.0180 1732 Msfs - ok
19:32:47.0190 1732 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:32:47.0208 1732 mshidkmdf - ok
19:32:47.0218 1732 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:32:47.0223 1732 msisadrv - ok
19:32:47.0248 1732 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:32:47.0283 1732 MSiSCSI - ok
19:32:47.0285 1732 msiserver - ok
19:32:47.0303 1732 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:32:47.0321 1732 MSKSSRV - ok
19:32:47.0333 1732 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:32:47.0351 1732 MSPCLOCK - ok
19:32:47.0352 1732 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:32:47.0370 1732 MSPQM - ok
19:32:47.0374 1732 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:32:47.0382 1732 MsRPC - ok
19:32:47.0404 1732 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:32:47.0410 1732 mssmbios - ok
19:32:47.0411 1732 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:32:47.0429 1732 MSTEE - ok
19:32:47.0431 1732 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:32:47.0437 1732 MTConfig - ok
19:32:47.0441 1732 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:32:47.0447 1732 Mup - ok
19:32:47.0464 1732 [ C752AB67A50F921622FE65725D1F6856 ] mv91xx C:\Windows\system32\drivers\mv91xx.sys
19:32:47.0470 1732 mv91xx - ok
19:32:47.0497 1732 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:32:47.0517 1732 napagent - ok
19:32:47.0540 1732 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:32:47.0550 1732 NativeWifiP - ok
19:32:47.0577 1732 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:32:47.0589 1732 NDIS - ok
19:32:47.0596 1732 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:32:47.0614 1732 NdisCap - ok
19:32:47.0623 1732 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:32:47.0641 1732 NdisTapi - ok
19:32:47.0649 1732 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:32:47.0666 1732 Ndisuio - ok
19:32:47.0678 1732 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:32:47.0697 1732 NdisWan - ok
19:32:47.0703 1732 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:32:47.0720 1732 NDProxy - ok
19:32:47.0738 1732 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:32:47.0741 1732 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:32:47.0741 1732 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:32:47.0752 1732 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:32:47.0770 1732 NetBIOS - ok
19:32:47.0784 1732 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:32:47.0803 1732 NetBT - ok
19:32:47.0805 1732 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:32:47.0811 1732 Netlogon - ok
19:32:47.0841 1732 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:32:47.0862 1732 Netman - ok
19:32:47.0872 1732 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:32:47.0892 1732 netprofm - ok
19:32:47.0914 1732 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:32:47.0919 1732 NetTcpPortSharing - ok
19:32:47.0940 1732 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:32:47.0946 1732 nfrd960 - ok
19:32:47.0963 1732 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:32:47.0971 1732 NlaSvc - ok
19:32:47.0984 1732 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:32:48.0002 1732 Npfs - ok
19:32:48.0015 1732 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:32:48.0033 1732 nsi - ok
19:32:48.0045 1732 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:32:48.0063 1732 nsiproxy - ok
19:32:48.0099 1732 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:32:48.0130 1732 Ntfs - ok
19:32:48.0135 1732 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:32:48.0153 1732 Null - ok
19:32:48.0167 1732 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:32:48.0173 1732 nvraid - ok
19:32:48.0185 1732 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:32:48.0191 1732 nvstor - ok
19:32:48.0204 1732 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:32:48.0212 1732 nv_agp - ok
19:32:48.0219 1732 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:32:48.0225 1732 ohci1394 - ok
19:32:48.0244 1732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:32:48.0252 1732 p2pimsvc - ok
19:32:48.0264 1732 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:32:48.0272 1732 p2psvc - ok
19:32:48.0287 1732 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:32:48.0293 1732 Parport - ok
19:32:48.0298 1732 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:32:48.0304 1732 partmgr - ok
19:32:48.0307 1732 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:32:48.0317 1732 PcaSvc - ok
19:32:48.0334 1732 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:32:48.0341 1732 pci - ok
19:32:48.0348 1732 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:32:48.0353 1732 pciide - ok
19:32:48.0367 1732 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:32:48.0374 1732 pcmcia - ok
19:32:48.0383 1732 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:32:48.0388 1732 pcw - ok
19:32:48.0394 1732 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:32:48.0416 1732 PEAUTH - ok
19:32:48.0439 1732 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:32:48.0452 1732 PeerDistSvc - ok
19:32:48.0509 1732 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:32:48.0519 1732 PerfHost - ok
19:32:48.0533 1732 [ F20612DF7E12DE3A087D0F44CC545FB1 ] PersonalSecureDrive C:\Windows\System32\drivers\psd.sys
19:32:48.0538 1732 PersonalSecureDrive - ok
19:32:48.0551 1732 [ 6C23F664642D454677223926D8C2A5BA ] PersonalSecureDriveService C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe
19:32:48.0558 1732 PersonalSecureDriveService - ok
19:32:48.0583 1732 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:32:48.0613 1732 pla - ok
19:32:48.0646 1732 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:32:48.0655 1732 PlugPlay - ok
19:32:48.0671 1732 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:32:48.0674 1732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:32:48.0674 1732 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:32:48.0684 1732 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:32:48.0690 1732 PNRPAutoReg - ok
19:32:48.0701 1732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:32:48.0709 1732 PNRPsvc - ok
19:32:48.0729 1732 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:32:48.0749 1732 PolicyAgent - ok
19:32:48.0753 1732 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:32:48.0773 1732 Power - ok
19:32:48.0795 1732 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:32:48.0812 1732 PptpMiniport - ok
19:32:48.0824 1732 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:32:48.0830 1732 Processor - ok
19:32:48.0850 1732 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:32:48.0858 1732 ProfSvc - ok
19:32:48.0864 1732 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:32:48.0870 1732 ProtectedStorage - ok
19:32:48.0888 1732 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:32:48.0906 1732 Psched - ok
19:32:48.0953 1732 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:32:48.0979 1732 ql2300 - ok
19:32:48.0996 1732 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:32:49.0004 1732 ql40xx - ok
19:32:49.0018 1732 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:32:49.0032 1732 QWAVE - ok
19:32:49.0040 1732 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:32:49.0051 1732 QWAVEdrv - ok
19:32:49.0063 1732 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:32:49.0081 1732 RasAcd - ok
19:32:49.0099 1732 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:32:49.0118 1732 RasAgileVpn - ok
19:32:49.0139 1732 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:32:49.0158 1732 RasAuto - ok
19:32:49.0173 1732 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:49.0191 1732 Rasl2tp - ok
19:32:49.0211 1732 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:32:49.0230 1732 RasMan - ok
19:32:49.0240 1732 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:49.0258 1732 RasPppoe - ok
19:32:49.0279 1732 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:32:49.0298 1732 RasSstp - ok
19:32:49.0305 1732 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:32:49.0323 1732 rdbss - ok
19:32:49.0330 1732 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:32:49.0338 1732 rdpbus - ok
19:32:49.0350 1732 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:49.0368 1732 RDPCDD - ok
19:32:49.0377 1732 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:32:49.0383 1732 RDPDR - ok
19:32:49.0392 1732 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:32:49.0409 1732 RDPENCDD - ok
19:32:49.0416 1732 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:32:49.0434 1732 RDPREFMP - ok
19:32:49.0460 1732 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:32:49.0466 1732 RdpVideoMiniport - ok
19:32:49.0484 1732 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:32:49.0499 1732 RDPWD - ok
19:32:49.0504 1732 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:32:49.0519 1732 rdyboost - ok
19:32:49.0539 1732 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:32:49.0572 1732 RemoteAccess - ok
19:32:49.0585 1732 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:32:49.0607 1732 RemoteRegistry - ok
19:32:49.0617 1732 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:32:49.0626 1732 RFCOMM - ok
19:32:49.0641 1732 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:32:49.0662 1732 RpcEptMapper - ok
19:32:49.0677 1732 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:32:49.0685 1732 RpcLocator - ok
19:32:49.0697 1732 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:32:49.0720 1732 RpcSs - ok
19:32:49.0728 1732 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:32:49.0748 1732 rspndr - ok
19:32:49.0783 1732 [ 4D865E1343AA96641D3F90609D794918 ] RSUSBCCID C:\Windows\system32\DRIVERS\RtsUCcid.sys
19:32:49.0794 1732 RSUSBCCID - ok
19:32:49.0814 1732 [ A48F861547FDD1D68201C9216ACFE6DC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:32:49.0828 1732 RSUSBSTOR - ok
19:32:49.0843 1732 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:32:49.0855 1732 s3cap - ok
19:32:49.0864 1732 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:32:49.0877 1732 SamSs - ok
19:32:49.0891 1732 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:32:49.0901 1732 sbp2port - ok
19:32:49.0918 1732 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:32:49.0951 1732 SCardSvr - ok
19:32:49.0957 1732 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:32:49.0975 1732 scfilter - ok
19:32:49.0994 1732 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:32:50.0018 1732 Schedule - ok
19:32:50.0033 1732 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:32:50.0050 1732 SCPolicySvc - ok
19:32:50.0060 1732 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:32:50.0067 1732 SDRSVC - ok
19:32:50.0086 1732 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:32:50.0104 1732 secdrv - ok
19:32:50.0112 1732 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:32:50.0130 1732 seclogon - ok
19:32:50.0145 1732 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:32:50.0163 1732 SENS - ok
19:32:50.0176 1732 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:32:50.0183 1732 SensrSvc - ok
19:32:50.0209 1732 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:32:50.0215 1732 Serenum - ok
19:32:50.0237 1732 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:32:50.0244 1732 Serial - ok
19:32:50.0258 1732 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:32:50.0265 1732 sermouse - ok
19:32:50.0279 1732 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:32:50.0297 1732 SessionEnv - ok
19:32:50.0299 1732 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:32:50.0306 1732 sffdisk - ok
19:32:50.0308 1732 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:32:50.0316 1732 sffp_mmc - ok
19:32:50.0317 1732 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:32:50.0325 1732 sffp_sd - ok
19:32:50.0326 1732 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:32:50.0333 1732 sfloppy - ok
19:32:50.0354 1732 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:32:50.0374 1732 SharedAccess - ok
19:32:50.0394 1732 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:32:50.0413 1732 ShellHWDetection - ok
19:32:50.0423 1732 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:32:50.0429 1732 SiSRaid2 - ok
19:32:50.0437 1732 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:32:50.0443 1732 SiSRaid4 - ok
19:32:50.0464 1732 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:32:50.0482 1732 Smb - ok
19:32:50.0497 1732 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:32:50.0504 1732 SNMPTRAP - ok
19:32:50.0523 1732 [ 3E7DAC77950F559872DE78B080E8F119 ] SNXPPAMD C:\Windows\system32\drivers\snxppamd.sys
19:32:50.0528 1732 SNXPPAMD - ok
19:32:50.0566 1732 [ 84330C000E122356EBB5BF08D904FE03 ] SNXPSAMD C:\Windows\system32\drivers\snxpsamd.sys
19:32:50.0571 1732 SNXPSAMD - ok
19:32:50.0580 1732 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:32:50.0585 1732 spldr - ok
19:32:50.0610 1732 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:32:50.0620 1732 Spooler - ok
19:32:50.0672 1732 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:32:50.0709 1732 sppsvc - ok
19:32:50.0719 1732 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:32:50.0738 1732 sppuinotify - ok
19:32:50.0789 1732 [ 4C33F139236FD9BD14A920F60C1CB072 ] sptd C:\Windows\System32\Drivers\sptd.sys
19:32:50.0808 1732 sptd - ok
19:32:50.0834 1732 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:32:50.0848 1732 srv - ok
19:32:50.0854 1732 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:32:50.0865 1732 srv2 - ok
19:32:50.0890 1732 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:32:50.0899 1732 srvnet - ok
19:32:50.0925 1732 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:32:50.0950 1732 SSDPSRV - ok
19:32:50.0953 1732 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:32:50.0972 1732 SstpSvc - ok
19:32:51.0027 1732 [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
19:32:51.0047 1732 StarMoney 8.0 OnlineUpdate - ok
19:32:51.0088 1732 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
19:32:51.0096 1732 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
19:32:51.0096 1732 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
19:32:51.0105 1732 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:32:51.0116 1732 stexstor - ok
19:32:51.0145 1732 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:32:51.0171 1732 stisvc - ok
19:32:51.0183 1732 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:32:51.0191 1732 storflt - ok
19:32:51.0220 1732 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
19:32:51.0228 1732 StorSvc - ok
19:32:51.0243 1732 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:32:51.0250 1732 storvsc - ok
19:32:51.0259 1732 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:32:51.0266 1732 swenum - ok
19:32:51.0281 1732 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:32:51.0308 1732 swprv - ok
19:32:51.0330 1732 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:32:51.0348 1732 SysMain - ok
19:32:51.0356 1732 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:32:51.0365 1732 TabletInputService - ok
19:32:51.0392 1732 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:32:51.0428 1732 TapiSrv - ok
19:32:51.0444 1732 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:32:51.0463 1732 TBS - ok
19:32:51.0504 1732 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:32:51.0523 1732 Tcpip - ok
19:32:51.0554 1732 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:32:51.0573 1732 TCPIP6 - ok
19:32:51.0592 1732 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:32:51.0599 1732 tcpipreg - ok
19:32:51.0609 1732 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:32:51.0615 1732 TDPIPE - ok
19:32:51.0618 1732 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:32:51.0623 1732 TDTCP - ok
19:32:51.0637 1732 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:32:51.0655 1732 tdx - ok
19:32:51.0675 1732 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:32:51.0681 1732 TermDD - ok
19:32:51.0696 1732 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:32:51.0717 1732 TermService - ok
19:32:51.0727 1732 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:32:51.0736 1732 Themes - ok
19:32:51.0740 1732 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:32:51.0759 1732 THREADORDER - ok
19:32:51.0766 1732 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
19:32:51.0772 1732 TPM - ok
19:32:51.0781 1732 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:32:51.0800 1732 TrkWks - ok
19:32:51.0835 1732 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:32:51.0853 1732 TrustedInstaller - ok
19:32:51.0863 1732 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:32:51.0880 1732 tssecsrv - ok
19:32:51.0898 1732 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:32:51.0904 1732 TsUsbFlt - ok
19:32:51.0924 1732 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:32:51.0930 1732 TsUsbGD - ok
19:32:51.0949 1732 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:32:51.0978 1732 tunnel - ok
19:32:51.0992 1732 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:32:51.0999 1732 uagp35 - ok
19:32:52.0013 1732 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:32:52.0038 1732 udfs - ok
19:32:52.0061 1732 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:32:52.0071 1732 UI0Detect - ok
19:32:52.0082 1732 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:32:52.0090 1732 uliagpkx - ok
19:32:52.0100 1732 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:32:52.0109 1732 umbus - ok
19:32:52.0120 1732 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:32:52.0128 1732 UmPass - ok
19:32:52.0145 1732 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:32:52.0154 1732 UmRdpService - ok
19:32:52.0195 1732 [ F8626F1D56FA417C3B4AB6114D8471D5 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:32:52.0204 1732 UNS - ok
19:32:52.0214 1732 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:32:52.0239 1732 upnphost - ok
19:32:52.0267 1732 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:32:52.0273 1732 USBAAPL64 - ok
19:32:52.0282 1732 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:32:52.0288 1732 usbccgp - ok
19:32:52.0304 1732 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:32:52.0312 1732 usbcir - ok
19:32:52.0326 1732 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:32:52.0332 1732 usbehci - ok
19:32:52.0344 1732 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
19:32:52.0351 1732 usbhub - ok
19:32:52.0361 1732 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:32:52.0367 1732 usbohci - ok
19:32:52.0386 1732 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:32:52.0394 1732 usbprint - ok
19:32:52.0418 1732 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:32:52.0426 1732 usbscan - ok
19:32:52.0436 1732 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:32:52.0443 1732 USBSTOR - ok
19:32:52.0445 1732 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:32:52.0451 1732 usbuhci - ok
19:32:52.0464 1732 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:32:52.0472 1732 usbvideo - ok
19:32:52.0481 1732 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:32:52.0499 1732 UxSms - ok
19:32:52.0503 1732 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:32:52.0510 1732 VaultSvc - ok
19:32:52.0523 1732 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:32:52.0528 1732 vdrvroot - ok
19:32:52.0549 1732 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:32:52.0570 1732 vds - ok
19:32:52.0586 1732 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:32:52.0594 1732 vga - ok
19:32:52.0601 1732 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:32:52.0619 1732 VgaSave - ok
19:32:52.0622 1732 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:32:52.0628 1732 vhdmp - ok
19:32:52.0668 1732 [ E066AA9C9866C2001372486A6841108C ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:32:52.0689 1732 VIAHdAudAddService - ok
19:32:52.0701 1732 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:32:52.0706 1732 viaide - ok
19:32:52.0716 1732 [ 1236737C7993FB462610E1A0AA92C40B ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
19:32:52.0721 1732 VIAKaraokeService - ok
19:32:52.0750 1732 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:32:52.0756 1732 vmbus - ok
19:32:52.0765 1732 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:32:52.0771 1732 VMBusHID - ok
19:32:52.0797 1732 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:32:52.0802 1732 volmgr - ok
19:32:52.0807 1732 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:32:52.0814 1732 volmgrx - ok
19:32:52.0832 1732 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:32:52.0839 1732 volsnap - ok
19:32:52.0863 1732 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:32:52.0869 1732 vsmraid - ok
19:32:52.0901 1732 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:32:52.0927 1732 VSS - ok
19:32:52.0941 1732 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:32:52.0949 1732 vwifibus - ok
19:32:52.0959 1732 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:32:52.0979 1732 W32Time - ok
19:32:52.0990 1732 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:32:52.0996 1732 WacomPen - ok
19:32:53.0011 1732 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:32:53.0028 1732 WANARP - ok
19:32:53.0030 1732 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:32:53.0048 1732 Wanarpv6 - ok
19:32:53.0077 1732 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:32:53.0092 1732 wbengine - ok
19:32:53.0108 1732 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:32:53.0118 1732 WbioSrvc - ok
19:32:53.0130 1732 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:32:53.0141 1732 wcncsvc - ok
19:32:53.0148 1732 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:32:53.0155 1732 WcsPlugInService - ok
19:32:53.0163 1732 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:32:53.0168 1732 Wd - ok
19:32:53.0191 1732 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:32:53.0203 1732 Wdf01000 - ok
19:32:53.0209 1732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:32:53.0218 1732 WdiServiceHost - ok
19:32:53.0220 1732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:32:53.0230 1732 WdiSystemHost - ok
19:32:53.0238 1732 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:32:53.0248 1732 WebClient - ok
19:32:53.0258 1732 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:32:53.0278 1732 Wecsvc - ok
19:32:53.0286 1732 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:32:53.0304 1732 wercplsupport - ok
19:32:53.0312 1732 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:32:53.0330 1732 WerSvc - ok
19:32:53.0341 1732 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:32:53.0359 1732 WfpLwf - ok
19:32:53.0372 1732 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:32:53.0377 1732 WIMMount - ok
19:32:53.0393 1732 WinDefend - ok
19:32:53.0404 1732 WinHttpAutoProxySvc - ok
19:32:53.0427 1732 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:32:53.0446 1732 Winmgmt - ok
19:32:53.0482 1732 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:32:53.0510 1732 WinRM - ok
19:32:53.0529 1732 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
19:32:53.0536 1732 WinUsb - ok
19:32:53.0553 1732 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:32:53.0567 1732 Wlansvc - ok
19:32:53.0582 1732 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:32:53.0588 1732 WmiAcpi - ok
19:32:53.0620 1732 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:32:53.0636 1732 wmiApSrv - ok
19:32:53.0669 1732 WMPNetworkSvc - ok
19:32:53.0688 1732 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:32:53.0701 1732 WPCSvc - ok
19:32:53.0711 1732 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:32:53.0728 1732 WPDBusEnum - ok
19:32:53.0742 1732 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:32:53.0766 1732 ws2ifsl - ok
19:32:53.0776 1732 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:32:53.0786 1732 wscsvc - ok
19:32:53.0787 1732 WSearch - ok
19:32:53.0843 1732 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:32:53.0872 1732 wuauserv - ok
19:32:53.0885 1732 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:32:53.0892 1732 WudfPf - ok
19:32:53.0910 1732 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:32:53.0917 1732 WUDFRd - ok
19:32:53.0939 1732 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:32:53.0947 1732 wudfsvc - ok
19:32:53.0963 1732 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:32:53.0975 1732 WwanSvc - ok
19:32:53.0978 1732 ================ Scan global ===============================
19:32:53.0987 1732 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:32:54.0002 1732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:32:54.0006 1732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:32:54.0019 1732 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:32:54.0033 1732 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:32:54.0035 1732 [Global] - ok
19:32:54.0035 1732 ================ Scan MBR ==================================
19:32:54.0044 1732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:32:54.0245 1732 \Device\Harddisk0\DR0 - ok
19:32:54.0263 1732 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
19:32:54.0467 1732 \Device\Harddisk1\DR1 - ok
19:32:54.0468 1732 ================ Scan VBR ==================================
19:32:54.0477 1732 [ 328B605CAB7ABCBCD8C38186A9F9AB4C ] \Device\Harddisk0\DR0\Partition1
19:32:54.0479 1732 \Device\Harddisk0\DR0\Partition1 - ok
19:32:54.0494 1732 [ 82327CCE74D72463C73E760473A17A44 ] \Device\Harddisk0\DR0\Partition2
19:32:54.0496 1732 \Device\Harddisk0\DR0\Partition2 - ok
19:32:54.0516 1732 [ C952E05E541F3BF7EBD70C35A3B90904 ] \Device\Harddisk0\DR0\Partition3
19:32:54.0519 1732 \Device\Harddisk0\DR0\Partition3 - ok
19:32:54.0521 1732 [ BEDE4E960F1C1DBE2377DD6727208A1F ] \Device\Harddisk1\DR1\Partition1
19:32:54.0523 1732 \Device\Harddisk1\DR1\Partition1 - ok
19:32:54.0525 1732 [ FC541B4AD42B470D0095563830438383 ] \Device\Harddisk1\DR1\Partition2
19:32:54.0527 1732 \Device\Harddisk1\DR1\Partition2 - ok
19:32:54.0542 1732 [ C0B08E51A1D964EAE271CB4212F24E2B ] \Device\Harddisk1\DR1\Partition3
19:32:54.0543 1732 \Device\Harddisk1\DR1\Partition3 - ok
19:32:54.0543 1732 ============================================================
19:32:54.0543 1732 Scan finished
19:32:54.0543 1732 ============================================================
19:32:54.0552 1512 Detected object count: 6
19:32:54.0552 1512 Actual detected object count: 6
19:33:05.0802 1512 assd ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:05.0802 1512 assd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:05.0802 1512 igfx ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:05.0803 1512 igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:05.0804 1512 IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:05.0804 1512 IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:05.0805 1512 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:05.0805 1512 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:05.0806 1512 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:05.0806 1512 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:05.0807 1512 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:05.0807 1512 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:08.0595 2624 Deinitialize success
Gruß Schöffi |
|
30.04.2013, 22:50
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keine Bilder IE9 wiederholte Vierenmeldungen Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2013, 08:57
| #9 |
| | keine Bilder IE9 wiederholte Vierenmeldungen Guten Morgen Cosinus, hier das log von combofix Code:
ATTFilter ComboFix 13-04-29.01 - Schoeffi1 01.05.2013 9:16.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8131.6233 [GMT 2:00]
ausgeführt von:: c:\users\Schoeffi1\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
D:\install.exe
G:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-01 bis 2013-05-01 ))))))))))))))))))))))))))))))
.
.
2013-05-01 07:19 . 2013-05-01 07:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-24 17:22 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 18:06 . 2013-04-23 18:07 -------- d-----w- c:\users\Schoeffi1\AppData\Local\Google
2013-04-23 18:06 . 2013-04-23 18:07 -------- d-----w- c:\program files (x86)\Google
2013-04-23 18:06 . 2013-04-23 18:06 -------- d-----w- c:\users\Schoeffi1\AppData\Local\Deployment
2013-04-23 18:06 . 2013-04-23 18:06 -------- d-----w- c:\users\Schoeffi1\AppData\Local\Apps
2013-04-21 13:02 . 2012-08-23 15:09 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-04-21 13:01 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-21 13:01 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-21 13:01 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-21 13:01 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-21 13:01 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-21 13:01 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-21 13:01 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-21 13:01 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-21 13:01 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-21 12:55 . 2013-04-21 14:06 -------- d-----w- c:\users\Schoeffi1\AppData\Local\ElevatedDiagnostics
2013-04-10 14:30 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 14:30 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 14:30 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 14:30 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 14:30 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 14:30 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 14:30 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 14:30 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 14:53 . 2012-12-09 15:25 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 12:50 . 2013-02-17 17:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-30 15:37 . 2013-03-30 15:37 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-30 15:37 . 2013-03-30 15:37 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-30 15:37 . 2013-03-30 15:37 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-12 05:45 . 2013-03-13 14:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 14:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 14:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 14:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 14:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 14:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 20:51 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
1999-03-11 17:22 . 1999-03-11 17:22 99840 ----a-w- c:\program files (x86)\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files (x86)\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files (x86)\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files (x86)\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files (x86)\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files (x86)\Common Files\IRASRIAL.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-06-08 5123216]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"MagicRotation"="c:\program files (x86)\MagicRotation\MagicPvt.exe" [2009-09-15 1819648]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-30 345312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Symantec Fax Starter Edition-Anschluss.lnk - c:\program files (x86)\Microsoft Office\Office\1031\OLFSNT40.EXE [1999-3-11 46080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys [2007-04-11 43416]
R3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys [2007-04-11 51096]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [2009-11-16 40144]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [2009-11-16 42192]
R3 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-07-02 293416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SNXPPAMD;SUNIX Parallel Port Driver;c:\windows\system32\drivers\snxppamd.sys [2010-12-03 100728]
R3 SNXPSAMD;SUNIX Serial Port Driver;c:\windows\system32\drivers\snxpsamd.sys [2010-12-03 97144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-12-09 868848]
S0 assd;assd; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-05-20 19264]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-30 28600]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-25 283200]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2012-02-03 44576]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-14 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-30 86752]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-06-01 920736]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-06-01 951936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-02-17 149120]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-03-12 190120]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2012-12-21 699680]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-05-04 27760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-21 115216]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-05-20 357184]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-05-20 789824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\DRIVERS\RtsUCcid.sys [2012-05-02 56936]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-19 222720]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-05-04 2196592]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-23 18:07 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-23 18:06]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-23 18:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-01 09:20:38
ComboFix-quarantined-files.txt 2013-05-01 07:20
.
Vor Suchlauf: 12 Verzeichnis(se), 318.906.642.432 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 320.574.287.872 Bytes frei
.
- - End Of File - - D1523C92EFB52BAE474F8B3A100B68CE
|
|
01.05.2013, 21:19
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keine Bilder IE9 wiederholte Vierenmeldungen JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.05.2013, 11:47
| #11 |
| | keine Bilder IE9 wiederholte Vierenmeldungen Hallo Cosinus, es hat etwas länger gedauert, war leider gesundheitlich verhindert ich hoffe du hilfst mir trotzdem weiterhin. So nun die logs: 1.Junkware Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Schoeffi1 on 09.05.2013 at 10:03:03,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Schoeffi1\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Schoeffi1\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Schoeffi1\appdata\locallow\delta"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2013 at 10:04:49,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2. Log adw: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 09/05/2013 um 12:11:35 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Schoeffi1 - SCHOEFFI1-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schoeffi1\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\e57d78ce038ba17
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\e57d78ce038ba17
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Schoeffi1\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [381 octets] - [09/05/2013 10:06:13]
AdwCleaner[S2].txt - [1191 octets] - [09/05/2013 12:11:35]
########## EOF - C:\AdwCleaner[S2].txt - [1251 octets] ##########
3. OTL.txt: Code:
ATTFilter OTL logfile created on: 09.05.2013 12:25:50 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schoeffi1\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,94 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 79,15% Memory free 15,88 Gb Paging File | 13,99 Gb Available in Paging File | 88,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 372,60 Gb Total Space | 297,79 Gb Free Space | 79,92% Space Free | Partition Type: NTFS Drive D: | 167,68 Gb Total Space | 76,61 Gb Free Space | 45,69% Space Free | Partition Type: NTFS Drive E: | 163,76 Gb Total Space | 98,00 Gb Free Space | 59,84% Space Free | Partition Type: NTFS Drive F: | 3,90 Gb Total Space | 0,83 Gb Free Space | 21,26% Space Free | Partition Type: FAT32 Drive G: | 545,81 Gb Total Space | 545,75 Gb Free Space | 99,99% Space Free | Partition Type: NTFS Computer Name: SCHOEFFI1-PC | User Name: Schoeffi1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Schoeffi1\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe (Infineon Technologies AG) PRC - C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG) PRC - C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe (Infineon Technologies AG) PRC - C:\Program Files (x86)\Infineon\Security Platform Software\SpTna.exe (Infineon Technologies AG) PRC - C:\Program Files (x86)\Infineon\Security Platform Software\ifxtcs.exe (Infineon Technologies AG) PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\MagicRotation\MagicPvt.exe (Samsung Electronics, Inc.) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.) SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe () SRV - (IFXSpMgtSrv) -- C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe (Infineon Technologies AG) SRV - (PersonalSecureDriveService) -- C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe (Infineon Technologies AG) SRV - (IFXTCS) -- C:\Program Files (x86)\Infineon\Security Platform Software\ifxtcs.exe (Infineon Technologies AG) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (RSUSBCCID) -- C:\Windows\SysNative\drivers\RtsUCcid.sys (Realtek Semiconductor Corp.) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (PersonalSecureDrive) -- C:\Windows\SysNative\drivers\psd.sys (Infineon Technologies AG) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (assd) -- C:\Windows\SysNative\drivers\assd.sys (ASUS Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (SNXPSAMD) -- C:\Windows\SysNative\drivers\snxpsamd.sys (SUNIX Co., Ltd.) DRV:64bit: - (SNXPPAMD) -- C:\Windows\SysNative\drivers\snxppamd.sys (SUNIX Co., Ltd.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (ioatdma2) -- C:\Windows\SysNative\drivers\qd262x64.sys (Intel Corporation) DRV:64bit: - (ioatdma1) -- C:\Windows\SysNative\drivers\qd162x64.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (IAMTVE) -- C:\Windows\SysNative\drivers\IAMTVE.sys (Intel Corporation) DRV:64bit: - (IAMTXPE) -- C:\Windows\SysNative\drivers\IAMTXPE.sys (Intel Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (magicpvt) -- C:\Windows\SysWOW64\drivers\magicpvt.sys (Samsung Electronics, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2079945266-1089852156-238628154-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2079945266-1089852156-238628154-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2079945266-1089852156-238628154-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2079945266-1089852156-238628154-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2079945266-1089852156-238628154-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\PROGRAM FILES\VIDEO DOWNLOADER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\Program Files\Video downloader\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.12 18:10:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.11.18 12:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schoeffi1\AppData\Roaming\Mozilla\Extensions [2013.03.26 18:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/webhp?source=search_app CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Google Docs = C:\Users\Schoeffi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Schoeffi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Schoeffi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Schoeffi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Cute Kitten 2 = C:\Users\Schoeffi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knhilgggnegappnkfbeaeeiioopeamlc\1_0\ CHR - Extension: Google Mail = C:\Users\Schoeffi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.05.01 09:19:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2079945266-1089852156-238628154-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [MagicRotation] C:\Program Files (x86)\MagicRotation\MagicPvt.exe (Samsung Electronics, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2079945266-1089852156-238628154-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2079945266-1089852156-238628154-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2079945266-1089852156-238628154-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37668DE0-F0C4-4214-9562-1E7B30E768BA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.02.23 18:54:56 | 000,000,000 | ---D | M] - C:\Autosys -- [ NTFS ] O32 - AutoRun File - [2009.11.29 18:40:49 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.09 10:03:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.09 10:02:52 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.09 10:00:12 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Schoeffi1\Desktop\JRT.exe [2013.05.07 18:02:24 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.01 10:11:52 | 000,000,000 | ---D | C] -- C:\Users\Schoeffi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moorhuhn Kart 2 - XL [2013.05.01 10:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moorhuhn Kart 2 - XL [2013.05.01 09:53:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.01 09:39:40 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.01 09:15:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.01 09:15:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.01 09:15:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.01 09:15:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.01 09:15:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.01 09:12:09 | 005,061,928 | R--- | C] (Swearware) -- C:\Users\Schoeffi1\Desktop\ComboFix.exe [2013.04.30 18:53:52 | 000,000,000 | ---D | C] -- C:\Users\Schoeffi1\Desktop\mbar [2013.04.30 18:45:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schoeffi1\Desktop\tdsskiller.exe [2013.04.30 18:38:27 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Schoeffi1\Desktop\aswMBR.exe [2013.04.24 19:37:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schoeffi1\Desktop\OTL.exe [2013.04.23 20:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.04.23 20:06:46 | 000,000,000 | ---D | C] -- C:\Users\Schoeffi1\AppData\Local\Google [2013.04.23 20:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.04.23 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\Schoeffi1\AppData\Local\Deployment [2013.04.23 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\Schoeffi1\AppData\Local\Apps [2013.04.21 16:08:21 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.04.21 16:08:21 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.04.21 16:08:21 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.04.21 16:08:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.21 16:08:20 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.21 16:08:20 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.21 16:08:20 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.21 16:08:20 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.21 16:08:20 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.21 16:08:20 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.04.21 16:08:20 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.21 16:08:20 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.21 16:08:20 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.04.21 16:08:20 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.21 16:08:20 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.21 16:08:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.21 16:08:20 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.21 16:08:20 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.21 16:08:20 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.21 16:08:20 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.21 16:08:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.21 16:08:20 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.21 16:08:20 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.21 16:08:20 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.21 16:08:20 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.21 16:08:20 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.21 16:08:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.21 16:08:20 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.21 16:08:20 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.21 16:08:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.21 16:08:20 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.21 16:08:20 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.21 16:08:20 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.21 16:08:20 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.21 16:08:20 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.21 16:08:20 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.21 16:08:20 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.21 16:08:20 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.21 16:08:20 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.21 16:08:20 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.21 16:08:20 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.21 16:08:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.21 16:08:20 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.21 16:08:20 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.21 16:08:20 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.21 16:08:20 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.21 16:08:20 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.21 16:08:20 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.21 16:08:20 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.21 16:08:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.21 16:08:20 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.21 16:08:20 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.21 16:08:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.21 16:08:20 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.21 16:08:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.21 16:08:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.21 16:08:20 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.21 16:08:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.21 16:08:20 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.21 16:08:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.21 16:08:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.21 16:08:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.21 16:08:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.21 16:08:20 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.21 16:08:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.21 16:08:20 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.21 16:08:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.04.21 16:08:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.21 15:02:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.04.21 15:02:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.04.21 15:02:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.04.21 15:02:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.04.21 15:02:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.04.21 15:02:34 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.21 15:02:34 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.04.21 15:02:34 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.04.21 15:02:34 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.04.21 15:02:34 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.04.21 15:02:34 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.21 15:02:34 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.21 15:02:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.04.21 15:02:34 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.04.21 15:02:34 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.04.21 15:02:34 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.04.21 15:02:34 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.04.21 15:02:34 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.04.21 15:02:34 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.04.21 15:02:34 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.21 15:02:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.04.21 15:02:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.21 15:02:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.04.21 15:02:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.04.21 15:02:33 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.21 15:01:15 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.04.21 15:01:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.04.21 15:01:13 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.04.21 14:55:35 | 000,000,000 | ---D | C] -- C:\Users\Schoeffi1\AppData\Local\ElevatedDiagnostics [2013.04.21 14:55:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.04.10 16:30:08 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 16:30:07 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 16:30:07 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 16:30:07 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 16:30:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 16:30:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [1999.03.11 19:22:04 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files (x86)\Common Files\IRAABOUT.DLL [1998.12.09 04:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRAREG.DLL [1998.12.09 04:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRAMDMTR.DLL [1998.12.09 04:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRALPTTR.DLL [1998.12.09 04:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRAWEBTR.DLL [1998.12.09 04:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files (x86)\Common Files\IRASRIAL.DLL ========== Files - Modified Within 30 Days ========== [2013.05.09 12:23:26 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.09 12:23:26 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.09 12:16:51 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.09 12:16:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.09 12:16:09 | 2099,646,463 | -HS- | M] () -- C:\hiberfil.sys [2013.05.09 12:11:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.09 10:00:47 | 000,628,743 | ---- | M] () -- C:\Users\Schoeffi1\Desktop\adwcleaner.exe [2013.05.09 10:00:14 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Schoeffi1\Desktop\JRT.exe [2013.05.07 18:02:13 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.04 09:23:45 | 001,529,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.04 09:23:45 | 000,665,340 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.04 09:23:45 | 000,627,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.04 09:23:45 | 000,133,552 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.04 09:23:45 | 000,109,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.01 10:11:52 | 000,001,203 | ---- | M] () -- C:\Users\Schoeffi1\Desktop\Moorhuhn Kart 2 - XL.lnk [2013.05.01 09:19:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.01 09:12:33 | 005,061,928 | R--- | M] (Swearware) -- C:\Users\Schoeffi1\Desktop\ComboFix.exe [2013.04.30 19:26:21 | 000,000,512 | ---- | M] () -- C:\Users\Schoeffi1\Desktop\MBR.dat [2013.04.30 18:45:18 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schoeffi1\Desktop\tdsskiller.exe [2013.04.30 18:39:55 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Schoeffi1\Desktop\aswMBR.exe [2013.04.24 20:19:11 | 000,203,808 | ---- | M] () -- C:\Users\Schoeffi1\Desktop\gmerFehlermeldung.jpg [2013.04.24 20:13:39 | 012,769,590 | ---- | M] () -- C:\Users\Schoeffi1\Desktop\gmerFehlermeldung.rtf [2013.04.24 20:12:32 | 010,855,897 | ---- | M] () -- C:\Users\Schoeffi1\Documents\gmerFehlermeldung.rtf [2013.04.24 19:56:01 | 000,377,856 | ---- | M] () -- C:\Users\Schoeffi1\Desktop\gmer_2.1.19163.exe [2013.04.24 19:37:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schoeffi1\Desktop\OTL.exe [2013.04.24 19:30:05 | 000,050,477 | ---- | M] () -- C:\Users\Schoeffi1\Desktop\Defogger.exe [2013.04.23 20:07:22 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.04.23 18:17:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.21 16:14:48 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.04.21 16:08:21 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.04.21 16:08:21 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.04.21 16:08:21 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.04.21 16:08:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.21 16:08:21 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.21 16:08:20 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.21 16:08:20 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.21 16:08:20 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.21 16:08:20 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.21 16:08:20 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.21 16:08:20 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.04.21 16:08:20 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.21 16:08:20 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.21 16:08:20 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.04.21 16:08:20 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.21 16:08:20 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.21 16:08:20 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.21 16:08:20 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.21 16:08:20 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.21 16:08:20 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.21 16:08:20 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.21 16:08:20 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.21 16:08:20 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.21 16:08:20 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.21 16:08:20 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.21 16:08:20 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.21 16:08:20 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.21 16:08:20 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.21 16:08:20 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.21 16:08:20 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.21 16:08:20 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.21 16:08:20 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.21 16:08:20 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.21 16:08:20 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.21 16:08:20 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.21 16:08:20 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.21 16:08:20 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.21 16:08:20 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.21 16:08:20 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.21 16:08:20 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.21 16:08:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.21 16:08:20 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.21 16:08:20 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.21 16:08:20 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.21 16:08:20 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.21 16:08:20 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.21 16:08:20 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.21 16:08:20 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.21 16:08:20 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.21 16:08:20 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.21 16:08:20 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.21 16:08:20 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.21 16:08:20 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.21 16:08:20 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.21 16:08:20 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.21 16:08:20 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.21 16:08:20 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.21 16:08:20 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.21 16:08:20 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.21 16:08:20 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.21 16:08:20 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.21 16:08:20 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.21 16:08:20 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.21 16:08:20 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.21 16:08:20 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.21 16:08:20 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.21 16:08:20 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.21 16:08:20 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.21 16:08:20 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.04.21 16:08:20 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.21 14:55:18 | 000,001,148 | ---- | M] () -- C:\Users\Schoeffi1\Desktop\Windows Update Troubleshooting Info.lnk [2013.04.21 14:25:49 | 000,376,902 | ---- | M] () -- C:\Users\Schoeffi1\Desktop\Joanne K_ Rowling – Wikipedia__Rowling.mht [2013.04.20 12:43:42 | 004,126,165 | ---- | M] () -- C:\Users\Schoeffi1\Desktop\bedienungsanleitung ps-4605 ,ps-5105.pdf [2013.04.10 18:43:55 | 000,303,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.09 10:00:46 | 000,628,743 | ---- | C] () -- C:\Users\Schoeffi1\Desktop\adwcleaner.exe [2013.05.01 10:11:52 | 000,001,203 | ---- | C] () -- C:\Users\Schoeffi1\Desktop\Moorhuhn Kart 2 - XL.lnk [2013.05.01 09:15:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.01 09:15:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.01 09:15:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.01 09:15:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.01 09:15:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.30 19:26:21 | 000,000,512 | ---- | C] () -- C:\Users\Schoeffi1\Desktop\MBR.dat [2013.04.24 20:19:11 | 000,203,808 | ---- | C] () -- C:\Users\Schoeffi1\Desktop\gmerFehlermeldung.jpg [2013.04.24 20:13:38 | 012,769,590 | ---- | C] () -- C:\Users\Schoeffi1\Desktop\gmerFehlermeldung.rtf [2013.04.24 20:12:32 | 010,855,897 | ---- | C] () -- C:\Users\Schoeffi1\Documents\gmerFehlermeldung.rtf [2013.04.24 19:56:00 | 000,377,856 | ---- | C] () -- C:\Users\Schoeffi1\Desktop\gmer_2.1.19163.exe [2013.04.24 19:30:05 | 000,050,477 | ---- | C] () -- C:\Users\Schoeffi1\Desktop\Defogger.exe [2013.04.23 20:07:22 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.04.23 20:06:54 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.23 20:06:53 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.21 16:08:20 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.21 16:08:20 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.21 14:55:18 | 000,001,148 | ---- | C] () -- C:\Users\Schoeffi1\Desktop\Windows Update Troubleshooting Info.lnk [2013.04.21 14:25:48 | 000,376,902 | ---- | C] () -- C:\Users\Schoeffi1\Desktop\Joanne K_ Rowling – Wikipedia__Rowling.mht [2013.04.20 12:43:42 | 004,126,165 | ---- | C] () -- C:\Users\Schoeffi1\Desktop\bedienungsanleitung ps-4605 ,ps-5105.pdf [2013.04.07 15:56:10 | 000,000,370 | ---- | C] () -- C:\Users\Schoeffi1\defogger_reenable [2013.02.17 23:59:32 | 000,217,196 | ---- | C] () -- C:\Users\Schoeffi1\ESt 2011.elfo [2012.11.25 09:33:52 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2012.11.25 09:33:51 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini [2012.11.25 09:33:48 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI [2012.11.18 19:14:32 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\magicpvt.dat [2012.11.18 12:07:01 | 000,000,304 | ---- | C] () -- C:\Users\Schoeffi1\AppData\Local\config.ini [2012.11.17 19:00:33 | 000,000,178 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2012.11.17 18:38:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.27 03:11:59 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.06.27 02:42:24 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2012.06.27 02:42:02 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.06.27 02:42:02 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.06.27 02:42:02 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012.06.27 02:35:18 | 000,011,307 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.06.27 02:35:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.06.27 02:35:11 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2012.06.27 02:35:11 | 000,006,798 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.06.27 01:25:42 | 000,003,949 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.06.27 01:23:39 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.06.27 01:23:37 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.06.27 01:23:34 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.06.27 01:23:33 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.05.2013 12:25:50 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schoeffi1\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,94 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 79,15% Memory free
15,88 Gb Paging File | 13,99 Gb Available in Paging File | 88,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,60 Gb Total Space | 297,79 Gb Free Space | 79,92% Space Free | Partition Type: NTFS
Drive D: | 167,68 Gb Total Space | 76,61 Gb Free Space | 45,69% Space Free | Partition Type: NTFS
Drive E: | 163,76 Gb Total Space | 98,00 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
Drive F: | 3,90 Gb Total Space | 0,83 Gb Free Space | 21,26% Space Free | Partition Type: FAT32
Drive G: | 545,81 Gb Total Space | 545,75 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
Computer Name: SCHOEFFI1-PC | User Name: Schoeffi1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2079945266-1089852156-238628154-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BE2B4E-7B77-47B8-B262-CE759DDDAFA9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{03875303-4440-4F98-8431-32B88C9414A9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0CCFD0E6-54BA-4552-AD61-C0E22FE23BA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{15A9B963-8288-4791-934C-D78DD02418A5}" = rport=445 | protocol=6 | dir=out | app=system |
"{1715FE72-AB3D-4157-9842-4157B38CC7DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22287F1C-B294-4735-9736-FD7471699230}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2348F1F5-BB1B-4765-96DE-B1DEFB7F8296}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3024AE8D-F1C3-491D-B340-624BFC5044FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47CBF0E5-7872-415E-BFF7-88FBF8FDEA43}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{593243B9-19C2-43FD-A53D-4D0BBD39E9F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{7809FD45-6D77-4E96-A8A1-CE1CD89D8F2D}" = lport=139 | protocol=6 | dir=in | app=system |
"{7DC7E395-AF59-4891-B83A-76BF69FD6BE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{857F2C78-5B22-45DB-B8F8-B65C5583B1AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93860785-8FE7-4150-A6FB-3E4352A4946A}" = rport=137 | protocol=17 | dir=out | app=system |
"{93898A11-2E57-46DF-A8F3-1B9DE8254CD8}" = lport=445 | protocol=6 | dir=in | app=system |
"{AD5428C0-0594-4E2B-B728-7EC44281D66C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AEE8F577-E1ED-46B0-ABF1-396E94EF928A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C25BA496-5B3C-425D-82AF-6B3F28C245C5}" = lport=138 | protocol=17 | dir=in | app=system |
"{C33ACBAF-0C4E-4946-A4E9-75D07B8B0D22}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D2980F97-E0DA-4BA5-97D3-50CB5188E392}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D68D86BA-3F16-40CD-BB4D-8E210E400F50}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DDB6E6EA-8499-4F7A-B02A-DE0C52582B2D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EB9EAEE6-C6E1-4CC6-9F0E-1207CF7F271F}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0044C885-43E0-45ED-B358-FEC9F9889BD9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{07824931-20A7-41DF-844B-6DAC95C31A30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1905A97D-683C-4B00-8023-81465F95A8B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{26FC912C-8E21-44F1-A322-5FB362C72CA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D67BD31-A8DD-472F-B427-348BD10B2F1C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3F71CE8F-5E30-4C74-B254-B921A6CFFC8D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B6D42E4-3D85-4C85-BB6F-C779B9A600BB}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{4F31C36A-5FB6-41C7-AD29-656753DCA235}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A3BAC13-D784-4484-AF37-82EDBE788FE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{683773B3-4C01-44BD-824D-D2F65050C928}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{68A3AD56-EB4A-4FD1-A938-189426B4A040}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{72DC9B97-5BC1-4EEE-8ECA-1871AF82ED8D}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{7449B878-292F-497F-A26B-2F09938FF2DB}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{7512EE34-04CC-40A6-9A6D-F1DEE1A0280E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A6CDA61-B150-4DFF-94E5-006602663739}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7BC7491F-2458-4D4F-9475-B2508C79B012}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8C706640-8F45-4FA6-9738-5BCE96AE3C4E}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{8E033CAA-23A4-47B2-A400-1B055E1B7805}" = protocol=6 | dir=out | app=system |
"{904A2E3A-CA27-4203-AF8D-606DE443F62F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A1E02E71-BE66-4E51-8DBB-31D6677BEA0C}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{A86BCB31-22E8-449D-AEAB-92C2D3F827A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B308B9CB-9A24-4070-B116-56E8EF78711E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C63CEEE7-A06B-406F-8DF8-3E1A057EE945}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9D70DFA-8BC1-41A5-B5E6-F0CA5DF56DC3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D0F53710-E5D8-46D6-9C53-20AEDBFF9120}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE580C01-E9C5-479C-A9FC-FEA420DAB05E}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{E0BC78C7-9B47-4237-883A-58C31F46E08E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E6AC39F1-EA0F-44AB-B449-F14F4CF4461C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E87CEFFC-F576-4A70-939A-7BB8F691E2AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F493AD16-CE94-4945-8B1E-92E41758AFBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEA17904-AE87-4389-8554-CD19758E69A3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{35CA4FA1-7591-4450-B244-B411F5F1FA95}C:\program files (x86)\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe |
"UDP Query User{475B8D74-785F-4C76-957C-A784F7600205}C:\program files (x86)\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series" = Canon MX710 series MP Drivers
"{1364C748-A240-F0F3-490E-10C02357523E}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{363836F9-D52D-8976-EC20-8C6965A4D045}" = ATI Catalyst Install Manager
"{47D73AFC-EC15-4B22-96D8-FC4487EBBE57}" = Intel(R) Network Connections 17.1.55.0
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8CC8B777-6F36-4EAE-AAD4-AB76DF9EF8A0}" = Infineon TPM Professional Package
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{968720F5-3D81-7A28-C902-0876A57B1523}" = ATI AVIVO64 Codecs
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSetDX" = Intel(R) Network Connections 17.1.55.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0C702979-FB0E-9D78-DE61-6D90E384E55F}" = CCC Help Polish
"{10F87409-10AD-8CEE-F879-EA7D57615607}" = CCC Help Turkish
"{1DF43EAC-B83D-BECB-F29B-76A7A353EC0C}" = CCC Help Norwegian
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{3477DE8A-967D-507E-6520-FD540F49C116}" = CCC Help English
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{36AA02C7-2E56-9A70-0B1D-380E5954292C}" = CCC Help Czech
"{395F632D-7874-48B2-CE13-AAFE059B18B8}" = CCC Help Japanese
"{3C589A28-0DE4-5866-B9F1-C8E1BD6C3171}" = CCC Help Dutch
"{3C646034-7392-2259-3EAF-E93AD1409DF8}" = CCC Help Danish
"{4019B8AB-DAFE-4CD0-E1E5-5ACD6E8E324F}" = CCC Help Hungarian
"{509B0A6E-BFAA-DF35-9A64-1EC29857E513}" = CCC Help Swedish
"{525072DA-059C-A596-ABBC-5D6877EBD5B5}" = Catalyst Control Center Localization All
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5834909F-948F-4D5A-A355-7C9AAA7C41FE}" = Catalyst Control Center - Branding
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6768754B-9A1B-3991-2A8C-B17991AA659D}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7387E87C-7DCD-49F9-B240-0C01C0EFDE65}" = MagicRotation
"{75AEE162-2DAF-C1F2-E1D8-A8F4ED04DA1A}" = CCC Help Greek
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D09972F-4B4D-8A48-7C39-C16BDC4551ED}" = CCC Help French
"{823DEA95-A69C-44BD-BF8B-297615213EBD}" = MagicRotation
"{8545F9B8-12CD-01A2-4739-F4D0012C80FD}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92429C8B-86E2-176F-FB06-8F3A3C847DD3}" = CCC Help German
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{989B6566-DC9B-D79D-7C7A-688727165852}" = CCC Help Finnish
"{9BACB89D-98DA-E204-F904-6776079F1382}" = Catalyst Control Center InstallProxy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8D5B39E-815D-44BC-AC52-657FE3D2E21D}" = SUNIX Multi-IO Controller
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{AD14632A-5D6A-46E5-A259-9446D8EC8D5F}" = StarMoney 8.0 S-Edition
"{BA3BE09C-22AD-4440-306F-6B5A7D7B5207}" = CCC Help Korean
"{BC9DBD2A-4E6A-BFCD-8476-58747501EA7A}" = CCC Help Chinese Standard
"{BEF1CD9C-F502-BC2C-9561-7E14DA937AD5}" = CCC Help Portuguese
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CF474BB3-BD31-8C60-6938-6F5597A254EC}" = Catalyst Control Center
"{D49DBA4B-8ED1-E679-D000-BE301724FE6E}" = CCC Help Chinese Traditional
"{DC0BE1EC-8CD8-267E-0FC5-82605ED0045F}" = CCC Help Spanish
"{E2869847-AED4-4482-BBE8-950AFEAB6223}_is1" = Shredder Classic 4 ct
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{EB9C342B-A71C-F09C-0066-9AA565724980}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MX710 series Benutzerregistrierung" = Canon MX710 series Benutzerregistrierung
"Canon MX710 series On-screen Manual" = Canon MX710 series On-screen Manual
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular 13.1.1.8479p" = ElsterFormular
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Moorhuhn Kart 2 - XL" = Moorhuhn Kart 2 - XL
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
"Speed Dial Utility" = Canon Kurzwahlprogramm
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.05.2013 06:10:39 | Computer Name = Schoeffi1-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.05.2013 06:14:58 | Computer Name = Schoeffi1-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.05.2013 06:17:56 | Computer Name = Schoeffi1-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 09.05.2013 06:08:54 | Computer Name = Schoeffi1-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?05.?2013 um 11:53:02 unerwartet heruntergefahren.
Error - 09.05.2013 06:09:12 | Computer Name = Schoeffi1-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
magicpvt
Error - 09.05.2013 06:12:21 | Computer Name = Schoeffi1-PC | Source = DCOM | ID = 10010
Description =
Error - 09.05.2013 06:13:03 | Computer Name = Schoeffi1-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\magicpvt.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.05.2013 06:13:04 | Computer Name = Schoeffi1-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\magicpvt.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.05.2013 06:13:34 | Computer Name = Schoeffi1-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
magicpvt
Error - 09.05.2013 06:15:22 | Computer Name = Schoeffi1-PC | Source = DCOM | ID = 10010
Description =
Error - 09.05.2013 06:16:01 | Computer Name = Schoeffi1-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\magicpvt.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.05.2013 06:16:02 | Computer Name = Schoeffi1-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\magicpvt.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.05.2013 06:16:19 | Computer Name = Schoeffi1-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
magicpvt
< End of report >
|
|
09.05.2013, 18:14
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keine Bilder IE9 wiederholte Vierenmeldungen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.05.2013, 22:29
| #13 |
| | keine Bilder IE9 wiederholte Vierenmeldungen Nabend Cosinus, erstmal vielen Dank das du dich trotz meiner langen Abwesenheit so schnell wieder meiner angenommen hast. Die beiden scans haben ewig gedauert, sind aber ohne probleme durchgelaufen malware log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.09.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Schoeffi1 :: SCHOEFFI1-PC [Administrator] 09.05.2013 19:51:14 mbam-log-2013-05-09 (19-51-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 537502 Laufzeit: 1 Stunde(n), 17 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9fd6150c8f739644b26c1fa9c3844736
# engine=13795
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-09 08:41:54
# local_time=2013-05-09 10:41:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 26651 233555404 19440 0
# compatibility_mode=5893 16776574 100 94 14445896 119761964 0 0
# scanned=312456
# found=0
# cleaned=0
# scan_time=5072
Gruß Schoeffi |
|
09.05.2013, 22:49
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | keine Bilder IE9 wiederholte Vierenmeldungen Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.05.2013, 23:32
| #15 |
| | keine Bilder IE9 wiederholte Vierenmeldungen Morgen cosinus, naja es scheint alles soweit in ordnung zu sein, aber....... Bilder im internetexplorer werden nach wie vor nicht angezeigt aber das scheint mir jetzt eher ein einstellungsproblem zu sein (weil chrome funzt einwandfrei). Wenn aus deiner sicht die kiste sauber ist dann gibts hier keinen weiteren handlungsbedarf ausser ne spende wenn ich das richtig sehe. Ich hoffe du stimmst mir zu und mein dank wird dir ewig nachschleichen gruß Schoeffi |
|
| Themen zu keine Bilder IE9 wiederholte Vierenmeldungen |
| adware.gamespyarcade, adware.vomba, adware/agent.npo.142, adware/yontoo.gen, anhang, explorer, fehlermeldung, interne, internetexplorer, malware.packer.genx, meldungen, nicht mehr, programme, pup.software.updater, rechner, richtig, risktool.killfiles, spezialisten, updates, virenscan, virus, woche |
Linear-Darstellung
