| |
| |||||||
Log-Analyse und Auswertung: Trojaner incredibar mystartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
23.05.2013, 18:39
| #1 |
| |  Trojaner incredibar mystart Hallo, ich habe seit ein paar Monaten incredibar, bzw. mystart auf meinem Laptop. Ich kann jetzt nicht sagen, was ich mir runtergeladen hab als ich mir dies zuzog. Gestern habe ich ein kostenloses stop-motion Programm "AnimatorHD" runtergeladen und Avira reagierte kurz darauf mit Funden, welche ich von der Quarantäne aus gelöscht habe. Zudem machte web.de mich noch darauf aufmerksam, dass ich Spyware auf meinem Computer habe. Daraufhin ließ ich den CCleaner und anschließend Spybot laufen. Spybot informierte mich daraufhin über 22 Einträge von incredibar Hijackers. Von diesen ließen sich 8 Einträge löschen, bei den restlichen, erklärte Spybot, mir würden die nötigen Admin rechte fehlen. Ich informierte mich über incredibar und erst zu diesem Zeitpunkt wurde mir klar, dass es sich um einen Trojaner handelt UND das er schon monatelang in meinem System ist. Ich löschte daraufhin den AnimatorHD. Folgte einer YouTube-Anleitung wie ich incredibar entferne (was allerdings nicht funktionierte, da ich bereits das ad-ons nicht löschen konnte &die 16 verbliebenen Dateien auf meinem Computer auch nicht) Gelöscht habe ich weiterhin mozilla Firefox und incredibar --> soweit möglich Ich habe die Schritte in der Anleitung nach bestem Wissen befolgt ( --> den defogger disabled, OTL -Quick-Scan und den Gmer -Scan angehängt) und hoffe sehr, dass mir Jemand helfen kann. Noch ein Hinweis: Im beim OTL -Scan stand Dateien von den letzten 30 Tagen, ich habe mich definitiv früher mit incredibar infiziert. Freundliche Grüße Denise Geändert von DeniseAlice (23.05.2013 um 19:38 Uhr) |
|
23.05.2013, 22:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner incredibar mystart Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
24.05.2013, 13:58
| #3 |
| | Trojaner incredibar mystart Hallo Cosinus,
__________________vielen Dank, dass du dir Zeit nimmst! Ich hatte die Log-Dateien im Zip-Format geschickt, weil es in der Anleitung so beschrieben war. Die Code-Tags sind jetzt beigefügt, neben OTL & Gmer habe ich die Ergebnisse von Avira und von Spybot beigefügt. Mehr scans habe ich nicht gemacht außer CCleaner, aber ich glaube das zählt nicht?!? OTL: Code:
ATTFilter OTL logfile created on: 23.05.2013 17:53:46 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 68,07% Memory free 7,99 Gb Paging File | 6,49 Gb Available in Paging File | 81,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 36,63 Gb Free Space | 49,15% Space Free | Partition Type: NTFS Drive D: | 204,03 Gb Total Space | 75,93 Gb Free Space | 37,21% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\jmdp\stij.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\IB Updater\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\jmdp\stij.exe () MOD - C:\Windows\SysWOW64\jmdp\lmrn.dll () MOD - C:\Windows\SysWOW64\jmdp\sqlite3.dll () MOD - C:\Program Files (x86)\program\libxml2.dll () MOD - C:\Program Files (x86)\program\libxslt.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () ========== Services (SafeList) ========== SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe () SRV:64bit: - (IB Updater) -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (lxcg_device) -- C:\Windows\SysNative\lxcgcoms.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxcg_device) -- C:\Windows\SysWOW64\lxcgcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 20:16:19 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013.03.01 20:16:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.03.01 20:16:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013.03.01 20:16:19 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll () O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15A65E77-2F7A-4D4B-973F-C4AD35E548A8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 21:33:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.22 14:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.05.19 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\drucken [2013.05.07 15:12:17 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 21:24:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.23 17:49:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 17:45:35 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.05.23 17:43:23 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.05.23 17:26:42 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.23 17:26:42 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.23 17:26:42 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.23 17:26:42 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.23 17:26:42 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.23 17:02:05 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 17:02:05 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 16:54:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.23 16:53:59 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys [2013.05.22 21:33:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.22 21:00:26 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.05.17 14:12:53 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.05.16 07:16:22 | 000,293,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.07 15:12:02 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 15:45:17 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 15:45:17 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.23 17:45:35 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.05.23 17:43:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.05.22 15:15:12 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.05.17 14:12:53 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.04.30 16:46:07 | 000,001,427 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.04.30 15:45:17 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 15:45:17 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.12 13:59:21 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll [2013.01.12 13:59:20 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll [2013.01.12 13:59:20 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll [2013.01.12 13:59:20 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll [2013.01.12 13:59:20 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll [2013.01.12 13:59:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll [2013.01.12 13:59:20 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll [2013.01.12 13:59:20 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe [2013.01.12 13:59:20 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll [2013.01.12 13:59:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll [2013.01.12 13:59:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll [2013.01.12 13:59:20 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe [2013.01.12 13:59:20 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll [2013.01.12 13:59:20 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe [2013.01.12 13:59:20 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe [2013.01.12 13:59:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll [2013.01.12 13:59:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll [2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files (x86)\readme.html [2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link [2012.01.29 16:41:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.29 22:47:20 | 000,006,144 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.02 01:35:29 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.12.13 15:03:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2010.12.13 15:00:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.29 22:49:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EeeStorageUploader [2010.11.18 18:19:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro [2012.02.06 11:55:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2010.11.18 16:47:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.01.17 20:22:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2010.11.18 18:19:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense [2010.10.29 23:40:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2010.10.29 22:49:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp [2010.10.28 21:34:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2010.11.14 16:09:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2012.01.05 13:18:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\GrabPro ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > GMER: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-23 18:39:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005c WDC_WD32 rev.01.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Denise\AppData\Local\Temp\fwdirpod.sys
---- Modules - GMER 2.1 ----
Module \SystemRoot\system32\ntoskrnl.exe fffff80002e01000-fffff800033e7000 (6184960 bytes)
Module \SystemRoot\system32\hal.dll fffff800033e7000-fffff80003430000 (299008 bytes)
Module \SystemRoot\system32\kdcom.dll fffff80000bcc000-fffff80000bd6000 (40960 bytes)
Module \SystemRoot\system32\mcupdate_AuthenticAMD.dll fffff88000c2d000-fffff88000c3a000 (53248 bytes)
Module \SystemRoot\system32\PSHED.dll fffff88000c3a000-fffff88000c4e000 (81920 bytes)
Module \SystemRoot\system32\CLFS.SYS fffff88000c4e000-fffff88000cac000 (385024 bytes)
Module \SystemRoot\system32\CI.dll fffff88000cac000-fffff88000d6c000 (786432 bytes)
Module \SystemRoot\system32\drivers\Wdf01000.sys fffff88000e7b000-fffff88000f1f000 (671744 bytes)
Module \SystemRoot\system32\drivers\WDFLDR.SYS fffff88000f1f000-fffff88000f2e000 (61440 bytes)
Module \SystemRoot\system32\drivers\ACPI.sys fffff88000f2e000-fffff88000f85000 (356352 bytes)
Module \SystemRoot\system32\drivers\WMILIB.SYS fffff88000f85000-fffff88000f8e000 (36864 bytes)
Module \SystemRoot\system32\drivers\msisadrv.sys fffff88000f8e000-fffff88000f98000 (40960 bytes)
Module \SystemRoot\system32\drivers\pci.sys fffff88000f98000-fffff88000fcb000 (208896 bytes)
Module \SystemRoot\system32\drivers\vdrvroot.sys fffff88000fcb000-fffff88000fd8000 (53248 bytes)
Module \SystemRoot\System32\drivers\partmgr.sys fffff88000fd8000-fffff88000fed000 (86016 bytes)
Module \SystemRoot\system32\DRIVERS\compbatt.sys fffff88000fed000-fffff88000ff6000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\BATTC.SYS fffff88000e00000-fffff88000e0c000 (49152 bytes)
Module \SystemRoot\system32\drivers\volmgr.sys fffff88000e0c000-fffff88000e21000 (86016 bytes)
Module \SystemRoot\System32\drivers\volmgrx.sys fffff88000d6c000-fffff88000dc8000 (376832 bytes)
Module \SystemRoot\system32\drivers\pciide.sys fffff88000e21000-fffff88000e28000 (28672 bytes)
Module \SystemRoot\system32\drivers\PCIIDEX.SYS fffff88000e28000-fffff88000e38000 (65536 bytes)
Module \SystemRoot\System32\drivers\mountmgr.sys fffff88000e38000-fffff88000e52000 (106496 bytes)
Module \SystemRoot\system32\drivers\atapi.sys fffff88000e52000-fffff88000e5b000 (36864 bytes)
Module \SystemRoot\system32\drivers\ataport.SYS fffff88000dc8000-fffff88000df2000 (172032 bytes)
Module \SystemRoot\system32\drivers\msahci.sys fffff88000e5b000-fffff88000e66000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\amdsata.sys fffff88000e66000-fffff88000e7a000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\storport.sys fffff880010f6000-fffff88001159000 (405504 bytes)
Module \SystemRoot\system32\DRIVERS\amdxata.sys fffff88001159000-fffff88001164000 (45056 bytes)
Module \SystemRoot\system32\drivers\fltmgr.sys fffff88001164000-fffff880011b0000 (311296 bytes)
Module \SystemRoot\system32\drivers\fileinfo.sys fffff880011b0000-fffff880011c4000 (81920 bytes)
Module \SystemRoot\System32\Drivers\Ntfs.sys fffff88001246000-fffff880013e8000 (1712128 bytes)
Module \SystemRoot\System32\Drivers\msrpc.sys fffff88001000000-fffff8800105e000 (385024 bytes)
Module \SystemRoot\System32\Drivers\ksecdd.sys fffff88001200000-fffff8800121b000 (110592 bytes)
Module \SystemRoot\System32\Drivers\cng.sys fffff8800105e000-fffff880010d0000 (466944 bytes)
Module \SystemRoot\System32\drivers\pcw.sys fffff8800121b000-fffff8800122c000 (69632 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.sys fffff8800122c000-fffff88001236000 (40960 bytes)
Module \SystemRoot\system32\drivers\ndis.sys fffff88001486000-fffff88001579000 (995328 bytes)
Module \SystemRoot\system32\drivers\NETIO.SYS fffff88001579000-fffff880015d9000 (393216 bytes)
Module \SystemRoot\System32\Drivers\ksecpkg.sys fffff88001400000-fffff8800142a000 (172032 bytes)
Module \SystemRoot\System32\drivers\tcpip.sys fffff88001600000-fffff88001800000 (2097152 bytes)
Module \SystemRoot\System32\drivers\fwpkclnt.sys fffff8800142a000-fffff88001473000 (299008 bytes)
Module \SystemRoot\system32\drivers\volsnap.sys fffff880018f4000-fffff88001940000 (311296 bytes)
Module \SystemRoot\System32\Drivers\spldr.sys fffff88001940000-fffff88001948000 (32768 bytes)
Module \SystemRoot\System32\drivers\rdyboost.sys fffff88001948000-fffff88001982000 (237568 bytes)
Module \SystemRoot\System32\Drivers\mup.sys fffff88001982000-fffff88001994000 (73728 bytes)
Module \SystemRoot\System32\drivers\hwpolicy.sys fffff88001994000-fffff8800199d000 (36864 bytes)
Module \SystemRoot\System32\DRIVERS\fvevol.sys fffff8800199d000-fffff880019d7000 (237568 bytes)
Module \SystemRoot\system32\DRIVERS\disk.sys fffff880019d7000-fffff880019ed000 (90112 bytes)
Module \SystemRoot\system32\DRIVERS\CLASSPNP.SYS fffff88001800000-fffff88001830000 (196608 bytes)
Module \SystemRoot\system32\DRIVERS\AtiPcie.sys fffff88001830000-fffff88001838000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys fffff88001877000-fffff880018a1000 (172032 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS fffff880018a1000-fffff880018aa000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS fffff880018aa000-fffff880018b1000 (28672 bytes)
Module \SystemRoot\System32\drivers\vga.sys fffff880018b1000-fffff880018bf000 (57344 bytes)
Module \SystemRoot\System32\drivers\VIDEOPRT.SYS fffff880018bf000-fffff880018e4000 (151552 bytes)
Module \SystemRoot\System32\drivers\watchdog.sys fffff880018e4000-fffff880018f4000 (65536 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys fffff880019ed000-fffff880019f6000 (36864 bytes)
Module \SystemRoot\system32\drivers\rdpencdd.sys fffff880019f6000-fffff880019ff000 (36864 bytes)
Module \SystemRoot\system32\drivers\rdprefmp.sys fffff88001473000-fffff8800147c000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS fffff880015d9000-fffff880015e4000 (45056 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS fffff880015e4000-fffff880015f5000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\tdx.sys fffff880010d0000-fffff880010f2000 (139264 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS fffff88001236000-fffff88001243000 (53248 bytes)
Module \SystemRoot\system32\drivers\afd.sys fffff88003ac0000-fffff88003b49000 (561152 bytes)
Module \SystemRoot\System32\DRIVERS\netbt.sys fffff88003b49000-fffff88003b8e000 (282624 bytes)
Module \SystemRoot\system32\DRIVERS\wfplwf.sys fffff88003b8e000-fffff88003b97000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\pacer.sys fffff88003b97000-fffff88003bbd000 (155648 bytes)
Module \SystemRoot\system32\DRIVERS\vwififlt.sys fffff88003bbd000-fffff88003bd3000 (90112 bytes)
Module \SystemRoot\system32\DRIVERS\netbios.sys fffff88003bd3000-fffff88003be2000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\wanarp.sys fffff88003be2000-fffff88003bfd000 (110592 bytes)
Module \SystemRoot\system32\drivers\termdd.sys fffff88003a00000-fffff88003a14000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\rdbss.sys fffff88003a14000-fffff88003a65000 (331776 bytes)
Module \SystemRoot\system32\drivers\nsiproxy.sys fffff88003a65000-fffff88003a71000 (49152 bytes)
Module \SystemRoot\system32\drivers\mssmbios.sys fffff88003a71000-fffff88003a7c000 (45056 bytes)
Module \SystemRoot\System32\drivers\discache.sys fffff88003a7c000-fffff88003a8b000 (61440 bytes)
Module \SystemRoot\System32\Drivers\dfsc.sys fffff88003a8b000-fffff88003aa9000 (122880 bytes)
Module \SystemRoot\system32\DRIVERS\blbdrive.sys fffff88003aa9000-fffff88003aba000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\avkmgr.sys fffff880015f5000-fffff880015ff000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\avipbb.sys fffff880011c4000-fffff880011e8000 (147456 bytes)
Module \SystemRoot\system32\DRIVERS\tunnel.sys fffff88000c00000-fffff88000c26000 (155648 bytes)
Module \SystemRoot\system32\DRIVERS\atikmpag.sys fffff88002cd9000-fffff88002d0f000 (221184 bytes)
Module \SystemRoot\system32\DRIVERS\atikmdag.sys fffff8800486b000-fffff88004f15000 (6987776 bytes)
Module \SystemRoot\System32\drivers\dxgkrnl.sys fffff88004069000-fffff8800415d000 (999424 bytes)
Module \SystemRoot\System32\drivers\dxgmms1.sys fffff8800415d000-fffff880041a3000 (286720 bytes)
Module \SystemRoot\system32\drivers\HDAudBus.sys fffff880041a3000-fffff880041c7000 (147456 bytes)
Module \SystemRoot\system32\DRIVERS\athrx.sys fffff88004214000-fffff8800439d000 (1609728 bytes)
Module \SystemRoot\system32\DRIVERS\vwifibus.sys fffff8800439d000-fffff880043aa000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\jmcr.sys fffff880043aa000-fffff880043d1000 (159744 bytes)
Module \SystemRoot\system32\DRIVERS\SCSIPORT.SYS fffff880043d1000-fffff88004400000 (192512 bytes)
Module \SystemRoot\system32\DRIVERS\JME.sys fffff880041c7000-fffff880041e6000 (126976 bytes)
Module \SystemRoot\system32\drivers\usbohci.sys fffff88004200000-fffff8800420b000 (45056 bytes)
Module \SystemRoot\system32\drivers\USBPORT.SYS fffff88004000000-fffff88004056000 (352256 bytes)
Module \SystemRoot\system32\DRIVERS\usbfilter.sys fffff88004056000-fffff88004063000 (53248 bytes)
Module \SystemRoot\system32\drivers\usbehci.sys fffff880041e6000-fffff880041f7000 (69632 bytes)
Module \SystemRoot\system32\drivers\i8042prt.sys fffff88004f15000-fffff88004f33000 (122880 bytes)
Module \SystemRoot\system32\DRIVERS\ETD.sys fffff88004f33000-fffff88004f58000 (151552 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys fffff88004f58000-fffff88004f67000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\kbfiltr.sys fffff8800420b000-fffff88004213000 (32768 bytes)
Module \SystemRoot\system32\drivers\kbdclass.sys fffff88004f67000-fffff88004f76000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\CmBatt.sys fffff880041f7000-fffff880041fc000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\amdppm.sys fffff88004f76000-fffff88004f8b000 (86016 bytes)
Module \SystemRoot\system32\DRIVERS\ATK64AMD.sys fffff88004f8b000-fffff88004f93000 (32768 bytes)
Module \SystemRoot\system32\drivers\CompositeBus.sys fffff88004f93000-fffff88004fa3000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\AgileVpn.sys fffff88004fa3000-fffff88004fb9000 (90112 bytes)
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys fffff88004fb9000-fffff88004fdd000 (147456 bytes)
Module \SystemRoot\system32\DRIVERS\ndistapi.sys fffff88004fdd000-fffff88004fe9000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\ndiswan.sys fffff88004800000-fffff8800482f000 (192512 bytes)
Module \SystemRoot\system32\DRIVERS\raspppoe.sys fffff8800482f000-fffff8800484a000 (110592 bytes)
Module \SystemRoot\system32\DRIVERS\raspptp.sys fffff8800484a000-fffff8800486b000 (135168 bytes)
Module \SystemRoot\system32\DRIVERS\rassstp.sys fffff88002d0f000-fffff88002d29000 (106496 bytes)
Module \SystemRoot\system32\drivers\swenum.sys fffff880041fc000-fffff880041fe000 (8192 bytes)
Module \SystemRoot\system32\drivers\ks.sys fffff88002d29000-fffff88002d6c000 (274432 bytes)
Module \SystemRoot\system32\drivers\umbus.sys fffff88004fe9000-fffff88004ffb000 (73728 bytes)
Module \SystemRoot\system32\drivers\usbhub.sys fffff88002d6c000-fffff88002dc6000 (368640 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS fffff88002dc6000-fffff88002ddb000 (86016 bytes)
Module \SystemRoot\system32\drivers\AtiHdmi.sys fffff88002ddb000-fffff88002dfc000 (135168 bytes)
Module \SystemRoot\system32\drivers\portcls.sys fffff88002c00000-fffff88002c3d000 (249856 bytes)
Module \SystemRoot\system32\drivers\drmk.sys fffff88002c3d000-fffff88002c5f000 (139264 bytes)
Module \SystemRoot\system32\drivers\ksthunk.sys fffff88004063000-fffff88004069000 (24576 bytes)
Module \SystemRoot\system32\drivers\RTKVHD64.sys fffff88005a51000-fffff88005c8d000 (2342912 bytes)
Module \SystemRoot\System32\Drivers\crashdmp.sys fffff88005c8d000-fffff88005c9b000 (57344 bytes)
Module \SystemRoot\System32\Drivers\dump_diskdump.sys fffff88005c9b000-fffff88005ca5000 (40960 bytes)
Module \SystemRoot\System32\Drivers\dump_amdsata.sys fffff88005ca5000-fffff88005cb9000 (81920 bytes)
Module \SystemRoot\System32\Drivers\dump_dumpfve.sys fffff88005cb9000-fffff88005ccc000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\hidusb.sys fffff88005ccc000-fffff88005cda000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS fffff88005cda000-fffff88005cf3000 (102400 bytes)
Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS fffff88005cf3000-fffff88005cfc000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS fffff88005cfc000-fffff88005cfe000 (8192 bytes)
Module \SystemRoot\System32\win32k.sys fffff96000000000-fffff96000317000 (3239936 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys fffff88005cfe000-fffff88005d0a000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\mouhid.sys fffff88005d0a000-fffff88005d17000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\usbccgp.sys fffff88005d17000-fffff88005d34000 (118784 bytes)
Module \SystemRoot\system32\DRIVERS\snp2uvc.sys fffff88005e31000-fffff88005fe9000 (1802240 bytes)
Module \SystemRoot\system32\DRIVERS\STREAM.SYS fffff88005fe9000-fffff88005ffa000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\sncduvc.SYS fffff88005e00000-fffff88005e09000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\monitor.sys fffff88005e09000-fffff88005e17000 (57344 bytes)
Module \SystemRoot\System32\TSDDD.dll fffff96000430000-fffff9600043a000 (40960 bytes)
Module \SystemRoot\System32\cdd.dll fffff96000690000-fffff960006b7000 (159744 bytes)
Module \SystemRoot\system32\drivers\luafv.sys fffff88005d34000-fffff88005d57000 (143360 bytes)
Module \SystemRoot\system32\DRIVERS\avgntflt.sys fffff88005d57000-fffff88005d77000 (131072 bytes)
Module \SystemRoot\system32\drivers\WudfPf.sys fffff88005d77000-fffff88005d98000 (135168 bytes)
Module \SystemRoot\system32\DRIVERS\lltdio.sys fffff88005e17000-fffff88005e2c000 (86016 bytes)
Module \SystemRoot\system32\DRIVERS\nwifi.sys fffff88005d98000-fffff88005deb000 (339968 bytes)
Module \SystemRoot\system32\DRIVERS\ndisuio.sys fffff88005deb000-fffff88005dfe000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\rspndr.sys fffff88005a00000-fffff88005a18000 (98304 bytes)
Module \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys fffff88005a18000-fffff88005a20000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\vwifimp.sys fffff88005a20000-fffff88005a2a000 (40960 bytes)
Module \SystemRoot\system32\drivers\HTTP.sys fffff880038f7000-fffff880039c0000 (823296 bytes)
Module \SystemRoot\system32\DRIVERS\bowser.sys fffff880039c0000-fffff880039de000 (122880 bytes)
Module \SystemRoot\System32\drivers\mpsdrv.sys fffff880039de000-fffff880039f6000 (98304 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys fffff88003800000-fffff8800382d000 (184320 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb10.sys fffff8800382d000-fffff8800387b000 (319488 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb20.sys fffff8800387b000-fffff8800389f000 (147456 bytes)
Module \SystemRoot\system32\drivers\peauth.sys fffff88007c01000-fffff88007ca7000 (679936 bytes)
Module \SystemRoot\System32\Drivers\secdrv.SYS fffff88007ca7000-fffff88007cb2000 (45056 bytes)
Module \SystemRoot\System32\DRIVERS\srvnet.sys fffff88007cb2000-fffff88007ce3000 (200704 bytes)
Module \SystemRoot\System32\drivers\tcpipreg.sys fffff88007ce3000-fffff88007cf5000 (73728 bytes)
Module \SystemRoot\System32\DRIVERS\srv2.sys fffff88007cf5000-fffff88007d5e000 (430080 bytes)
Module \SystemRoot\System32\DRIVERS\srv.sys fffff88007d5e000-fffff88007df6000 (622592 bytes)
Module \SystemRoot\System32\Drivers\fastfat.SYS fffff8800389f000-fffff880038d5000 (221184 bytes)
Module \??\C:\Users\Denise\AppData\Local\Temp\fwdirpod.sys (GMER) fffff880038d5000-fffff880038e5000 (65536 bytes)
Module \Windows\System32\ntdll.dll 00000000775d0000-0000000077779000 (1740800 bytes)
Module \Windows\System32\smss.exe 00000000483b0000-00000000483d0000 (131072 bytes)
Module \Windows\System32\apisetschema.dll 000007feff8f0000-000007feff940000 (327680 bytes)
Module \Windows\System32\autochk.exe 00000000ffdc0000-00000000ffe81000 (790528 bytes)
Module \Windows\System32\urlmon.dll 000007feff780000-000007feff8d9000 (1413120 bytes)
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [856:4052] 0000000076c67587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [856:5068] 000000006b7c0cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [856:2624] 0000000077802e25
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [856:4588] 0000000077803e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [856:3268] 0000000077803e45
---- Services - GMER 2.1 ----
Service C:\Windows\system32\netfxperf.dll .NET CLR Data
Service C:\Windows\system32\netfxperf.dll .NET CLR Networking
Service C:\Windows\system32\netfxperf.dll .NET CLR Networking 4.0.0.0
Service C:\Windows\system32\netfxperf.dll .NET Data Provider for Oracle
Service C:\Windows\system32\netfxperf.dll .NET Data Provider for SqlServer
Service C:\Windows\system32\mscoree.dll .NETFramework
Service C:\Windows\system32\drivers\1394ohci.sys [MANUAL] 1394ohci
Service C:\Windows\system32\drivers\ACPI.sys [BOOT] ACPI
Service C:\Windows\system32\drivers\acpipmi.sys [MANUAL] AcpiPmi
Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MANUAL] AdobeFlashPlayerUpdateSvc
Service C:\Windows\system32\DRIVERS\adp94xx.sys [MANUAL] adp94xx
Service C:\Windows\system32\DRIVERS\adpahci.sys [MANUAL] adpahci
Service C:\Windows\system32\DRIVERS\adpu320.sys [MANUAL] adpu320
Service adsi
Service C:\Windows\System32\aelupsvc.dll [MANUAL] AeLookupSvc
Service C:\Windows\system32\drivers\afd.sys [SYSTEM] AFD
Service C:\Windows\system32\drivers\agp440.sys [MANUAL] agp440
Service C:\Windows\System32\alg.exe [MANUAL] ALG
Service C:\Windows\system32\drivers\aliide.sys [MANUAL] aliide
Service C:\Windows\system32\atiesrxx.exe [AUTO] AMD External Events Utility
Service C:\Windows\system32\drivers\amdide.sys [MANUAL] amdide
Service C:\Windows\system32\DRIVERS\amdk8.sys [MANUAL] AmdK8
Service C:\Windows\system32\DRIVERS\atikmdag.sys [MANUAL] amdkmdag
Service C:\Windows\system32\DRIVERS\atikmpag.sys [MANUAL] amdkmdap
Service C:\Windows\system32\DRIVERS\amdppm.sys [MANUAL] AmdPPM
Service C:\Windows\system32\DRIVERS\amdsata.sys [BOOT] amdsata
Service C:\Windows\system32\DRIVERS\amdsbs.sys [MANUAL] amdsbs
Service C:\Windows\system32\DRIVERS\amdxata.sys [BOOT] amdxata
Service C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [AUTO] AntiVirSchedulerService
Service C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [AUTO] AntiVirService
Service C:\Windows\system32\drivers\appid.sys [MANUAL] AppID
Service C:\Windows\System32\appidsvc.dll [MANUAL] AppIDSvc
Service C:\Windows\System32\appinfo.dll [MANUAL] Appinfo
Service C:\Windows\system32\DRIVERS\arc.sys [MANUAL] arc
Service C:\Windows\system32\DRIVERS\arcsas.sys [MANUAL] arcsas
Service C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [AUTO] ASLDRService
Service C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [AUTO] ASMMAP64
Service C:\Windows\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\Windows\system32\drivers\atapi.sys [BOOT] atapi
Service C:\Windows\system32\DRIVERS\athrx.sys [MANUAL] athr
Service Atierecord
Service C:\Windows\system32\drivers\AtiHdmi.sys [MANUAL] AtiHdmiService
Service C:\Windows\system32\DRIVERS\AtiPcie.sys [BOOT] AtiPcie
Service C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [AUTO] ATKGFNEXSrv
Service C:\Windows\System32\Audiosrv.dll [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\Audiosrv.dll [AUTO] AudioSrv
Service C:\Windows\system32\DRIVERS\avgntflt.sys [AUTO] avgntflt
Service C:\Windows\system32\DRIVERS\avipbb.sys [SYSTEM] avipbb
Service C:\Windows\system32\DRIVERS\avkmgr.sys [SYSTEM] avkmgr
Service C:\Windows\System32\AxInstSV.dll [MANUAL] AxInstSV
Service C:\Windows\system32\DRIVERS\bxvbda.sys [MANUAL] b06bdrv
Service C:\Windows\system32\DRIVERS\b57nd60a.sys [MANUAL] b57nd60a
Service C:\Windows\system32\drivers\BattC.sys BattC
Service C:\Windows\System32\bdesvc.dll [MANUAL] BDESVC
Service C:\Windows\system32\drivers\Beep.sys [SYSTEM] Beep
Service C:\Windows\System32\bfe.dll [AUTO] BFE
Service C:\Windows\System32\qmgr.dll [MANUAL] BITS
Service C:\Windows\system32\DRIVERS\blbdrive.sys [SYSTEM] blbdrive
Service C:\Windows\system32\DRIVERS\bowser.sys [MANUAL] bowser
Service C:\Windows\system32\DRIVERS\BrFiltLo.sys [MANUAL] BrFiltLo
Service C:\Windows\system32\DRIVERS\BrFiltUp.sys [MANUAL] BrFiltUp
Service C:\Windows\System32\browser.dll [MANUAL] Browser
Service C:\Windows\System32\Drivers\Brserid.sys [MANUAL] Brserid
Service C:\Windows\System32\Drivers\BrSerWdm.sys [MANUAL] BrSerWdm
Service C:\Windows\System32\Drivers\BrUsbMdm.sys [MANUAL] BrUsbMdm
Service C:\Windows\System32\Drivers\BrUsbSer.sys [MANUAL] BrUsbSer
Service C:\Windows\system32\DRIVERS\bthmodem.sys [MANUAL] BTHMODEM
Service BTHPORT
Service C:\Windows\system32\bthserv.dll [MANUAL] bthserv
Service C:\Windows\system32\DRIVERS\cdfs.sys [DISABLED] cdfs
Service C:\Windows\system32\DRIVERS\cdrom.sys [SYSTEM] cdrom
Service C:\Windows\System32\certprop.dll [MANUAL] CertPropSvc
Service C:\Windows\system32\DRIVERS\circlass.sys [MANUAL] circlass
Service C:\Windows\System32\CLFS.sys [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [DISABLED] clr_optimization_v2.0.50727_32
Service C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [DISABLED] clr_optimization_v2.0.50727_64
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [AUTO] clr_optimization_v4.0.30319_32
Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [AUTO] clr_optimization_v4.0.30319_64
Service C:\Windows\system32\DRIVERS\CmBatt.sys [MANUAL] CmBatt
Service C:\Windows\system32\drivers\cmdide.sys [MANUAL] cmdide
Service C:\Windows\System32\Drivers\cng.sys [BOOT] CNG
Service C:\Windows\system32\DRIVERS\compbatt.sys [BOOT] Compbatt
Service C:\Windows\system32\drivers\CompositeBus.sys [MANUAL] CompositeBus
Service C:\Windows\system32\dllhost.exe [MANUAL] COMSysApp
Service C:\Windows\system32\DRIVERS\crcdisk.sys [DISABLED] crcdisk
Service crypt32
Service C:\Windows\system32\cryptsvc.dll [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\rpcss.dll [AUTO] DcomLaunch
Service C:\Windows\System32\defragsvc.dll [MANUAL] defragsvc
Service C:\Windows\System32\Drivers\dfsc.sys [SYSTEM] DfsC
Service C:\Windows\system32\dhcpcore.dll [AUTO] Dhcp
Service C:\Windows\System32\drivers\discache.sys [SYSTEM] discache
Service C:\Windows\system32\DRIVERS\disk.sys [BOOT] Disk
Service C:\Windows\System32\dnsrslvr.dll [AUTO] Dnscache
Service C:\Windows\System32\dot3svc.dll [MANUAL] dot3svc
Service C:\Windows\system32\dps.dll [AUTO] DPS
Service C:\Windows\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\Windows\System32\drivers\dxgkrnl.sys [MANUAL] DXGKrnl
Service C:\Windows\System32\eapsvc.dll [MANUAL] EapHost
Service C:\Windows\system32\DRIVERS\evbda.sys [MANUAL] ebdrv
Service C:\Windows\System32\lsass.exe [AUTO] EFS
Service C:\Windows\ehome\ehRecvr.exe [MANUAL] ehRecvr
Service C:\Windows\ehome\ehsched.exe [MANUAL] ehSched
Service Elantech
Service C:\Windows\system32\DRIVERS\elxstor.sys [MANUAL] elxstor
Service C:\Windows\system32\drivers\errdev.sys [MANUAL] ErrDev
Service C:\Windows\system32\esentprf.dll ESENT
Service C:\Windows\system32\DRIVERS\ETD.sys [MANUAL] ETD
Service C:\Windows\System32\wevtsvc.dll [AUTO] eventlog
Service C:\Windows\system32\es.dll [AUTO] EventSystem
Service C:\Windows\system32\drivers\exfat.sys [MANUAL] exfat
Service C:\Windows\system32\drivers\fastfat.sys [MANUAL] fastfat
Service C:\Windows\system32\fxssvc.exe [MANUAL] Fax
Service C:\Windows\system32\DRIVERS\fdc.sys [MANUAL] fdc
Service C:\Windows\system32\fdPHost.dll [MANUAL] fdPHost
Service C:\Windows\system32\fdrespub.dll [MANUAL] FDResPub
Service C:\Windows\system32\drivers\fileinfo.sys [BOOT] FileInfo
Service C:\Windows\system32\drivers\filetrace.sys [MANUAL] Filetrace
Service C:\Windows\system32\DRIVERS\flpydisk.sys [MANUAL] flpydisk
Service C:\Windows\system32\drivers\fltmgr.sys [BOOT] FltMgr
Service C:\Windows\system32\FntCache.dll [AUTO] FontCache
Service C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [MANUAL] FontCache3.0.0.0
Service C:\Windows\System32\drivers\FsDepends.sys [MANUAL] FsDepends
Service C:\Windows\system32\DRIVERS\fssfltr.sys [MANUAL] fssfltr
Service C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [MANUAL] fsssvc
Service C:\Windows\system32\drivers\Fs_Rec.sys [BOOT] Fs_Rec
Service C:\Windows\System32\DRIVERS\fvevol.sys [BOOT] fvevol
Service C:\Windows\system32\DRIVERS\gagp30kx.sys [MANUAL] gagp30kx
Service C:\Windows\System32\gpsvc.dll [AUTO] gpsvc
Service C:\Windows\system32\drivers\hcw85cir.sys [MANUAL] hcw85cir
Service C:\Windows\system32\drivers\HdAudio.sys [MANUAL] HdAudAddService
Service C:\Windows\system32\drivers\HDAudBus.sys [MANUAL] HDAudBus
Service C:\Windows\system32\DRIVERS\HidBatt.sys [MANUAL] HidBatt
Service C:\Windows\system32\DRIVERS\hidbth.sys [MANUAL] HidBth
Service C:\Windows\system32\DRIVERS\hidir.sys [MANUAL] HidIr
Service C:\Windows\system32\hidserv.dll [MANUAL] hidserv
Service C:\Windows\system32\DRIVERS\hidusb.sys [MANUAL] HidUsb
Service C:\Windows\system32\kmsvc.dll [MANUAL] hkmsvc
Service C:\Windows\system32\ListSvc.dll [MANUAL] HomeGroupListener
Service C:\Windows\system32\provsvc.dll [MANUAL] HomeGroupProvider
Service C:\Windows\system32\drivers\HpSAMD.sys [MANUAL] HpSAMD
Service C:\Windows\system32\drivers\HTTP.sys [MANUAL] HTTP
Service C:\Windows\System32\drivers\hwpolicy.sys [BOOT] hwpolicy
Service C:\Windows\system32\drivers\i8042prt.sys [MANUAL] i8042prt
Service C:\Windows\system32\drivers\iaStorV.sys [MANUAL] iaStorV
Service C:\Program Files\IB Updater\ExtensionUpdaterService.exe [AUTO] IB Updater
Service C:\Windows\system32\dmwu.exe [AUTO] IBUpdaterService
Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [MANUAL] idsvc
Service C:\Windows\system32\DRIVERS\iirsp.sys [MANUAL] iirsp
Service C:\Windows\System32\ikeext.dll [MANUAL] IKEEXT
Service inetaccs
Service C:\Windows\system32\drivers\RTKVHD64.sys [MANUAL] IntcAzAudAddService
Service C:\Windows\system32\drivers\intelide.sys [MANUAL] intelide
Service C:\Windows\system32\DRIVERS\intelppm.sys [MANUAL] intelppm
Service C:\Windows\system32\ipbusenum.dll [MANUAL] IPBusEnum
Service C:\Windows\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\Windows\System32\iphlpsvc.dll [AUTO] iphlpsvc
Service C:\Windows\system32\drivers\IPMIDrv.sys [MANUAL] IPMIDRV
Service C:\Windows\System32\drivers\ipnat.sys [MANUAL] IPNAT
Service C:\Windows\system32\drivers\irenum.sys [MANUAL] IRENUM
Service C:\Windows\system32\drivers\isapnp.sys [MANUAL] isapnp
Service C:\Windows\system32\drivers\msiscsi.sys [MANUAL] iScsiPrt
Service C:\Windows\system32\DRIVERS\jmcr.sys [MANUAL] JMCR
Service C:\Windows\system32\DRIVERS\JME.sys [MANUAL] JME
Service C:\Windows\system32\drivers\kbdclass.sys [MANUAL] kbdclass
Service C:\Windows\system32\drivers\kbdhid.sys [MANUAL] kbdhid
Service C:\Windows\system32\DRIVERS\kbfiltr.sys [MANUAL] kbfiltr
Service C:\Windows\system32\lsass.exe [MANUAL] KeyIso
Service C:\Windows\System32\Drivers\ksecdd.sys [BOOT] KSecDD
Service C:\Windows\System32\Drivers\ksecpkg.sys [BOOT] KSecPkg
Service C:\Windows\system32\drivers\ksthunk.sys [MANUAL] ksthunk
Service C:\Windows\system32\msdtckrm.dll [MANUAL] KtmRm
Service C:\Windows\system32\srvsvc.dll [AUTO] LanmanServer
Service C:\Windows\System32\wkssvc.dll [AUTO] LanmanWorkstation
Service ldap
Service C:\Windows\system32\DRIVERS\lltdio.sys [AUTO] lltdio
Service C:\Windows\System32\lltdsvc.dll [MANUAL] lltdsvc
Service C:\Windows\System32\lmhsvc.dll [AUTO] lmhosts
Service C:\Windows\system32\Secur32.dll Lsa
Service C:\Windows\system32\DRIVERS\lsi_fc.sys [MANUAL] LSI_FC
Service C:\Windows\system32\DRIVERS\lsi_sas.sys [MANUAL] LSI_SAS
Service C:\Windows\system32\DRIVERS\lsi_sas2.sys [MANUAL] LSI_SAS2
Service C:\Windows\system32\DRIVERS\lsi_scsi.sys [MANUAL] LSI_SCSI
Service C:\Windows\system32\drivers\luafv.sys [AUTO] luafv
Service lullaby
Service C:\Windows\system32\lxcgcoms.exe [AUTO] lxcg_device
Service C:\Windows\system32\Mcx2Svc.dll [DISABLED] Mcx2Svc
Service C:\Windows\system32\DRIVERS\megasas.sys [MANUAL] megasas
Service C:\Windows\system32\DRIVERS\MegaSR.sys [MANUAL] MegaSR
Service C:\Windows\system32\mmcss.dll [AUTO] MMCSS
Service C:\Windows\system32\drivers\modem.sys [MANUAL] Modem
Service C:\Windows\system32\DRIVERS\monitor.sys [MANUAL] monitor
Service C:\Windows\system32\DRIVERS\mouclass.sys [MANUAL] mouclass
Service C:\Windows\system32\DRIVERS\mouhid.sys [MANUAL] mouhid
Service C:\Windows\System32\drivers\mountmgr.sys [BOOT] mountmgr
Service C:\Windows\system32\drivers\mpio.sys [MANUAL] mpio
Service C:\Windows\System32\drivers\mpsdrv.sys [MANUAL] mpsdrv
Service C:\Windows\system32\mpssvc.dll [AUTO] MpsSvc
Service C:\Windows\system32\drivers\mrxdav.sys [MANUAL] MRxDAV
Service C:\Windows\system32\DRIVERS\mrxsmb.sys [MANUAL] mrxsmb
Service C:\Windows\system32\DRIVERS\mrxsmb10.sys [MANUAL] mrxsmb10
Service C:\Windows\system32\DRIVERS\mrxsmb20.sys [MANUAL] mrxsmb20
Service C:\Windows\system32\drivers\msahci.sys [BOOT] msahci
Service C:\Windows\system32\drivers\msdsm.sys [MANUAL] msdsm
Service C:\Windows\system32\msdtcuiu.DLL [MANUAL] MSDTC
Service C:\Windows\system32\NETFXPerf.dll MSDTC Bridge 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll MSDTC Bridge 4.0.0.0
Service C:\Windows\system32\drivers\Msfs.sys [SYSTEM] Msfs
Service C:\Windows\System32\drivers\mshidkmdf.sys [MANUAL] mshidkmdf
Service C:\Windows\system32\drivers\msisadrv.sys [BOOT] msisadrv
Service C:\Windows\system32\iscsiexe.dll [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe [MANUAL] msiserver
Service C:\Windows\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\Windows\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\Windows\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service C:\Windows\system32\drivers\MsRPC.sys [MANUAL] MsRPC
Service C:\Windows\system32\msscntrs.dll MSSCNTRS
Service C:\Windows\system32\drivers\mssmbios.sys [SYSTEM] mssmbios
Service C:\Windows\system32\drivers\MSTEE.sys [MANUAL] MSTEE
Service C:\Windows\system32\DRIVERS\MTConfig.sys [MANUAL] MTConfig
Service C:\Windows\system32\DRIVERS\ATK64AMD.sys [MANUAL] MTsensor
Service C:\Windows\System32\Drivers\mup.sys [BOOT] Mup
Service C:\Windows\system32\qagentRT.dll [MANUAL] napagent
Service C:\Windows\system32\DRIVERS\nwifi.sys [MANUAL] NativeWifiP
Service C:\Windows\system32\drivers\ndis.sys [BOOT] NDIS
Service C:\Windows\system32\DRIVERS\ndiscap.sys [MANUAL] NdisCap
Service C:\Windows\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\Windows\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\Windows\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service C:\Windows\system32\drivers\NDProxy.sys [MANUAL] NDProxy
Service C:\Windows\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\Windows\System32\DRIVERS\netbt.sys [SYSTEM] NetBT
Service C:\Windows\system32\lsass.exe [MANUAL] Netlogon
Service C:\Windows\System32\netman.dll [MANUAL] Netman
Service C:\Windows\System32\netprofm.dll [MANUAL] netprofm
Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [DISABLED] NetTcpPortSharing
Service C:\Windows\system32\DRIVERS\nfrd960.sys [MANUAL] nfrd960
Service C:\Windows\System32\nlasvc.dll [AUTO] NlaSvc
Service C:\Windows\system32\drivers\Npfs.sys [SYSTEM] Npfs
Service C:\Windows\system32\nsisvc.dll [AUTO] nsi
Service C:\Windows\system32\drivers\nsiproxy.sys [SYSTEM] nsiproxy
Service NTDS
Service C:\Windows\system32\drivers\Ntfs.sys [MANUAL] Ntfs
Service C:\Windows\system32\drivers\Null.sys [SYSTEM] Null
Service C:\Windows\system32\drivers\nvraid.sys [MANUAL] nvraid
Service C:\Windows\system32\drivers\nvstor.sys [MANUAL] nvstor
Service C:\Windows\system32\drivers\nv_agp.sys [MANUAL] nv_agp
Service C:\Windows\system32\drivers\ohci1394.sys [MANUAL] ohci1394
Service C:\Windows\system32\pnrpsvc.dll [MANUAL] p2pimsvc
Service C:\Windows\system32\p2psvc.dll [MANUAL] p2psvc
Service C:\Windows\system32\DRIVERS\parport.sys [MANUAL] Parport
Service C:\Windows\System32\drivers\partmgr.sys [BOOT] partmgr
Service C:\Windows\System32\pcasvc.dll [AUTO] PcaSvc
Service C:\Windows\system32\drivers\pci.sys [BOOT] pci
Service C:\Windows\system32\drivers\pciide.sys [BOOT] pciide
Service C:\Windows\system32\DRIVERS\pcmcia.sys [MANUAL] pcmcia
Service C:\Windows\System32\drivers\pcw.sys [BOOT] pcw
Service C:\Windows\system32\drivers\peauth.sys [AUTO] PEAUTH
Service C:\Windows\System32\perfdisk.dll PerfDisk
Service C:\Windows\SysWow64\perfhost.exe [MANUAL] PerfHost
Service C:\Windows\System32\perfnet.dll PerfNet
Service C:\Windows\System32\perfos.dll PerfOS
Service C:\Windows\System32\perfproc.dll PerfProc
Service C:\Windows\system32\pla.dll [MANUAL] pla
Service C:\Windows\system32\umpnpmgr.dll [AUTO] PlugPlay
Service C:\Windows\system32\pnrpauto.dll [MANUAL] PNRPAutoReg
Service C:\Windows\system32\pnrpsvc.dll [MANUAL] PNRPsvc
Service C:\Windows\System32\ipsecsvc.dll [MANUAL] PolicyAgent
Service PortProxy
Service C:\Windows\system32\umpo.dll [AUTO] Power
Service C:\Windows\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service C:\Windows\system32\DRIVERS\processr.sys [MANUAL] Processor
Service C:\Windows\system32\profsvc.dll [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe [MANUAL] ProtectedStorage
Service C:\Windows\system32\DRIVERS\pacer.sys [SYSTEM] Psched
Service C:\Windows\system32\DRIVERS\ql2300.sys [MANUAL] ql2300
Service C:\Windows\system32\DRIVERS\ql40xx.sys [MANUAL] ql40xx
Service C:\Windows\system32\qwave.dll [MANUAL] QWAVE
Service C:\Windows\system32\drivers\qwavedrv.sys [MANUAL] QWAVEdrv
Service C:\Windows\System32\DRIVERS\rasacd.sys [MANUAL] RasAcd
Service C:\Windows\system32\DRIVERS\AgileVpn.sys [MANUAL] RasAgileVpn
Service C:\Windows\System32\rasauto.dll [MANUAL] RasAuto
Service C:\Windows\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\Windows\System32\rasmans.dll [MANUAL] RasMan
Service C:\Windows\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\Windows\system32\DRIVERS\rassstp.sys [MANUAL] RasSstp
Service C:\Windows\system32\DRIVERS\rdbss.sys [SYSTEM] rdbss
Service C:\Windows\system32\DRIVERS\rdpbus.sys [MANUAL] rdpbus
Service C:\Windows\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD
Service RDPDD
Service C:\Windows\system32\drivers\rdpencdd.sys [SYSTEM] RDPENCDD
Service RDPNP
Service C:\Windows\system32\drivers\rdprefmp.sys [SYSTEM] RDPREFMP
Service C:\Windows\system32\drivers\RDPWD.sys [MANUAL] RDPWD
Service C:\Windows\system32\sysmain.dll [BOOT] rdyboost
Service C:\Windows\System32\mprdim.dll [DISABLED] RemoteAccess
Service C:\Windows\system32\regsvc.dll [MANUAL] RemoteRegistry
Service C:\Windows\System32\RpcEpMap.dll [AUTO] RpcEptMapper
Service C:\Windows\system32\locator.exe [MANUAL] RpcLocator
Service C:\Windows\system32\rpcss.dll [AUTO] RpcSs
Service C:\Windows\system32\DRIVERS\rspndr.sys [AUTO] rspndr
Service C:\Windows\system32\lsass.exe [AUTO] SamSs
Service C:\Windows\system32\drivers\sbp2port.sys [MANUAL] sbp2port
Service SBSDWSCService
Service C:\Windows\System32\SCardSvr.dll [MANUAL] SCardSvr
Service C:\Windows\System32\DRIVERS\scfilter.sys [MANUAL] scfilter
Service C:\Windows\system32\schedsvc.dll [AUTO] Schedule
Service C:\Windows\System32\certprop.dll [MANUAL] SCPolicySvc
Service C:\Windows\system32\drivers\sdbus.sys [MANUAL] sdbus
Service C:\Windows\System32\SDRSVC.dll [MANUAL] SDRSVC
Service C:\Windows\system32\drivers\secdrv.sys [AUTO] secdrv
Service C:\Windows\system32\seclogon.dll [MANUAL] seclogon
Service C:\Windows\System32\sens.dll [AUTO] SENS
Service C:\Windows\system32\sensrsvc.dll [MANUAL] SensrSvc
Service C:\Windows\system32\DRIVERS\serenum.sys [MANUAL] Serenum
Service C:\Windows\system32\DRIVERS\serial.sys [MANUAL] Serial
Service C:\Windows\system32\DRIVERS\sermouse.sys [MANUAL] sermouse
Service C:\Windows\system32\NETFXPerf.dll ServiceModelEndpoint 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll ServiceModelOperation 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll ServiceModelService 3.0.0.0
Service C:\Windows\system32\sessenv.dll [MANUAL] SessionEnv
Service C:\Windows\system32\drivers\sffdisk.sys [MANUAL] sffdisk
Service C:\Windows\system32\drivers\sffp_mmc.sys [MANUAL] sffp_mmc
Service C:\Windows\system32\drivers\sffp_sd.sys [MANUAL] sffp_sd
Service C:\Windows\system32\DRIVERS\sfloppy.sys [MANUAL] sfloppy
Service C:\Windows\System32\ipnathlp.dll [MANUAL] SharedAccess
Service C:\Windows\System32\shsvcs.dll [AUTO] ShellHWDetection
Service C:\Windows\system32\DRIVERS\SiSG664.sys [MANUAL] SiSGbeLH
Service C:\Windows\system32\DRIVERS\SiSRaid2.sys [MANUAL] SiSRaid2
Service C:\Windows\system32\DRIVERS\sisraid4.sys [MANUAL] SiSRaid4
Service C:\Windows\system32\DRIVERS\smb.sys [MANUAL] Smb
Service C:\Windows\system32\NETFXPerf.dll SMSvcHost 3.0.0.0
Service C:\Windows\system32\NETFXPerf.dll SMSvcHost 4.0.0.0
Service C:\Windows\System32\snmptrap.exe [MANUAL] SNMPTRAP
Service C:\Windows\system32\DRIVERS\snp2uvc.sys [MANUAL] SNP2UVC
Service C:\Windows\system32\drivers\spldr.sys [BOOT] spldr
Service C:\Windows\system32\winspool.drv [AUTO] Spooler
Service C:\Windows\system32\sppsvc.exe [AUTO] sppsvc
Service C:\Windows\system32\sppuinotify.dll [MANUAL] sppuinotify
Service C:\Windows\System32\DRIVERS\srv.sys [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys [MANUAL] srvnet
Service C:\Windows\System32\ssdpsrv.dll [MANUAL] SSDPSRV
Service C:\Windows\system32\sstpsvc.dll [MANUAL] SstpSvc
Service C:\Windows\system32\DRIVERS\stexstor.sys [MANUAL] stexstor
Service C:\Windows\System32\wiaservc.dll [AUTO] stisvc
Service C:\Windows\system32\drivers\swenum.sys [MANUAL] swenum
Service C:\Windows\System32\swprv.dll [MANUAL] swprv
Service C:\Windows\system32\sysmain.dll [AUTO] SysMain
Service C:\Windows\System32\TabSvc.dll [MANUAL] TabletInputService
Service C:\Windows\System32\tapisrv.dll [MANUAL] TapiSrv
Service C:\Windows\System32\tbssvc.dll [MANUAL] TBS
Service C:\Windows\System32\Perfctrs.dll [BOOT] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys [MANUAL] TCPIP6
Service TCPIP6TUNNEL
Service C:\Windows\System32\drivers\tcpipreg.sys [AUTO] tcpipreg
Service TCPIPTUNNEL
Service C:\Windows\system32\drivers\tdpipe.sys [MANUAL] TDPIPE
Service C:\Windows\system32\drivers\tdtcp.sys [MANUAL] TDTCP
Service C:\Windows\system32\DRIVERS\tdx.sys [SYSTEM] tdx
Service C:\Windows\system32\drivers\termdd.sys [SYSTEM] TermDD
Service C:\Windows\System32\termsrv.dll [MANUAL] TermService
Service C:\Windows\system32\themeservice.dll [AUTO] Themes
Service C:\Windows\system32\mmcss.dll [MANUAL] THREADORDER
Service [MANUAL] tmlwf
Service [MANUAL] tmwfp
Service C:\Windows\System32\trkwks.dll [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\System32\DRIVERS\tssecsrv.sys [MANUAL] tssecsrv
Service C:\Windows\system32\drivers\tsusbflt.sys [MANUAL] TsUsbFlt
Service C:\Windows\system32\DRIVERS\tunnel.sys [MANUAL] tunnel
Service C:\Windows\system32\DRIVERS\uagp35.sys [MANUAL] uagp35
Service C:\Windows\system32\DRIVERS\udfs.sys [DISABLED] udfs
Service C:\Windows\system32\msscntrs.dll UGatherer
Service C:\Windows\system32\msscntrs.dll UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe [MANUAL] UI0Detect
Service C:\Windows\system32\drivers\uliagpkx.sys [MANUAL] uliagpkx
Service C:\Windows\system32\drivers\umbus.sys [MANUAL] umbus
Service C:\Windows\system32\DRIVERS\umpass.sys [MANUAL] UmPass
Service C:\Windows\System32\upnphost.dll [MANUAL] upnphost
Service C:\Windows\system32\DRIVERS\usbccgp.sys [MANUAL] usbccgp
Service C:\Windows\system32\drivers\usbcir.sys [MANUAL] usbcir
Service C:\Windows\system32\drivers\usbehci.sys [MANUAL] usbehci
Service C:\Windows\system32\DRIVERS\usbfilter.sys [MANUAL] usbfilter
Service C:\Windows\system32\usbperf.dll [MANUAL] usbhub
Service C:\Windows\system32\drivers\usbohci.sys [MANUAL] usbohci
Service C:\Windows\system32\DRIVERS\usbprint.sys [MANUAL] usbprint
Service C:\Windows\system32\DRIVERS\usbscan.sys [MANUAL] usbscan
Service C:\Windows\system32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\Windows\system32\drivers\usbuhci.sys [MANUAL] usbuhci
Service C:\Windows\System32\Drivers\usbvideo.sys [MANUAL] usbvideo
Service C:\Windows\System32\uxsms.dll [AUTO] UxSms
Service C:\Windows\system32\lsass.exe [MANUAL] VaultSvc
Service C:\Windows\system32\drivers\vdrvroot.sys [BOOT] vdrvroot
Service C:\Windows\System32\vds.exe [MANUAL] vds
Service C:\Windows\system32\DRIVERS\vgapnp.sys [MANUAL] vga
Service C:\Windows\System32\drivers\vga.sys [SYSTEM] VgaSave
Service C:\Windows\system32\drivers\vhdmp.sys [MANUAL] vhdmp
Service C:\Windows\system32\drivers\viaide.sys [MANUAL] viaide
Service C:\Windows\system32\drivers\volmgr.sys [BOOT] volmgr
Service C:\Windows\System32\drivers\volmgrx.sys [BOOT] volmgrx
Service C:\Windows\system32\drivers\volsnap.sys [BOOT] volsnap
Service C:\Windows\system32\DRIVERS\vsmraid.sys [MANUAL] vsmraid
Service C:\Windows\system32\vssvc.exe [MANUAL] VSS
Service C:\Windows\system32\DRIVERS\vwifibus.sys [MANUAL] vwifibus
Service C:\Windows\system32\DRIVERS\vwififlt.sys [SYSTEM] vwififlt
Service C:\Windows\system32\DRIVERS\vwifimp.sys [MANUAL] vwifimp
Service C:\Windows\system32\w32time.dll [MANUAL] W32Time
Service W3SVC
Service C:\Windows\system32\DRIVERS\wacompen.sys [MANUAL] WacomPen
Service C:\Windows\system32\DRIVERS\wanarp.sys [MANUAL] WANARP
Service C:\Windows\system32\DRIVERS\wanarp.sys [SYSTEM] Wanarpv6
Service C:\Windows\system32\wbengine.exe [MANUAL] wbengine
Service C:\Windows\System32\wbiosrvc.dll [MANUAL] WbioSrvc
Service C:\Windows\System32\wcncsvc.dll [MANUAL] wcncsvc
Service C:\Windows\System32\WcsPlugInService.dll [MANUAL] WcsPlugInService
Service C:\Windows\system32\DRIVERS\wd.sys [MANUAL] Wd
Service C:\Windows\system32\drivers\Wdf01000.sys [BOOT] Wdf01000
Service C:\Windows\system32\wdi.dll [MANUAL] WdiServiceHost
Service C:\Windows\system32\wdi.dll [MANUAL] WdiSystemHost
Service C:\Windows\System32\webclnt.dll [MANUAL] WebClient
Service C:\Windows\system32\wecsvc.dll [MANUAL] Wecsvc
Service C:\Windows\System32\wercplsupport.dll [MANUAL] wercplsupport
Service C:\Windows\System32\WerSvc.dll [MANUAL] WerSvc
Service C:\Windows\system32\DRIVERS\wfplwf.sys [SYSTEM] WfpLwf
Service C:\Windows\system32\DRIVERS\wimfltr.sys [MANUAL] WimFltr
Service C:\Windows\system32\drivers\wimmount.sys [MANUAL] WIMMount
Service C:\Program Files (x86)\Windows Defender\mpsvc.dll [MANUAL] WinDefend
Service C:\Windows\system32\netfxperf.dll Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\winhttp.dll [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\wbem\WMIsvc.dll [AUTO] Winmgmt
Service C:\Windows\system32\WsmSvc.dll [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service C:\Windows\system32\DRIVERS\WinUsb.sys [MANUAL] WinUsb
Service C:\Windows\System32\wlansvc.dll [AUTO] Wlansvc
Service C:\Windows\system32\drivers\wmiacpi.sys [MANUAL] WmiAcpi
Service C:\Windows\system32\wbem\wmiaprpl.dll WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe [MANUAL] wmiApSrv
Service C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [AUTO] WMPNetworkSvc
Service C:\Windows\System32\wpcsvc.dll [MANUAL] WPCSvc
Service C:\Windows\system32\wpdbusenum.dll [MANUAL] WPDBusEnum
Service C:\Windows\system32\drivers\ws2ifsl.sys [DISABLED] ws2ifsl
Service C:\Windows\System32\wscsvc.dll [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe [AUTO] WSearch
Service C:\Windows\system32\tquery.dll WSearchIdxPi
Service C:\Windows\system32\wuaueng.dll [AUTO] wuauserv
Service C:\Windows\system32\drivers\WudfPf.sys [MANUAL] WudfPf
Service C:\Windows\system32\DRIVERS\WUDFRd.sys [MANUAL] WUDFRd
Service C:\Windows\System32\WUDFSvc.dll [AUTO] wudfsvc
Service C:\Windows\System32\wwansvc.dll [MANUAL] WwanSvc
Service xmlprov
Service {15A65E77-2F7A-4D4B-973F-C4AD35E548A8}
Service {6A116793-55B0-4F04-8D2E-BE72BC23279D}
Service {992F027E-8965-4116-B6A3-224D8050CACC}
---- EOF - GMER 2.1 ----
AVIRA - Ergebnisse: Code:
ATTFilter Exportierte Ereignisse:
22.05.2013 20:57 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar8.zip'
enthielt einen Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic].
Durchgeführte Aktion(en):
Der Fund wurde als verdächtig eingestuft.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55808183.qua'
verschoben!
22.05.2013 20:57 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar8.zip'
wurde ein Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
22.05.2013 20:57 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar8.zip'
wurde ein Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.05.2013 20:57 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar7.zip'
enthielt einen Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic].
Durchgeführte Aktion(en):
Der Fund wurde als verdächtig eingestuft.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5499870d.qua'
verschoben!
22.05.2013 20:56 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar7.zip'
wurde ein Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
22.05.2013 20:56 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar7.zip'
wurde ein Virus oder unerwünschtes Programm 'GEN/PwdZIP' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.05.2013 15:22 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Denise\AppData\Local\Temp\nsu9510.tmp\141\PricePeep_4302013.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Agent.635596.1'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55e9551a.qua'
verschoben!
22.05.2013 15:21 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Denise\AppData\Local\Temp\nsu9510.tmp\141\PricePeep_4302013.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.635596.1' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
22.05.2013 15:21 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Denise\AppData\Local\Temp\nsu9510.tmp\141\PricePeep_4302013.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.635596.1' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
SPYBOT - Search & Destroy: Code:
ATTFilter IncrediBar: [SBI $8722EB7F] Einstellungen (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
IncrediBar: [SBI $8722EB7F] Einstellungen (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
IncrediBar: [SBI $499FBB8D] Einstellungen (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_CLASSES_ROOT\AppID\Extension.DLL
IncrediBar: [SBI $499FBB8D] Einstellungen (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_CLASSES_ROOT\AppID\Extension.DLL
IncrediBar: [SBI $4A0F744C] Root class (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject
IncrediBar: [SBI $4A0F744C] Root class (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
IncrediBar: [SBI $4A0F744C] Class ID (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
IncrediBar: [SBI $4A0F744C] Browser helper object (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
IncrediBar: [SBI $4A0F744C] Root class (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
IncrediBar: [SBI $4A0F744C] Class ID (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
IncrediBar: [SBI $4A0F744C] Browser helper object (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
IncrediBar: [SBI $4A0F744C] Root class (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Extension.ExtensionHelperObject
IncrediBar: [SBI $74F85EF4] Einstellungen (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
IncrediBar: [SBI $74F85EF4] Einstellungen (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
IncrediBar: [SBI $1EF302F2] Einstellungen (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
IncrediBar: [SBI $1EF302F2] Einstellungen (Registrierungsdatenbank-Schlüssel, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-11-16 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-05-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-05-22 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-05-22 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-05-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-05-22 Includes\TrojansC-03.sbi (*)
2013-05-16 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
|
|
24.05.2013, 15:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner incredibar mystart Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.05.2013, 21:06
| #5 |
| | Trojaner incredibar mystart Hallo, ich habe die Anweisungen abgearbeitet und hier sind meine Ergebnisse: MBAR (Malwarebytes Anti-Rootkit) Nr. 1 Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.24.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Denise :: DENISE-PC [administrator]
24.05.2013 20:59:16
mbar-log-2013-05-24 (20-59-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26882
Time elapsed: 9 minute(s), 58 second(s)
Memory Processes Detected: 1
c:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 1844 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\MICROSOFT\Handle (Malware.Trace) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
c:\Users\Denise\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Delete on reboot.
c:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Delete on reboot.
(end)
MBAR (Malwarebytes Anti-Rootkit) Nr. 2 Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.24.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Denise :: DENISE-PC [administrator]
24.05.2013 21:23:28
mbar-log-2013-05-24 (21-23-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26876
Time elapsed: 12 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
aswMBR Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-24 21:24:53
-----------------------------
21:24:53.145 OS Version: Windows x64 6.1.7601 Service Pack 1
21:24:53.145 Number of processors: 2 586 0x603
21:24:53.145 ComputerName: DENISE-PC UserName: Denise
21:24:53.925 Initialize success
21:28:22.482 AVAST engine defs: 13052400
21:28:31.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
21:28:31.218 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
21:28:31.327 Disk 0 MBR read successfully
21:28:31.342 Disk 0 MBR scan
21:28:31.358 Disk 0 Windows 7 default MBR code
21:28:31.358 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
21:28:31.374 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 40965750
21:28:31.374 Disk 0 Partition - 00 0F Extended LBA 208932 MB offset 197246976
21:28:31.405 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 208931 MB offset 197249024
21:28:31.514 Disk 0 scanning C:\Windows\system32\drivers
21:28:44.337 Service scanning
21:29:12.339 Modules scanning
21:29:12.355 Disk 0 trace - called modules:
21:29:12.402 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
21:29:12.417 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ead060]
21:29:12.417 3 CLASSPNP.SYS[fffff8800192043f] -> nt!IofCallDriver -> [0xfffffa8004e35040]
21:29:12.433 5 amdxata.sys[fffff8800108a7a8] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa8004e31060]
21:29:13.385 AVAST engine scan C:\Windows
21:29:16.224 AVAST engine scan C:\Windows\system32
21:33:22.221 AVAST engine scan C:\Windows\system32\drivers
21:33:37.587 AVAST engine scan C:\Users\Denise
21:40:56.431 AVAST engine scan C:\ProgramData
21:41:31.469 Scan finished successfully
21:42:09.018 Disk 0 MBR has been saved successfully to "C:\Users\Denise\Desktop\MBR.dat"
21:42:09.033 The log file has been saved successfully to "C:\Users\Denise\Desktop\aswMBR.txt"
TDSS-Killer Code:
ATTFilter 21:45:55.0926 1184 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:45:56.0144 1184 ============================================================
21:45:56.0144 1184 Current date / time: 2013/05/24 21:45:56.0144
21:45:56.0144 1184 SystemInfo:
21:45:56.0144 1184
21:45:56.0144 1184 OS Version: 6.1.7601 ServicePack: 1.0
21:45:56.0144 1184 Product type: Workstation
21:45:56.0144 1184 ComputerName: DENISE-PC
21:45:56.0144 1184 UserName: Denise
21:45:56.0144 1184 Windows directory: C:\Windows
21:45:56.0144 1184 System windows directory: C:\Windows
21:45:56.0144 1184 Running under WOW64
21:45:56.0144 1184 Processor architecture: Intel x64
21:45:56.0144 1184 Number of processors: 2
21:45:56.0144 1184 Page size: 0x1000
21:45:56.0144 1184 Boot type: Normal boot
21:45:56.0144 1184 ============================================================
21:45:57.0221 1184 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:45:57.0221 1184 ============================================================
21:45:57.0221 1184 \Device\Harddisk0\DR0:
21:45:57.0221 1184 MBR partitions:
21:45:57.0221 1184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x950A408
21:45:57.0236 1184 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBC1C800, BlocksNum 0x19811800
21:45:57.0236 1184 ============================================================
21:45:57.0330 1184 C: <-> \Device\Harddisk0\DR0\Partition1
21:45:57.0564 1184 D: <-> \Device\Harddisk0\DR0\Partition2
21:45:57.0564 1184 ============================================================
21:45:57.0564 1184 Initialize success
21:45:57.0564 1184 ============================================================
21:49:48.0101 2272 ============================================================
21:49:48.0101 2272 Scan started
21:49:48.0101 2272 Mode: Manual; SigCheck; TDLFS;
21:49:48.0101 2272 ============================================================
21:49:49.0178 2272 ================ Scan system memory ========================
21:49:49.0178 2272 System memory - ok
21:49:49.0178 2272 ================ Scan services =============================
21:49:49.0365 2272 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:49:49.0474 2272 1394ohci - ok
21:49:49.0536 2272 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:49:49.0568 2272 ACPI - ok
21:49:49.0583 2272 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:49:49.0614 2272 AcpiPmi - ok
21:49:49.0786 2272 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:49:49.0817 2272 AdobeFlashPlayerUpdateSvc - ok
21:49:49.0895 2272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:49:49.0926 2272 adp94xx - ok
21:49:49.0942 2272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:49:49.0973 2272 adpahci - ok
21:49:50.0004 2272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:49:50.0020 2272 adpu320 - ok
21:49:50.0036 2272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:49:50.0114 2272 AeLookupSvc - ok
21:49:50.0160 2272 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:49:50.0223 2272 AFD - ok
21:49:50.0254 2272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:49:50.0270 2272 agp440 - ok
21:49:50.0301 2272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:49:50.0348 2272 ALG - ok
21:49:50.0394 2272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:49:50.0410 2272 aliide - ok
21:49:50.0457 2272 [ EC803C6CA6D6FDEE5DE77641426E72BE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:49:50.0519 2272 AMD External Events Utility - ok
21:49:50.0535 2272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:49:50.0550 2272 amdide - ok
21:49:50.0597 2272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:49:50.0660 2272 AmdK8 - ok
21:49:50.0894 2272 [ 09FBE3B09F9A8B5EEA6A10D3C1D55888 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:49:51.0128 2272 amdkmdag - ok
21:49:51.0159 2272 [ 63B54A51E9BF3645063A1A0709F0E52A ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:49:51.0190 2272 amdkmdap - ok
21:49:51.0221 2272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:49:51.0268 2272 AmdPPM - ok
21:49:51.0299 2272 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
21:49:51.0346 2272 amdsata - ok
21:49:51.0377 2272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:49:51.0408 2272 amdsbs - ok
21:49:51.0424 2272 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
21:49:51.0440 2272 amdxata - ok
21:49:51.0689 2272 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:49:51.0705 2272 AntiVirSchedulerService - ok
21:49:51.0767 2272 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:49:51.0783 2272 AntiVirService - ok
21:49:51.0830 2272 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:49:51.0923 2272 AppID - ok
21:49:51.0939 2272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:49:52.0001 2272 AppIDSvc - ok
21:49:52.0032 2272 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
21:49:52.0079 2272 Appinfo - ok
21:49:52.0126 2272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:49:52.0157 2272 arc - ok
21:49:52.0173 2272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:49:52.0188 2272 arcsas - ok
21:49:52.0282 2272 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
21:49:52.0313 2272 ASLDRService - ok
21:49:52.0329 2272 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:49:52.0344 2272 ASMMAP64 - ok
21:49:52.0376 2272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:49:52.0438 2272 AsyncMac - ok
21:49:52.0469 2272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:49:52.0485 2272 atapi - ok
21:49:52.0563 2272 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:49:52.0656 2272 athr - ok
21:49:52.0703 2272 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:49:52.0719 2272 AtiHdmiService - ok
21:49:52.0766 2272 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
21:49:52.0781 2272 AtiPcie - ok
21:49:52.0797 2272 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
21:49:52.0828 2272 ATKGFNEXSrv - ok
21:49:52.0875 2272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:49:52.0953 2272 AudioEndpointBuilder - ok
21:49:52.0984 2272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:49:53.0015 2272 AudioSrv - ok
21:49:53.0062 2272 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:49:53.0078 2272 avgntflt - ok
21:49:53.0124 2272 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:49:53.0140 2272 avipbb - ok
21:49:53.0187 2272 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:49:53.0187 2272 avkmgr - ok
21:49:53.0234 2272 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:49:53.0280 2272 AxInstSV - ok
21:49:53.0327 2272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:49:53.0390 2272 b06bdrv - ok
21:49:53.0468 2272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:49:53.0608 2272 b57nd60a - ok
21:49:53.0717 2272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:49:53.0780 2272 BDESVC - ok
21:49:53.0811 2272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:49:53.0889 2272 Beep - ok
21:49:53.0951 2272 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:49:54.0014 2272 BFE - ok
21:49:54.0045 2272 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:49:54.0123 2272 BITS - ok
21:49:54.0138 2272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:49:54.0170 2272 blbdrive - ok
21:49:54.0201 2272 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:49:54.0232 2272 bowser - ok
21:49:54.0263 2272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:49:54.0294 2272 BrFiltLo - ok
21:49:54.0310 2272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:49:54.0326 2272 BrFiltUp - ok
21:49:54.0357 2272 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:49:54.0388 2272 Browser - ok
21:49:54.0404 2272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:49:54.0435 2272 Brserid - ok
21:49:54.0466 2272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:49:54.0482 2272 BrSerWdm - ok
21:49:54.0497 2272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:49:54.0528 2272 BrUsbMdm - ok
21:49:54.0544 2272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:49:54.0560 2272 BrUsbSer - ok
21:49:54.0606 2272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:49:54.0653 2272 BTHMODEM - ok
21:49:54.0700 2272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:49:54.0731 2272 bthserv - ok
21:49:54.0762 2272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:49:54.0809 2272 cdfs - ok
21:49:54.0887 2272 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:49:54.0981 2272 cdrom - ok
21:49:55.0184 2272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:49:55.0308 2272 CertPropSvc - ok
21:49:55.0355 2272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:49:55.0371 2272 circlass - ok
21:49:55.0386 2272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:49:55.0418 2272 CLFS - ok
21:49:55.0496 2272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:49:55.0511 2272 clr_optimization_v2.0.50727_32 - ok
21:49:55.0574 2272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:49:55.0589 2272 clr_optimization_v2.0.50727_64 - ok
21:49:55.0808 2272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:49:55.0839 2272 clr_optimization_v4.0.30319_32 - ok
21:49:55.0964 2272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:49:55.0995 2272 clr_optimization_v4.0.30319_64 - ok
21:49:56.0026 2272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:49:56.0057 2272 CmBatt - ok
21:49:56.0088 2272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:49:56.0104 2272 cmdide - ok
21:49:56.0135 2272 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:49:56.0182 2272 CNG - ok
21:49:56.0229 2272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:49:56.0260 2272 Compbatt - ok
21:49:56.0291 2272 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:49:56.0338 2272 CompositeBus - ok
21:49:56.0354 2272 COMSysApp - ok
21:49:56.0385 2272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:49:56.0400 2272 crcdisk - ok
21:49:56.0447 2272 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:49:56.0478 2272 CryptSvc - ok
21:49:56.0525 2272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:49:56.0572 2272 DcomLaunch - ok
21:49:56.0603 2272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:49:56.0666 2272 defragsvc - ok
21:49:56.0697 2272 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:49:56.0759 2272 DfsC - ok
21:49:56.0790 2272 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:49:56.0853 2272 Dhcp - ok
21:49:56.0868 2272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:49:56.0946 2272 discache - ok
21:49:56.0978 2272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:49:56.0993 2272 Disk - ok
21:49:57.0024 2272 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:49:57.0056 2272 Dnscache - ok
21:49:57.0102 2272 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:49:57.0149 2272 dot3svc - ok
21:49:57.0196 2272 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:49:57.0243 2272 DPS - ok
21:49:57.0274 2272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:49:57.0305 2272 drmkaud - ok
21:49:57.0352 2272 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:49:57.0414 2272 DXGKrnl - ok
21:49:57.0446 2272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:49:57.0492 2272 EapHost - ok
21:49:57.0633 2272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:49:57.0758 2272 ebdrv - ok
21:49:57.0789 2272 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:49:57.0820 2272 EFS - ok
21:49:57.0898 2272 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:49:57.0960 2272 ehRecvr - ok
21:49:57.0976 2272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:49:58.0023 2272 ehSched - ok
21:49:58.0085 2272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:49:58.0132 2272 elxstor - ok
21:49:58.0163 2272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:49:58.0179 2272 ErrDev - ok
21:49:58.0210 2272 [ 06C94BE9D9E1E6411429433A64A76936 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
21:49:58.0241 2272 ETD - ok
21:49:58.0272 2272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:49:58.0319 2272 EventSystem - ok
21:49:58.0335 2272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:49:58.0397 2272 exfat - ok
21:49:58.0428 2272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:49:58.0506 2272 fastfat - ok
21:49:58.0569 2272 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:49:58.0600 2272 Fax - ok
21:49:58.0631 2272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:49:58.0647 2272 fdc - ok
21:49:58.0678 2272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:49:58.0709 2272 fdPHost - ok
21:49:58.0725 2272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:49:58.0772 2272 FDResPub - ok
21:49:58.0803 2272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:49:58.0818 2272 FileInfo - ok
21:49:58.0818 2272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:49:58.0881 2272 Filetrace - ok
21:49:58.0912 2272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:49:58.0928 2272 flpydisk - ok
21:49:58.0974 2272 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:49:59.0006 2272 FltMgr - ok
21:49:59.0084 2272 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:49:59.0162 2272 FontCache - ok
21:49:59.0240 2272 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:49:59.0255 2272 FontCache3.0.0.0 - ok
21:49:59.0286 2272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:49:59.0302 2272 FsDepends - ok
21:49:59.0349 2272 [ 5814011B2F6E088E29D689B5FCD49B8F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:49:59.0364 2272 fssfltr - ok
21:49:59.0427 2272 [ F6717211C1EC2CDDAA81B97B0727C2E9 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:49:59.0489 2272 fsssvc - ok
21:49:59.0505 2272 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:49:59.0520 2272 Fs_Rec - ok
21:49:59.0567 2272 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:49:59.0583 2272 fvevol - ok
21:49:59.0630 2272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:49:59.0630 2272 gagp30kx - ok
21:49:59.0676 2272 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:49:59.0754 2272 gpsvc - ok
21:49:59.0786 2272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:49:59.0801 2272 hcw85cir - ok
21:49:59.0864 2272 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:49:59.0910 2272 HdAudAddService - ok
21:49:59.0942 2272 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:49:59.0957 2272 HDAudBus - ok
21:49:59.0988 2272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:50:00.0020 2272 HidBatt - ok
21:50:00.0051 2272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:50:00.0082 2272 HidBth - ok
21:50:00.0098 2272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:50:00.0113 2272 HidIr - ok
21:50:00.0160 2272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:50:00.0238 2272 hidserv - ok
21:50:00.0285 2272 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:50:00.0347 2272 HidUsb - ok
21:50:00.0394 2272 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:50:00.0488 2272 hkmsvc - ok
21:50:00.0581 2272 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:50:00.0690 2272 HomeGroupListener - ok
21:50:00.0722 2272 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:50:00.0784 2272 HomeGroupProvider - ok
21:50:00.0815 2272 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:50:00.0846 2272 HpSAMD - ok
21:50:00.0909 2272 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:50:00.0987 2272 HTTP - ok
21:50:01.0018 2272 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:50:01.0034 2272 hwpolicy - ok
21:50:01.0065 2272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:50:01.0096 2272 i8042prt - ok
21:50:01.0127 2272 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:50:01.0158 2272 iaStorV - ok
21:50:01.0252 2272 [ CEDB27BACA286F063C3A11D44AF530AE ] IB Updater C:\Program Files\IB Updater\ExtensionUpdaterService.exe
21:50:01.0283 2272 IB Updater - ok
21:50:01.0330 2272 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:50:01.0346 2272 idsvc - ok
21:50:01.0377 2272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:50:01.0392 2272 iirsp - ok
21:50:01.0439 2272 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:50:01.0486 2272 IKEEXT - ok
21:50:01.0595 2272 [ 6E4CCB3AFF07E2B9F2A937385C84B573 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:50:01.0689 2272 IntcAzAudAddService - ok
21:50:01.0704 2272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:50:01.0720 2272 intelide - ok
21:50:01.0751 2272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:50:01.0782 2272 intelppm - ok
21:50:01.0829 2272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:50:01.0892 2272 IPBusEnum - ok
21:50:01.0907 2272 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:50:01.0954 2272 IpFilterDriver - ok
21:50:01.0985 2272 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:50:02.0048 2272 iphlpsvc - ok
21:50:02.0063 2272 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:50:02.0094 2272 IPMIDRV - ok
21:50:02.0126 2272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:50:02.0172 2272 IPNAT - ok
21:50:02.0204 2272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:50:02.0250 2272 IRENUM - ok
21:50:02.0282 2272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:50:02.0297 2272 isapnp - ok
21:50:02.0328 2272 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:50:02.0344 2272 iScsiPrt - ok
21:50:02.0375 2272 [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
21:50:02.0406 2272 JMCR - ok
21:50:02.0469 2272 [ DE4B2249D95C7815D06A39EA5FF4EE53 ] JME C:\Windows\system32\DRIVERS\JME.sys
21:50:02.0484 2272 JME - ok
21:50:02.0516 2272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:50:02.0531 2272 kbdclass - ok
21:50:02.0562 2272 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:50:02.0609 2272 kbdhid - ok
21:50:02.0656 2272 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
21:50:02.0656 2272 kbfiltr - ok
21:50:02.0672 2272 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:50:02.0687 2272 KeyIso - ok
21:50:02.0718 2272 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:50:02.0750 2272 KSecDD - ok
21:50:02.0781 2272 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:50:02.0796 2272 KSecPkg - ok
21:50:02.0843 2272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:50:02.0921 2272 ksthunk - ok
21:50:02.0968 2272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:50:03.0030 2272 KtmRm - ok
21:50:03.0093 2272 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:50:03.0171 2272 LanmanServer - ok
21:50:03.0218 2272 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:50:03.0264 2272 LanmanWorkstation - ok
21:50:03.0296 2272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:50:03.0342 2272 lltdio - ok
21:50:03.0374 2272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:50:03.0452 2272 lltdsvc - ok
21:50:03.0467 2272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:50:03.0514 2272 lmhosts - ok
21:50:03.0561 2272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:50:03.0576 2272 LSI_FC - ok
21:50:03.0608 2272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:50:03.0623 2272 LSI_SAS - ok
21:50:03.0639 2272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:50:03.0639 2272 LSI_SAS2 - ok
21:50:03.0654 2272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:50:03.0670 2272 LSI_SCSI - ok
21:50:03.0717 2272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:50:03.0795 2272 luafv - ok
21:50:03.0826 2272 lxcg_device - ok
21:50:03.0857 2272 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:50:03.0904 2272 Mcx2Svc - ok
21:50:03.0935 2272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:50:03.0951 2272 megasas - ok
21:50:03.0966 2272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:50:03.0998 2272 MegaSR - ok
21:50:04.0013 2272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:50:04.0091 2272 MMCSS - ok
21:50:04.0107 2272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:50:04.0185 2272 Modem - ok
21:50:04.0216 2272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:50:04.0232 2272 monitor - ok
21:50:04.0247 2272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:50:04.0263 2272 mouclass - ok
21:50:04.0278 2272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:50:04.0310 2272 mouhid - ok
21:50:04.0341 2272 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:50:04.0356 2272 mountmgr - ok
21:50:04.0372 2272 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:50:04.0388 2272 mpio - ok
21:50:04.0403 2272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:50:04.0450 2272 mpsdrv - ok
21:50:04.0512 2272 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:50:04.0590 2272 MpsSvc - ok
21:50:04.0606 2272 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:50:04.0637 2272 MRxDAV - ok
21:50:04.0700 2272 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:50:04.0731 2272 mrxsmb - ok
21:50:04.0793 2272 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:50:04.0840 2272 mrxsmb10 - ok
21:50:04.0856 2272 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:50:04.0887 2272 mrxsmb20 - ok
21:50:04.0918 2272 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:50:04.0934 2272 msahci - ok
21:50:04.0965 2272 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:50:04.0980 2272 msdsm - ok
21:50:04.0996 2272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:50:05.0027 2272 MSDTC - ok
21:50:05.0058 2272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:50:05.0121 2272 Msfs - ok
21:50:05.0152 2272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:50:05.0199 2272 mshidkmdf - ok
21:50:05.0230 2272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:50:05.0246 2272 msisadrv - ok
21:50:05.0277 2272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:50:05.0324 2272 MSiSCSI - ok
21:50:05.0324 2272 msiserver - ok
21:50:05.0370 2272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:50:05.0448 2272 MSKSSRV - ok
21:50:05.0464 2272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:50:05.0526 2272 MSPCLOCK - ok
21:50:05.0542 2272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:50:05.0589 2272 MSPQM - ok
21:50:05.0620 2272 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:50:05.0636 2272 MsRPC - ok
21:50:05.0714 2272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:50:05.0745 2272 mssmbios - ok
21:50:05.0776 2272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:50:05.0838 2272 MSTEE - ok
21:50:05.0854 2272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:50:05.0901 2272 MTConfig - ok
21:50:05.0948 2272 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
21:50:05.0948 2272 MTsensor - ok
21:50:05.0979 2272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:50:05.0994 2272 Mup - ok
21:50:06.0026 2272 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:50:06.0088 2272 napagent - ok
21:50:06.0135 2272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:50:06.0182 2272 NativeWifiP - ok
21:50:06.0228 2272 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:50:06.0260 2272 NDIS - ok
21:50:06.0291 2272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:50:06.0338 2272 NdisCap - ok
21:50:06.0369 2272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:50:06.0416 2272 NdisTapi - ok
21:50:06.0462 2272 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:50:06.0525 2272 Ndisuio - ok
21:50:06.0556 2272 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:50:06.0618 2272 NdisWan - ok
21:50:06.0665 2272 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:50:06.0696 2272 NDProxy - ok
21:50:06.0743 2272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:50:06.0821 2272 NetBIOS - ok
21:50:06.0852 2272 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:50:06.0899 2272 NetBT - ok
21:50:06.0930 2272 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:50:06.0946 2272 Netlogon - ok
21:50:06.0977 2272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:50:07.0040 2272 Netman - ok
21:50:07.0055 2272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:50:07.0118 2272 netprofm - ok
21:50:07.0149 2272 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:50:07.0164 2272 NetTcpPortSharing - ok
21:50:07.0196 2272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:50:07.0211 2272 nfrd960 - ok
21:50:07.0258 2272 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:50:07.0320 2272 NlaSvc - ok
21:50:07.0352 2272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:50:07.0383 2272 Npfs - ok
21:50:07.0414 2272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:50:07.0461 2272 nsi - ok
21:50:07.0476 2272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:50:07.0523 2272 nsiproxy - ok
21:50:07.0601 2272 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:50:07.0695 2272 Ntfs - ok
21:50:07.0710 2272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:50:07.0788 2272 Null - ok
21:50:07.0835 2272 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:50:07.0882 2272 nvraid - ok
21:50:07.0882 2272 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:50:07.0898 2272 nvstor - ok
21:50:07.0929 2272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:50:07.0944 2272 nv_agp - ok
21:50:07.0960 2272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:50:07.0991 2272 ohci1394 - ok
21:50:08.0022 2272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:50:08.0038 2272 p2pimsvc - ok
21:50:08.0085 2272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:50:08.0116 2272 p2psvc - ok
21:50:08.0132 2272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:50:08.0163 2272 Parport - ok
21:50:08.0194 2272 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:50:08.0210 2272 partmgr - ok
21:50:08.0225 2272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:50:08.0256 2272 PcaSvc - ok
21:50:08.0288 2272 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:50:08.0303 2272 pci - ok
21:50:08.0303 2272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:50:08.0319 2272 pciide - ok
21:50:08.0350 2272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:50:08.0366 2272 pcmcia - ok
21:50:08.0397 2272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:50:08.0397 2272 pcw - ok
21:50:08.0428 2272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:50:08.0490 2272 PEAUTH - ok
21:50:08.0568 2272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:50:08.0615 2272 PerfHost - ok
21:50:08.0709 2272 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:50:08.0802 2272 pla - ok
21:50:08.0834 2272 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:50:08.0865 2272 PlugPlay - ok
21:50:08.0896 2272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:50:08.0927 2272 PNRPAutoReg - ok
21:50:08.0943 2272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:50:08.0958 2272 PNRPsvc - ok
21:50:09.0005 2272 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:50:09.0068 2272 PolicyAgent - ok
21:50:09.0099 2272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:50:09.0177 2272 Power - ok
21:50:09.0208 2272 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:50:09.0286 2272 PptpMiniport - ok
21:50:09.0302 2272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:50:09.0333 2272 Processor - ok
21:50:09.0380 2272 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
21:50:09.0426 2272 ProfSvc - ok
21:50:09.0442 2272 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:50:09.0458 2272 ProtectedStorage - ok
21:50:09.0489 2272 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:50:09.0536 2272 Psched - ok
21:50:09.0614 2272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:50:09.0676 2272 ql2300 - ok
21:50:09.0676 2272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:50:09.0692 2272 ql40xx - ok
21:50:09.0723 2272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:50:09.0754 2272 QWAVE - ok
21:50:09.0770 2272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:50:09.0801 2272 QWAVEdrv - ok
21:50:09.0816 2272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:50:09.0879 2272 RasAcd - ok
21:50:09.0910 2272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:50:09.0941 2272 RasAgileVpn - ok
21:50:09.0988 2272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:50:10.0066 2272 RasAuto - ok
21:50:10.0097 2272 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:50:10.0144 2272 Rasl2tp - ok
21:50:10.0160 2272 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:50:10.0222 2272 RasMan - ok
21:50:10.0253 2272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:50:10.0316 2272 RasPppoe - ok
21:50:10.0347 2272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:50:10.0394 2272 RasSstp - ok
21:50:10.0440 2272 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:50:10.0518 2272 rdbss - ok
21:50:10.0534 2272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:50:10.0565 2272 rdpbus - ok
21:50:10.0596 2272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:50:10.0659 2272 RDPCDD - ok
21:50:10.0674 2272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:50:10.0752 2272 RDPENCDD - ok
21:50:10.0768 2272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:50:10.0815 2272 RDPREFMP - ok
21:50:10.0846 2272 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:50:10.0893 2272 RDPWD - ok
21:50:10.0940 2272 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:50:10.0955 2272 rdyboost - ok
21:50:10.0986 2272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:50:11.0033 2272 RemoteAccess - ok
21:50:11.0064 2272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:50:11.0111 2272 RemoteRegistry - ok
21:50:11.0111 2272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:50:11.0174 2272 RpcEptMapper - ok
21:50:11.0205 2272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:50:11.0252 2272 RpcLocator - ok
21:50:11.0267 2272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:50:11.0314 2272 RpcSs - ok
21:50:11.0345 2272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:50:11.0392 2272 rspndr - ok
21:50:11.0423 2272 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:50:11.0423 2272 SamSs - ok
21:50:11.0454 2272 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:50:11.0470 2272 sbp2port - ok
21:50:11.0517 2272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:50:11.0564 2272 SCardSvr - ok
21:50:11.0610 2272 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:50:11.0704 2272 scfilter - ok
21:50:11.0751 2272 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:50:11.0844 2272 Schedule - ok
21:50:11.0876 2272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:50:11.0907 2272 SCPolicySvc - ok
21:50:11.0954 2272 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:50:11.0969 2272 sdbus - ok
21:50:12.0000 2272 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:50:12.0032 2272 SDRSVC - ok
21:50:12.0063 2272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:50:12.0110 2272 secdrv - ok
21:50:12.0156 2272 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:50:12.0219 2272 seclogon - ok
21:50:12.0250 2272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:50:12.0297 2272 SENS - ok
21:50:12.0328 2272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:50:12.0344 2272 SensrSvc - ok
21:50:12.0375 2272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:50:12.0406 2272 Serenum - ok
21:50:12.0437 2272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:50:12.0453 2272 Serial - ok
21:50:12.0484 2272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:50:12.0515 2272 sermouse - ok
21:50:12.0562 2272 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:50:12.0640 2272 SessionEnv - ok
21:50:12.0656 2272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:50:12.0703 2272 sffdisk - ok
21:50:12.0718 2272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:50:12.0749 2272 sffp_mmc - ok
21:50:12.0749 2272 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:50:12.0781 2272 sffp_sd - ok
21:50:12.0812 2272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:50:12.0843 2272 sfloppy - ok
21:50:12.0890 2272 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:50:12.0968 2272 SharedAccess - ok
21:50:12.0999 2272 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:50:13.0093 2272 ShellHWDetection - ok
21:50:13.0124 2272 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
21:50:13.0139 2272 SiSGbeLH - ok
21:50:13.0171 2272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:50:13.0171 2272 SiSRaid2 - ok
21:50:13.0202 2272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:50:13.0217 2272 SiSRaid4 - ok
21:50:13.0233 2272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:50:13.0264 2272 Smb - ok
21:50:13.0295 2272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:50:13.0342 2272 SNMPTRAP - ok
21:50:13.0436 2272 [ 2114518E55B380A3ACC28B2C27FD499A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
21:50:13.0545 2272 SNP2UVC - ok
21:50:13.0576 2272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:50:13.0576 2272 spldr - ok
21:50:13.0623 2272 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
21:50:13.0685 2272 Spooler - ok
21:50:13.0810 2272 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:50:13.0997 2272 sppsvc - ok
21:50:14.0029 2272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:50:14.0091 2272 sppuinotify - ok
21:50:14.0122 2272 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:50:14.0153 2272 srv - ok
21:50:14.0185 2272 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:50:14.0216 2272 srv2 - ok
21:50:14.0231 2272 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:50:14.0263 2272 srvnet - ok
21:50:14.0294 2272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:50:14.0356 2272 SSDPSRV - ok
21:50:14.0372 2272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:50:14.0419 2272 SstpSvc - ok
21:50:14.0450 2272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:50:14.0465 2272 stexstor - ok
21:50:14.0528 2272 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:50:14.0590 2272 stisvc - ok
21:50:14.0606 2272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:50:14.0621 2272 swenum - ok
21:50:14.0668 2272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:50:14.0731 2272 swprv - ok
21:50:14.0793 2272 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:50:14.0887 2272 SysMain - ok
21:50:14.0933 2272 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:50:14.0965 2272 TabletInputService - ok
21:50:14.0996 2272 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:50:15.0043 2272 TapiSrv - ok
21:50:15.0074 2272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:50:15.0105 2272 TBS - ok
21:50:15.0214 2272 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:50:15.0308 2272 Tcpip - ok
21:50:15.0370 2272 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:50:15.0417 2272 TCPIP6 - ok
21:50:15.0433 2272 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:50:15.0464 2272 tcpipreg - ok
21:50:15.0511 2272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:50:15.0526 2272 TDPIPE - ok
21:50:15.0557 2272 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:50:15.0557 2272 TDTCP - ok
21:50:15.0589 2272 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:50:15.0635 2272 tdx - ok
21:50:15.0667 2272 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:50:15.0682 2272 TermDD - ok
21:50:15.0713 2272 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:50:15.0776 2272 TermService - ok
21:50:15.0807 2272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:50:15.0838 2272 Themes - ok
21:50:15.0854 2272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:50:15.0901 2272 THREADORDER - ok
21:50:15.0916 2272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:50:15.0979 2272 TrkWks - ok
21:50:16.0041 2272 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:50:16.0103 2272 TrustedInstaller - ok
21:50:16.0135 2272 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:50:16.0213 2272 tssecsrv - ok
21:50:16.0259 2272 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:50:16.0306 2272 TsUsbFlt - ok
21:50:16.0337 2272 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:50:16.0400 2272 tunnel - ok
21:50:16.0447 2272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:50:16.0462 2272 uagp35 - ok
21:50:16.0493 2272 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:50:16.0540 2272 udfs - ok
21:50:16.0587 2272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:50:16.0603 2272 UI0Detect - ok
21:50:16.0634 2272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:50:16.0634 2272 uliagpkx - ok
21:50:16.0665 2272 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:50:16.0696 2272 umbus - ok
21:50:16.0727 2272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:50:16.0759 2272 UmPass - ok
21:50:16.0805 2272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:50:16.0883 2272 upnphost - ok
21:50:16.0915 2272 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:50:16.0946 2272 usbccgp - ok
21:50:16.0977 2272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:50:17.0008 2272 usbcir - ok
21:50:17.0039 2272 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:50:17.0055 2272 usbehci - ok
21:50:17.0102 2272 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
21:50:17.0133 2272 usbfilter - ok
21:50:17.0180 2272 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
21:50:17.0211 2272 usbhub - ok
21:50:17.0227 2272 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:50:17.0258 2272 usbohci - ok
21:50:17.0289 2272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:50:17.0320 2272 usbprint - ok
21:50:17.0351 2272 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:50:17.0383 2272 usbscan - ok
21:50:17.0414 2272 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:50:17.0445 2272 USBSTOR - ok
21:50:17.0461 2272 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:50:17.0476 2272 usbuhci - ok
21:50:17.0523 2272 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:50:17.0539 2272 usbvideo - ok
21:50:17.0570 2272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:50:17.0648 2272 UxSms - ok
21:50:17.0663 2272 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:50:17.0679 2272 VaultSvc - ok
21:50:17.0710 2272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:50:17.0710 2272 vdrvroot - ok
21:50:17.0773 2272 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:50:17.0851 2272 vds - ok
21:50:17.0882 2272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:50:17.0897 2272 vga - ok
21:50:17.0913 2272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:50:17.0991 2272 VgaSave - ok
21:50:18.0038 2272 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:50:18.0053 2272 vhdmp - ok
21:50:18.0069 2272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:50:18.0085 2272 viaide - ok
21:50:18.0100 2272 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:50:18.0116 2272 volmgr - ok
21:50:18.0147 2272 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:50:18.0163 2272 volmgrx - ok
21:50:18.0194 2272 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:50:18.0209 2272 volsnap - ok
21:50:18.0241 2272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:50:18.0256 2272 vsmraid - ok
21:50:18.0319 2272 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:50:18.0428 2272 VSS - ok
21:50:18.0459 2272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:50:18.0475 2272 vwifibus - ok
21:50:18.0490 2272 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:50:18.0521 2272 vwififlt - ok
21:50:18.0568 2272 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:50:18.0631 2272 vwifimp - ok
21:50:18.0662 2272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:50:18.0693 2272 W32Time - ok
21:50:18.0724 2272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:50:18.0740 2272 WacomPen - ok
21:50:18.0787 2272 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:50:18.0865 2272 WANARP - ok
21:50:18.0880 2272 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:50:18.0911 2272 Wanarpv6 - ok
21:50:18.0989 2272 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:50:19.0083 2272 wbengine - ok
21:50:19.0099 2272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:50:19.0130 2272 WbioSrvc - ok
21:50:19.0161 2272 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:50:19.0192 2272 wcncsvc - ok
21:50:19.0208 2272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:50:19.0239 2272 WcsPlugInService - ok
21:50:19.0270 2272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:50:19.0286 2272 Wd - ok
21:50:19.0317 2272 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:50:19.0333 2272 Wdf01000 - ok
21:50:19.0348 2272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:50:19.0379 2272 WdiServiceHost - ok
21:50:19.0395 2272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:50:19.0411 2272 WdiSystemHost - ok
21:50:19.0442 2272 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:50:19.0457 2272 WebClient - ok
21:50:19.0473 2272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:50:19.0535 2272 Wecsvc - ok
21:50:19.0551 2272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:50:19.0582 2272 wercplsupport - ok
21:50:19.0598 2272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:50:19.0660 2272 WerSvc - ok
21:50:19.0691 2272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:50:19.0723 2272 WfpLwf - ok
21:50:19.0754 2272 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:50:19.0769 2272 WimFltr - ok
21:50:19.0801 2272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:50:19.0816 2272 WIMMount - ok
21:50:19.0879 2272 WinDefend - ok
21:50:19.0894 2272 WinHttpAutoProxySvc - ok
21:50:19.0957 2272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:50:20.0035 2272 Winmgmt - ok
21:50:20.0113 2272 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:50:20.0269 2272 WinRM - ok
21:50:20.0315 2272 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:50:20.0347 2272 WinUsb - ok
21:50:20.0393 2272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:50:20.0456 2272 Wlansvc - ok
21:50:20.0487 2272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:50:20.0503 2272 WmiAcpi - ok
21:50:20.0534 2272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:50:20.0565 2272 wmiApSrv - ok
21:50:20.0596 2272 WMPNetworkSvc - ok
21:50:20.0627 2272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:50:20.0643 2272 WPCSvc - ok
21:50:20.0674 2272 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:50:20.0690 2272 WPDBusEnum - ok
21:50:20.0705 2272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:50:20.0752 2272 ws2ifsl - ok
21:50:20.0783 2272 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:50:20.0799 2272 wscsvc - ok
21:50:20.0799 2272 WSearch - ok
21:50:20.0893 2272 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:50:21.0002 2272 wuauserv - ok
21:50:21.0033 2272 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:50:21.0064 2272 WudfPf - ok
21:50:21.0095 2272 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:50:21.0127 2272 WUDFRd - ok
21:50:21.0158 2272 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:50:21.0189 2272 wudfsvc - ok
21:50:21.0220 2272 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:50:21.0251 2272 WwanSvc - ok
21:50:21.0283 2272 ================ Scan global ===============================
21:50:21.0314 2272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:50:21.0345 2272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:50:21.0376 2272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:50:21.0407 2272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:50:21.0454 2272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:50:21.0454 2272 [Global] - ok
21:50:21.0470 2272 ================ Scan MBR ==================================
21:50:21.0485 2272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:50:21.0985 2272 \Device\Harddisk0\DR0 - ok
21:50:21.0985 2272 ================ Scan VBR ==================================
21:50:21.0985 2272 [ 5B032C9980C033EFBA2A1537C8987487 ] \Device\Harddisk0\DR0\Partition1
21:50:21.0985 2272 \Device\Harddisk0\DR0\Partition1 - ok
21:50:22.0016 2272 [ 49BAC3C9B725C2EB332B5A54D2CEA80B ] \Device\Harddisk0\DR0\Partition2
21:50:22.0016 2272 \Device\Harddisk0\DR0\Partition2 - ok
21:50:22.0016 2272 ============================================================
21:50:22.0016 2272 Scan finished
21:50:22.0016 2272 ============================================================
21:50:22.0031 4856 Detected object count: 0
21:50:22.0031 4856 Actual detected object count: 0
21:50:48.0770 4592 Deinitialize success
|
|
24.05.2013, 21:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner incredibar mystart JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Trojaner incredibar mystart |
|
25.05.2013, 10:18
| #7 |
| | Trojaner incredibar mystart Hallo, ich habe alle weiteren Schritte durchgeführt. Jetzt bin ich mir nicht sicher, ob ich diesen befolgt habe: "Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden." Aber es gab keine merkbaren Konflikte und hier sind meine Ergebnisse: JRT - Junkware Removal Tool: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Denise on 25.05.2013 at 10:20:39,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] ib updater
Successfully deleted: [Service] ib updater
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ib updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\extension.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\softonicdownloader_fuer_winrar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\softonicdownloader_fuer_winrar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2431245
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\APNSTUB.EXE-967FFF60.pf
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Denise\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Denise\AppData\Roaming\opencandy"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.05.2013 at 10:25:12,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 25/05/2013 um 10:32:42 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Denise - DENISE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Denise\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\IB Updater
Ordner Gelöscht : C:\Users\Denise\AppData\LocalLow\softonic-de3
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
*************************
AdwCleaner[S1].txt - [12287 octets] - [25/05/2013 10:32:42]
########## EOF - C:\AdwCleaner[S1].txt - [12348 octets] ##########
OTL.txt: Code:
ATTFilter OTL logfile created on: 25.05.2013 10:43:59 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denise\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,71% Memory free 7,99 Gb Paging File | 6,49 Gb Available in Paging File | 81,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 35,56 Gb Free Space | 47,72% Space Free | Partition Type: NTFS Drive D: | 204,03 Gb Total Space | 75,93 Gb Free Space | 37,21% Space Free | Partition Type: NTFS Computer Name: DENISE-PC | User Name: Denise | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Denise\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (lxcg_device) -- C:\Windows\SysNative\lxcgcoms.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxcg_device) -- C:\Windows\SysWOW64\lxcgcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-2790905983-3176231043-3707956291-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15A65E77-2F7A-4D4B-973F-C4AD35E548A8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.25 10:20:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.25 10:20:08 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.25 10:18:03 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Denise\Desktop\JRT.exe [2013.05.24 20:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.24 20:42:41 | 000,000,000 | ---D | C] -- C:\Users\Denise\Desktop\mbar-1.05.0.1001 [2013.05.24 20:40:52 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.24 20:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.24 20:33:27 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Denise\Desktop\tdsskiller.exe [2013.05.24 20:30:18 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Denise\Desktop\aswMBR.exe [2013.05.24 13:49:53 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\TeamViewer [2013.05.22 21:33:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe [2013.05.22 14:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.05.19 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Denise\Desktop\drucken [2013.05.15 22:05:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 22:05:05 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 22:05:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.15 22:05:04 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 22:05:04 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.15 22:05:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.15 22:05:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.15 22:05:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.15 22:05:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.15 22:05:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.15 22:05:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.15 22:05:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.15 22:05:01 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 22:05:01 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 22:05:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 15:11:36 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 15:11:36 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 15:11:27 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 15:11:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 15:11:26 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 15:11:26 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.07 15:12:17 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 21:24:02 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\dvdcss [2013.04.30 15:45:18 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.04.30 15:45:18 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.04.30 15:45:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.04.30 15:45:17 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.30 15:45:17 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.30 15:45:17 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.30 15:45:17 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.04.30 15:45:17 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.30 15:45:17 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.04.30 15:45:17 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.30 15:45:17 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.30 15:45:17 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.30 15:45:17 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.30 15:45:17 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.30 15:45:17 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.30 15:45:17 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.30 15:45:17 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.30 15:45:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.30 15:45:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.30 15:45:17 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.30 15:45:17 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.30 15:45:17 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.30 15:45:17 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.30 15:45:17 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.30 15:45:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.30 15:45:17 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.30 15:45:17 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.30 15:45:17 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.30 15:45:17 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.30 15:45:17 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.30 15:45:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.30 15:45:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.30 15:45:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.30 15:45:17 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.30 15:45:17 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.30 15:45:16 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.30 15:45:16 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.30 15:45:16 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.30 15:45:16 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.30 15:45:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.30 15:45:16 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.30 15:45:16 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.30 15:45:16 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.30 15:45:16 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.30 15:45:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.30 15:45:16 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.30 15:45:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.30 15:45:16 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.30 15:45:16 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.30 15:45:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.30 15:45:16 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.30 15:45:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.30 15:45:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.04.30 15:43:36 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.04.30 15:43:36 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.04.30 15:43:36 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.04.30 15:43:36 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.04.30 15:43:36 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.04.30 15:43:36 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.04.30 15:43:36 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.04.30 15:43:36 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.04.30 15:43:36 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.04.30 15:43:36 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.04.30 15:43:36 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.04.30 15:43:36 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.04.30 15:43:36 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.04.30 15:43:36 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.04.30 15:43:36 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.04.30 15:43:36 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.04.30 15:43:36 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.04.30 15:43:36 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.04.30 15:43:36 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.04.30 15:43:36 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.04.30 15:43:36 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.04.30 15:43:36 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.30 15:43:36 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.30 15:43:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.30 15:43:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.30 15:43:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.30 15:43:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.30 15:43:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.30 15:43:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.30 15:43:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.30 15:43:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.30 15:43:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.30 15:43:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.30 15:43:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.30 15:43:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.30 15:43:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.30 15:43:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.30 15:43:36 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.30 15:43:36 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.30 15:43:35 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.04.30 15:43:35 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.25 10:42:46 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.25 10:42:46 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.25 10:34:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.25 10:34:37 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys [2013.05.25 10:29:09 | 000,632,031 | ---- | M] () -- C:\Users\Denise\Desktop\adwcleaner.exe [2013.05.25 10:18:03 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Denise\Desktop\JRT.exe [2013.05.24 21:49:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.24 21:42:09 | 000,000,512 | ---- | M] () -- C:\Users\Denise\Desktop\MBR.dat [2013.05.24 20:33:28 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Denise\Desktop\tdsskiller.exe [2013.05.24 20:31:41 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Denise\Desktop\aswMBR.exe [2013.05.24 20:27:19 | 012,917,756 | ---- | M] () -- C:\Users\Denise\Desktop\mbar-1.05.0.1001.zip [2013.05.23 18:24:26 | 000,377,856 | ---- | M] () -- C:\Users\Denise\Desktop\gmer_2.1.19163.exe [2013.05.23 17:45:35 | 000,000,000 | ---- | M] () -- C:\Users\Denise\defogger_reenable [2013.05.23 17:43:23 | 000,050,477 | ---- | M] () -- C:\Users\Denise\Desktop\Defogger.exe [2013.05.23 17:26:42 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.23 17:26:42 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.23 17:26:42 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.23 17:26:42 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.23 17:26:42 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 21:33:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe [2013.05.22 21:00:26 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.05.16 07:16:22 | 000,293,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 20:49:30 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 20:49:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.07 15:12:02 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 15:45:18 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.04.30 15:45:18 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.04.30 15:45:18 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.04.30 15:45:17 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.30 15:45:17 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.04.30 15:45:17 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.04.30 15:45:17 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.04.30 15:45:17 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.04.30 15:45:17 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.04.30 15:45:17 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.04.30 15:45:17 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.04.30 15:45:17 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.04.30 15:45:17 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.04.30 15:45:17 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.04.30 15:45:17 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.30 15:45:17 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.30 15:45:17 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.04.30 15:45:17 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.04.30 15:45:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.04.30 15:45:17 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.04.30 15:45:17 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.04.30 15:45:17 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.30 15:45:17 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.04.30 15:45:17 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.04.30 15:45:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.04.30 15:45:17 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.04.30 15:45:17 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.04.30 15:45:17 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.30 15:45:17 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.04.30 15:45:17 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.04.30 15:45:17 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.04.30 15:45:17 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.04.30 15:45:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.04.30 15:45:17 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 15:45:17 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.30 15:45:17 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.04.30 15:45:17 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.04.30 15:45:16 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.30 15:45:16 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.30 15:45:16 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.30 15:45:16 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.04.30 15:45:16 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.04.30 15:45:16 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.04.30 15:45:16 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.04.30 15:45:16 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.04.30 15:45:16 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.04.30 15:45:16 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.30 15:45:16 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.04.30 15:45:16 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.04.30 15:45:16 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.04.30 15:45:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.04.30 15:45:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.04.30 15:45:16 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.04.30 15:45:16 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.04.30 15:45:16 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.04.30 15:43:36 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.04.30 15:43:36 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.04.30 15:43:36 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.04.30 15:43:36 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.04.30 15:43:36 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.04.30 15:43:36 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.04.30 15:43:36 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.04.30 15:43:36 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.04.30 15:43:36 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.04.30 15:43:36 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.04.30 15:43:36 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.04.30 15:43:36 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.04.30 15:43:36 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.04.30 15:43:36 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.04.30 15:43:36 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.04.30 15:43:36 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.04.30 15:43:36 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.04.30 15:43:36 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.04.30 15:43:36 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.04.30 15:43:36 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.04.30 15:43:36 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.04.30 15:43:36 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.30 15:43:36 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.30 15:43:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.30 15:43:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.30 15:43:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.30 15:43:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.30 15:43:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.30 15:43:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.30 15:43:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.30 15:43:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.30 15:43:36 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.30 15:43:36 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.30 15:43:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.30 15:43:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.30 15:43:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.30 15:43:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.30 15:43:36 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.30 15:43:36 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.30 15:43:35 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.04.30 15:43:35 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.25 10:29:09 | 000,632,031 | ---- | C] () -- C:\Users\Denise\Desktop\adwcleaner.exe [2013.05.24 21:42:09 | 000,000,512 | ---- | C] () -- C:\Users\Denise\Desktop\MBR.dat [2013.05.24 20:27:12 | 012,917,756 | ---- | C] () -- C:\Users\Denise\Desktop\mbar-1.05.0.1001.zip [2013.05.23 18:24:26 | 000,377,856 | ---- | C] () -- C:\Users\Denise\Desktop\gmer_2.1.19163.exe [2013.05.23 17:45:35 | 000,000,000 | ---- | C] () -- C:\Users\Denise\defogger_reenable [2013.05.23 17:43:22 | 000,050,477 | ---- | C] () -- C:\Users\Denise\Desktop\Defogger.exe [2013.05.22 15:15:12 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.04.30 16:46:07 | 000,001,427 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.04.30 15:45:17 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.30 15:45:17 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.12 13:59:21 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcginst.dll [2013.01.12 13:59:20 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgserv.dll [2013.01.12 13:59:20 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgusb1.dll [2013.01.12 13:59:20 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcghbn3.dll [2013.01.12 13:59:20 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomc.dll [2013.01.12 13:59:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpmui.dll [2013.01.12 13:59:20 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcglmpm.dll [2013.01.12 13:59:20 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcoms.exe [2013.01.12 13:59:20 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcomm.dll [2013.01.12 13:59:20 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcginpa.dll [2013.01.12 13:59:20 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgiesc.dll [2013.01.12 13:59:20 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgih.exe [2013.01.12 13:59:20 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcgcomx.dll [2013.01.12 13:59:20 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgcfg.exe [2013.01.12 13:59:20 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgppls.exe [2013.01.12 13:59:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgprox.dll [2013.01.12 13:59:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcgpplc.dll [2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files (x86)\readme.html [2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link [2012.01.29 16:41:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.29 22:47:20 | 000,006,144 | ---- | C] () -- C:\Users\Denise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.02 01:35:29 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.12.13 15:03:49 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DVDVideoSoft [2010.10.29 22:49:39 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\EeeStorageUploader [2010.11.18 18:19:23 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\GrabPro [2010.11.18 16:47:42 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\OpenOffice.org [2012.01.17 20:22:36 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Orbit [2010.11.18 18:19:37 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\ProgSense [2010.10.29 23:40:51 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\SoftGrid Client [2013.05.24 13:49:53 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TeamViewer [2010.10.29 22:49:37 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\temp [2010.10.28 21:34:32 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TP [2010.11.14 16:09:59 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\uTorrent [2012.01.05 13:18:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\GrabPro ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 25.05.2013 10:43:59 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denise\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,71% Memory free
7,99 Gb Paging File | 6,49 Gb Available in Paging File | 81,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 35,56 Gb Free Space | 47,72% Space Free | Partition Type: NTFS
Drive D: | 204,03 Gb Total Space | 75,93 Gb Free Space | 37,21% Space Free | Partition Type: NTFS
Computer Name: DENISE-PC | User Name: Denise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18174A1A-EF90-4296-AE20-3AF596DC8396}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BE4B67D-E96E-4861-B060-4455552106B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B742543-F83A-4948-AE08-C85FBE43C255}" = lport=445 | protocol=6 | dir=in | app=system |
"{3686BE5D-2DF3-4F2D-9657-BC353F8D5C1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{373EAE0C-1B4A-472C-ADF2-41C2F518F146}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3FFAD635-0E69-41BD-BA88-096DD81BD88D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{429D8CB2-554C-4E36-B895-D06A2AEA2383}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{48E3DEB7-6D2F-469A-AEB1-9E5845B08400}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4E0BDF4E-9BD9-4EA6-B849-948FD92E5D19}" = rport=137 | protocol=17 | dir=out | app=system |
"{614A9280-FE3C-4696-B599-9DCB9AA48EF7}" = rport=138 | protocol=17 | dir=out | app=system |
"{6350FB49-556F-4E84-BC9B-11CB6BA994BD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6EDF3188-F15E-43A1-BDD5-404E4C03C448}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F03F0E4-1CFE-4FE5-88F8-F5941E86D3F6}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{712AEE25-09D8-4A70-B36D-2FD0DF2915CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B4F7AD0-AD16-4980-99F4-4C771C77FF3F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{85242B26-A63F-4A32-BEFC-DA1CC4BEEB3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{892A7EA5-BEBB-49DB-BD81-4701BD0DCBDA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D4BDB70-B34E-44FF-A381-B940FED0ED8C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9C94E852-91E5-4F89-B2AA-AF334EFDB00B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B8B85024-C4EE-4F93-AF87-5A0710E6B295}" = rport=139 | protocol=6 | dir=out | app=system |
"{B9445947-8D43-4BB6-AC12-3F72C972D675}" = lport=138 | protocol=17 | dir=in | app=system |
"{BAF19C97-D777-4A30-9081-3B9C721C3B02}" = lport=137 | protocol=17 | dir=in | app=system |
"{D5BD8131-A3E6-48FE-BB13-30E6FC8F23C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5BEAEF9-4949-4CFB-A0BC-1EC14BDDE01F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E0EFAA8F-D9C1-4B7D-A461-C0D2B140634F}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE42DB6C-B13C-4BD3-8C15-7BA4E8471704}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B39164-44B3-46B8-A6F3-CA3C1E0CC033}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{05053403-AB05-4D3E-81EC-FD732533A0E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0A5C7DC1-B9AA-4C2F-A94F-80EB8D33EA9A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1447CEFE-3417-4659-95C8-A83B9EE9FF32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1956FD72-4689-41C6-8984-1C5117406502}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{1D8B9EA8-9E49-48D7-8B56-453435899E41}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{39FD0657-9EFA-46DA-92B8-AFD541ACC54D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcgpswx.exe |
"{3A3A5475-780A-47D2-A6BE-D56E56E58B23}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcgpswx.exe |
"{3B8E6950-2547-4A42-8C41-F0CEFCC5A741}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B9820F1-3912-4DC3-ACF4-F9D51D023421}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe |
"{4D59AF5E-30E6-4DAA-9782-6733D481DE68}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{57DB00FC-F75E-4F76-9902-70BC03928486}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{6C6EB42D-7C61-478F-9F3C-88E7A3816F2B}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{6DE85FCF-331B-414C-8617-CE812F2D4DA8}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe |
"{81F3CA2E-9921-45EC-8A88-94225661DEE8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8343235E-85F3-4C41-A22A-B52A5ECCA685}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{84EA5FAA-D1FB-45E2-B7CC-4F2AE0C8F20B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{85F04BE6-569E-4351-8D37-B8BBAF847DBA}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{94057536-ED69-4447-9524-E3148E2D23CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A102C8EA-D4FF-41CD-BB90-B537B733ACF3}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{A63D664A-2461-4F34-A9A4-BEFA77CCDA29}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AE0BC919-6A29-4EE3-A4C5-FD3183461B1C}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B54BDD99-9CE5-411B-84F6-81C3E64915B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D036280C-99CE-446F-9ACC-3794CDB39901}" = protocol=6 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{E94FCF5C-3059-42F8-94E3-DDB95060A6D0}" = protocol=17 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{EEAAADB8-3E6C-4621-A3EE-4B028EEF5102}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F9DD65F9-A33E-4D39-A385-992829EE9B4A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{06DB7C1E-AEF6-4495-8D49-3289D7FE9181}D:\programme\mozilla\firefox.exe" = protocol=6 | dir=in | app=d:\programme\mozilla\firefox.exe |
"TCP Query User{42E8CC67-7BFE-421B-9620-D6FF9C1931B8}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe |
"TCP Query User{94CB0552-B663-41CD-81AD-7785528350AE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{AEE0AAE9-7DBA-41C9-9179-7302BA3ACF7B}D:\programme\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\programme\skype\phone\skype.exe |
"TCP Query User{B89E6B99-D8B7-4470-BDB3-94DF2CC43515}D:\programme\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\programme\skype\phone\skype.exe |
"TCP Query User{C6A0C597-4FC5-43DB-BDA2-3994EB638172}D:\programme\mozilla\firefox.exe" = protocol=6 | dir=in | app=d:\programme\mozilla\firefox.exe |
"TCP Query User{CBFFE990-A6CB-47FC-90EC-4557641DBB19}D:\programme\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\programme\orbitdownloader\orbitnet.exe |
"TCP Query User{EA375464-B19C-4210-8B83-56391237A797}D:\programme\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\programme\orbitdownloader\orbitnet.exe |
"UDP Query User{3D65F03F-1EEE-4DFC-9388-89E91EAF2C13}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{55948577-B8E6-4A16-872C-E03510A64A59}D:\programme\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\programme\orbitdownloader\orbitnet.exe |
"UDP Query User{74765467-5546-42D3-8F53-B703DA6B7A7F}D:\programme\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\programme\orbitdownloader\orbitnet.exe |
"UDP Query User{960B1BED-B6E2-42CF-B608-7712B8B14AE5}D:\programme\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\programme\skype\phone\skype.exe |
"UDP Query User{BE29B5F5-8F8C-46E8-A6EA-34F02C444E58}D:\programme\mozilla\firefox.exe" = protocol=17 | dir=in | app=d:\programme\mozilla\firefox.exe |
"UDP Query User{EE163E9A-6C22-426D-844A-49DAB17C6A70}D:\programme\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\programme\skype\phone\skype.exe |
"UDP Query User{F2457A80-8C1A-41FE-8661-DA22E6A73B90}D:\programme\mozilla\firefox.exe" = protocol=17 | dir=in | app=d:\programme\mozilla\firefox.exe |
"UDP Query User{F709B87C-3970-4FF0-8BF8-F2A2E90A8AF8}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{266058E0-8FB1-8487-C833-3697A3484E01}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C42CA929-C55C-4435-F6B2-160C10FD301E}" = ATI Catalyst Install Manager
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"Lexmark 2300 Series" = Lexmark 2300 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{1BAAF2F6-C688-ACB4-89C3-3D0D074CE59F}" = CCC Help Russian
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2CA575D0-4A39-13B7-C3F6-C12DCECB5BE4}" = CCC Help Finnish
"{2D12DFC6-4C5E-2734-5979-2D94798738F1}" = CCC Help Italian
"{33A51566-5216-B590-472F-D626C407E332}" = CCC Help Hungarian
"{38E5F2CE-F3B8-95C8-E2D2-E668ECF12FB3}" = CCC Help Greek
"{41B4578A-520D-375F-0702-51608CFDDA0F}" = CCC Help Norwegian
"{43233BDA-5837-0AA5-1624-4746516BCB01}" = CCC Help Dutch
"{44FAF589-DA07-039F-A7BF-09A846640A43}" = Catalyst Control Center Graphics Full Existing
"{47CB9C66-D023-34D2-98EB-541D05F89968}" = CCC Help Chinese Standard
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D409740-7A1C-52B4-D7E6-BB6C4F343140}" = CCC Help Spanish
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFDCD2E-1218-5101-747C-C9AA9443CB85}" = CCC Help Japanese
"{619D83DC-710E-203E-29EA-8318FB27C5E4}" = CCC Help Thai
"{6703F18D-12B3-7936-2DCA-5D50FD0E3235}" = CCC Help Polish
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6E08F573-FCF7-C933-5BC5-7B14FD5564E3}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AC9FA44-609F-8D70-5CC3-9C6A1E59CA4D}" = Catalyst Control Center Graphics Light
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{840E2658-DBA1-9A75-7C36-6C6E3F67FAC0}" = ccc-core-static
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BDD86A7-B184-BB3F-222C-BD24871C0021}" = CCC Help Turkish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1ABB2D1-3A6C-8598-CCCC-684625F4D451}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{B30B1C24-863A-B8D3-DB04-7037EE242486}" = CCC Help French
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B89F53E2-4461-16D4-66B5-285593D1BE07}" = CCC Help Chinese Traditional
"{BC3F09E3-E113-1856-855D-E90B073190D1}" = CCC Help Danish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE79D33C-6C74-2F72-2160-F0DB4C897B3D}" = Catalyst Control Center InstallProxy
"{C0A0FA0B-9C4C-1653-0A8D-5F1D92F38D16}" = CCC Help English
"{C9A00809-0A5A-39DD-C70F-B2CBDD4EA35A}" = Catalyst Control Center Graphics Previews Vista
"{D21D5B3B-0BCB-1809-5701-E59EFB4358E8}" = Catalyst Control Center Core Implementation
"{D619679A-64A9-4677-F2D9-BF2EB2746D61}" = CCC Help Portuguese
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEC9A274-AD86-3A16-4F17-22490EF597B4}" = CCC Help German
"{EF6ADCD6-C463-24C9-EEE0-6E07F5CC5182}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F99BB4A4-5C73-0E3B-59E4-41960860A26E}" = Catalyst Control Center Localization All
"{FF783F26-3A11-FD83-4B2E-7A7C423323C7}" = Catalyst Control Center Graphics Full New
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.13
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.05.2013 04:39:13 | Computer Name = Denise-PC | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16576 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: f68 Startzeit: 01ce592308a2e11b Endzeit: 16 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID:
< End of report >
|
|
26.05.2013, 17:51
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner incredibar mystart Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2013, 20:31
| #9 |
| | Trojaner incredibar mystart Hallo, ich habe gerade einen Vollscan mit Malwarbytes Anti-Malware gemacht, dieser hat eine infizierte Datei gefunden, welche ich laut der Anleitung auch gelöscht habe. Sie ist jetzt laut Programm in der Quarantäne. Momentan befinden sich dort 4 Posten. Den Online Scan mit ESET Online Scanner habe ich jetzt erst mal noch nicht gemacht, weil ich ein ungutes Gefühl dabei habe mit einem infizierten Computer sowie deaktivierter Firewall + Antivirusprogramm eine Internetverbindung zu halten. Soll ich diesen trotzdem machen? Und noch eine Frage: Sollte ich auch vor diesem Scan mein Antivirusprogramm deaktivieren? Dieses hat nämlich zwei Warnungen angezeigt und mir empfohlen ich solle eine Systemprüfung machen. --> "Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry blockiert." Vollscan mit Malwarebytes Anti-Malware (MBAM) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.26.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Denise :: DENISE-PC [Administrator] Schutz: Aktiviert 26.05.2013 19:33:14 mbam-log-2013-05-26 (19-33-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 382223 Laufzeit: 1 Stunde(n), 24 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Denise\Downloads\flashplayer_update_11_de.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
26.05.2013, 22:00
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner incredibar mystartZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2013, 15:29
| #11 |
| | Trojaner incredibar mystart Ok, hier ist die Log-Datei von dem ESET Scan Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=58eefbbb6e11ea409783f3c94a8d85c7
# engine=13925
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-27 02:20:31
# local_time=2013-05-27 04:20:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 6158 115431051 0 0
# compatibility_mode=5893 16776573 100 94 163838 121294281 0 0
# scanned=157191
# found=0
# cleaned=0
# scan_time=5131
|
|
27.05.2013, 16:06
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner incredibar mystart Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2013, 17:53
| #13 |
| | Trojaner incredibar mystart Vielen Dank! Nein, jetzt ist alles in Ordnung! Ich habe host file jetzt installiert, danke für den Tipp. Kann ich jetzt die Programme, die sich auf meinem Desktop angestaut haben alle löschen? (bei Malwarebytes sind auch noch vier Positionen in der Quarantäne). Vielleicht kannst du mir noch eine Frage beantworten. Bei meinem Akku blitzt seit einiger Zeit immer die Meldung auf, dass ich ihn auswechseln soll.... kann das mit den Sachen (malware?/ Trojaner?) zu tun haben, die wir in den letzten Tagen gelöscht haben? Und nicht, dass ich Gefahr laufe, dass es untergeht... noch mal ein herzliches  |
|
27.05.2013, 20:39
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner incredibar mystartZitat:
Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/ Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner incredibar mystart |
| ad-ons, adware/agent.635596.1, avira, ccleaner, computer, dateien, einträge, funde, gelöscht, gen/pwdzip, hinweis, hoffe, löschen, malware.trace, nicht löschen, pup.bundleinstaller.vg, pup.installbrain, pup.loadtubes, quarantäne, rechte, spybot, spyware, trojaner, trojaner incredibar mystart, würde |
Linear-Darstellung
