|  | 
| 
 | |||||||
| Plagegeister aller Art und deren Bekämpfung: Wurde mein PC infiziert? (besonderes Merkmal auf hacking)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. | 
|  | 
|  | 
|  24.06.2013, 21:26 | #1 | 
|  |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) Hallo liebes Forum, ich bin ein ziemlicher Leihe in Sachen PC-(schutz), habe jdeoch in letzter Zeit einige merkwürdige Dinge festgestellt. Dazu zählen schwächere Internetleistung, das sich öffnen von Programmen(insbesondere das Abspielen von Liedern, ohne das ich etwas tue) und das in meinem Onlinespiel auf einmal chraktäre erstellt werden, die nicht von mir kommen. Nun habe ich mein Antivirenprogramm(avira free Version) durchlaufen lassen, was jedoch nichts gefunden hat. Da die Probleme weiterhin bestehen, wende ich mich nun Hilfesuchend an euch Profis. Leider lässt mich mein PC die Programme Defogger und GMER nicht installieren, wobei ich auch noch Hilfe benötige. Hier einmal der erste Logg von OTL:OTL Logfile: Code: 
  ATTFilter OTL Extras logfile created on: 24.06.2013 22:07:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mein\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 9,19 Gb Available Physical Memory | 76,60% Memory free
23,98 Gb Paging File | 21,07 Gb Available in Paging File | 87,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 142,38 Gb Free Space | 47,78% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 297,71 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive E: | 688,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MEIN-PC | User Name: Mein | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CC3D56E-706B-4E42-9C8E-832C91E68C96}" = lport=445 | protocol=6 | dir=in | app=system | 
"{24987DB9-B78E-417E-B412-D9DD5665F979}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2F51E6BE-D9BB-46E9-9E9D-24AFA88D1B82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{32B83E0C-0835-4059-803F-66D531242F1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{33A43145-C34B-4285-B187-0370A3538F69}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3BEA4F7A-A2CF-45EC-8375-5A75AB2B06EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B0D1A60-90B8-48D1-9014-2BB18E5926CE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5880DE47-EBC3-4041-AF9C-316C56C5241F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7101175C-D6F0-4132-AF44-2DE8DE6FD217}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7D161DDB-F73C-4327-9BAA-6568FFDAEADE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7E68DC07-019C-4993-9885-75F6094E513D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8CB8F222-D719-4F7B-875D-8EC0F7C005F5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8CBF27D1-1FB2-4D29-96D4-65A08A9D6254}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9195FE3F-95FC-41DB-B3A3-5A095E4D39F0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{937FC426-43C5-4F1D-998A-6949E817CEEE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AC9FE2D8-CDB5-4728-8BB5-1D767E95052F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B6C8F2F1-1997-4320-9E7D-603C21262482}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D43361D9-858C-4A43-AECF-F15C475BA78F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D6415D4D-A30A-482A-9E30-954F8ADEEB91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EB2DF01C-7B2D-4981-A6AA-5BC19E8FD105}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F017E5E4-D417-430C-9A6E-D54D8AB1AEC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03937CD5-66C0-4448-857E-ADECAEB60339}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{0FC427F8-BAED-46E6-8BB7-E62BBF2D3654}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{1285D4A0-24A9-4CE3-819F-4B81EEC57D32}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{1493279B-9F89-4B37-8B15-BCB92D1A4800}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1BFD7538-89D0-49A1-BEA7-B3FA2F5CB288}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{1C972998-E0F4-4FAD-9DE9-A0A3B44E78C4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2487414C-5C52-4F92-A3D3-AB34A39141A0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{255470C7-B500-47B7-826A-D96ACED5C2A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{358F895A-9FD0-4FB9-A2F8-ABE526DB3C37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the cursed crusade\tcc.exe | 
"{36399C71-1AA5-4339-A687-1DC32A6EFCEA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{37B6AA1D-FC27-4D91-885B-F90FF76E29C3}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{3C911122-D7CF-4F51-BCA3-CCE745CDBC68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40E0B30E-4ECD-4F76-B094-B26D1CE80ADF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{5316DE15-4813-4E9B-8148-CCD77D060AAE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{55546609-85B7-4DE9-998A-2E686EDDC5A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5E12B451-0DD1-42EF-9CCA-48F4B9355E78}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{70602D63-8EEA-4ED4-ABF9-4111DBACB949}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{756319F2-6F9C-4FA2-A0F7-896AD22E0CEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{75E81801-E5A6-4444-B04D-EE8897240567}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{7BDDA243-2ECE-4902-8826-694A4466D630}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{7D66383D-9CD2-4A3E-8818-A1A8D8985852}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{84BBC85F-9567-451F-97B2-9581712484A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D71F842-C37F-42BC-9F53-74DF76A5A85F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{9104820B-CE10-4702-B86E-7D9F045553CC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{9269ED54-C274-4404-9CDA-BA1F5AF466C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{93C95A5A-8E7D-4A77-B38F-9C20A7174D92}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{972B91DF-1D01-47B9-A631-9B0A473CDB15}" = protocol=6 | dir=out | app=system | 
"{9D8365DC-1FA8-43D1-874F-D3F488C7BA52}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{9F52864B-9079-493E-959D-545AC61C3DE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A3168B32-CB0F-4F0B-9580-520DD375F3EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{A4E112F5-5393-4664-A64C-B13965685B83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B23BCCCD-9706-4D81-B600-5CFD34322F0F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{B597E5D6-8FCA-4581-96E7-0D5B864E7B82}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{B6F574F0-1231-4D9E-B57B-CF87EF88AD2D}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{BD8234AD-F538-4DF4-B052-B0B94CBA9CF9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{BDA19D49-5D13-469D-B6BE-70A19AA1B2A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{C06C9F24-E8F6-41E5-B3EC-83ECAC93D207}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C2C027BA-102A-4FEE-A0AB-CD5F55739145}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3092F6F-2FB4-46E9-8F37-A5DBEB6FA092}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the cursed crusade\tcc.exe | 
"{C7922CE8-9ACF-432B-B5E6-8B01ED72FE9A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C8171EB8-2BE6-44FC-B51B-BE57EC12CD34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA035C1F-C450-47B5-8DD0-7AD7B420088D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D0E322C6-0977-45DF-8447-15B3075FA7F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{D18D9CE6-865F-4C08-8B86-3FD09024BF4A}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{D2FA3FF3-2FA8-4213-B16F-CDD6D17E29BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DA11906B-BDE6-4CF1-937F-02A4AA49113C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DAED3E4F-F4C2-45EB-A6AE-E0B588CD1BD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DAFD14D3-97DD-4C53-BA6C-BFFA03F7C348}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E2214069-5830-438A-868A-B05FD2F08768}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9779422-6676-4DDC-9C3F-69D3E526D005}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{EC6EBFF5-6C7E-4250-A4A9-582E71D7F93E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F475361E-E70D-4B50-A0FB-F4E9991C5035}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8FB14BF-8A85-44B0-9A72-D904809FF656}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F9EB212A-CB05-4013-A9FC-E92B8F060D0F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"1ClickDownload" = FTDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"Guild Wars 2" = Guild Wars 2
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"mv61xxDriver" = marvell 61xx
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PartyPoker" = PartyPoker
"Plus-HD-2.2" = Plus-HD-2.2
"PunkBusterSvc" = PunkBuster Services
"Steam App 106000" = The Cursed Crusade
"Steam App 21100" = F.E.A.R. 3
"Steam App 43110" = Metro 2033
"Steam App 50650" = Darksiders II
"Steam App 550" = Left 4 Dead 2
"TeamViewer 7" = TeamViewer 7
"Warcraft III" = Warcraft III
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.06.2013 13:27:56 | Computer Name = Mein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16618,
 Zeitstempel: 0x51b2f318  Name des fehlerhaften Moduls: Plus-HD-2.2-bho.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x517e6933  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x09b5f422  ID des fehlerhaften Prozesses: 0x1428  Startzeit der fehlerhaften Anwendung:
 0x01ce6ea4a74d2ed6  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE  Pfad des fehlerhaften Moduls: Plus-HD-2.2-bho.dll  Berichtskennung:
 e882d650-da97-11e2-b9b1-c860008c47ce
 
Error - 22.06.2013 11:14:10 | Computer Name = Mein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16618,
 Zeitstempel: 0x51b2f318  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003331f  ID des fehlerhaften
 Prozesses: 0xe18  Startzeit der fehlerhaften Anwendung: 0x01ce6f45b318711d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 630cf46a-db4e-11e2-b9b1-c860008c47ce
 
Error - 23.06.2013 07:26:13 | Computer Name = Mein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16618,
 Zeitstempel: 0x51b2f318  Name des fehlerhaften Moduls: Plus-HD-2.2-bho.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x517e6933  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x08b7f422  ID des fehlerhaften Prozesses: 0x3fa4  Startzeit der fehlerhaften Anwendung:
 0x01ce6ffeb839f699  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE  Pfad des fehlerhaften Moduls: Plus-HD-2.2-bho.dll  Berichtskennung:
 b56c588e-dbf7-11e2-b9b1-c860008c47ce
 
Error - 23.06.2013 13:22:49 | Computer Name = Mein-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.06.2013 18:46:08 | Computer Name = Mein-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.06.2013 14:41:28 | Computer Name = Mein-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.06.2013 14:46:17 | Computer Name = Mein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16618,
 Zeitstempel: 0x51b2f318  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x748be294  ID des fehlerhaften
 Prozesses: 0x2184  Startzeit der fehlerhaften Anwendung: 0x01ce710b190c70d5  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 59e9e4e4-dcfe-11e2-b07c-c860008c47ce
 
Error - 24.06.2013 14:53:02 | Computer Name = Mein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16618,
 Zeitstempel: 0x51b2f318  Name des fehlerhaften Moduls: Plus-HD-2.2-bho.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x517e6933  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x0864f422  ID des fehlerhaften Prozesses: 0x1c84  Startzeit der fehlerhaften Anwendung:
 0x01ce710ae1c69d35  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE  Pfad des fehlerhaften Moduls: Plus-HD-2.2-bho.dll  Berichtskennung:
 4b4b6fe2-dcff-11e2-b07c-c860008c47ce
 
Error - 24.06.2013 14:58:38 | Computer Name = Mein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16618,
 Zeitstempel: 0x51b2f318  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x748be294  ID des fehlerhaften
 Prozesses: 0x11c4  Startzeit der fehlerhaften Anwendung: 0x01ce710b405292fc  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 1391c3ba-dd00-11e2-b07c-c860008c47ce
 
Error - 24.06.2013 15:04:00 | Computer Name = Mein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16618,
 Zeitstempel: 0x51b2f318  Name des fehlerhaften Moduls: Plus-HD-2.2-bho.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x517e6933  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x08f1f422  ID des fehlerhaften Prozesses: 0x1ca8  Startzeit der fehlerhaften Anwendung:
 0x01ce710d8f357744  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE  Pfad des fehlerhaften Moduls: Plus-HD-2.2-bho.dll  Berichtskennung:
 d37c88ee-dd00-11e2-b07c-c860008c47ce
 
Error - 24.06.2013 15:48:03 | Computer Name = Mein-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16618,
 Zeitstempel: 0x51b2f318  Name des fehlerhaften Moduls: Plus-HD-2.2-bho.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x517e6933  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x0775f422  ID des fehlerhaften Prozesses: 0x20f8  Startzeit der fehlerhaften Anwendung:
 0x01ce7113addce6f8  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE  Pfad des fehlerhaften Moduls: Plus-HD-2.2-bho.dll  Berichtskennung:
 fad6d04d-dd06-11e2-b07c-c860008c47ce
 
[ System Events ]
Error - 06.04.2013 03:16:13 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.04.2013 03:16:13 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 07.04.2013 03:20:04 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 07.04.2013 03:20:04 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 09.04.2013 13:57:42 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 09.04.2013 13:57:42 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 11.04.2013 06:04:37 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 11.04.2013 06:04:37 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 12.04.2013 02:13:40 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 12.04.2013 02:13:40 | Computer Name = Mein-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         Hier der zweite Log  OTL.txt)OTL Logfile: Code: 
  ATTFilter OTL logfile created on: 24.06.2013 22:07:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mein\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 9,19 Gb Available Physical Memory | 76,60% Memory free 23,98 Gb Paging File | 21,07 Gb Available in Paging File | 87,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 142,38 Gb Free Space | 47,78% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 297,71 Gb Free Space | 99,87% Space Free | Partition Type: NTFS Drive E: | 688,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MEIN-PC | User Name: Mein | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.06.24 21:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mein\Desktop\OTL.exe PRC - [2013.06.01 11:09:06 | 000,885,096 | ---- | M] (Plus HD) -- C:\program files (x86)\plus-hd-2.2\plus-hd-2.2-bg.exe PRC - [2013.05.31 19:31:51 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Mein\AppData\Roaming\WebCake\WebCakeDesktop.exe PRC - [2013.05.31 19:31:51 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe PRC - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.05.09 12:58:03 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.05.09 12:58:01 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.28 07:04:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 07:04:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.08 16:10:08 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.26 17:03:56 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.08.24 13:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2010.11.21 05:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.05.18 13:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe PRC - [2009.04.10 18:29:04 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe ========== Modules (No Company Name) ========== MOD - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe MOD - [2013.05.23 11:09:01 | 002,521,040 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll MOD - [2013.05.17 15:27:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.17 15:26:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013.02.07 14:46:55 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.07 14:46:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.02.07 14:46:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.07 14:46:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.06.06 02:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013.05.09 12:58:03 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.28 07:04:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 07:04:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.14 04:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.08.26 17:03:56 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.08.24 13:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.04.10 18:29:04 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.28 07:04:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.28 07:04:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.28 07:04:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.09.16 18:26:18 | 000,331,816 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv64xx.sys -- (mv64xx) DRV:64bit: - [2009.08.06 08:34:30 | 000,179,752 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.06 02:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=FA0BC860008C46B5 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=FA0BC860008C46B5 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 8F B9 0E 2A 83 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ss_din2g&mntrId=FA0BC860008C46B5 IE - HKCU\..\SearchScopes\{3B3C64D6-F282-4669-82E2-27C9C6F3B94D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) [2013.06.01 11:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Plus-HD-2.2) - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll (Plus HD) O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Mein\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11E2AACF-0885-430E-B5E4-A08B6F374FED}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80D60DF8-37BF-4AE0-957F-6E0D9B81CD52}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001.11.16 02:05:00 | 000,595,456 | R--- | M] (MAX DESIGN) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2001.11.16 02:05:00 | 000,000,766 | R--- | M] () - E:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2001.11.16 02:05:00 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{54ffb3c8-98f3-11e1-82d8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{54ffb3c8-98f3-11e1-82d8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2001.11.16 02:05:00 | 000,595,456 | R--- | M] (MAX DESIGN) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.24 21:53:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mein\Desktop\OTL.exe [2013.06.24 21:49:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.23 13:53:28 | 000,000,000 | ---D | C] -- C:\Users\Mein\AppData\Roaming\Malwarebytes [2013.06.23 13:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.23 13:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.23 13:53:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.23 13:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.23 12:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.06.23 12:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.06.23 12:48:44 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.06.23 12:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.06.23 12:46:14 | 000,000,000 | ---D | C] -- C:\Users\Mein\AppData\Local\Programs [2013.06.01 11:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent [2013.06.01 11:09:13 | 000,000,000 | ---D | C] -- C:\Users\Mein\AppData\Roaming\WebCake [2013.06.01 11:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake [2013.06.01 11:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.06.01 11:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-2.2 [2013.06.01 11:08:47 | 000,000,000 | ---D | C] -- C:\Users\Mein\AppData\Local\PutLockerDownloader [2013.06.01 11:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FTDownloader.com [2013.06.01 11:04:00 | 000,000,000 | ---D | C] -- C:\Users\Mein\Local Settings [2013.06.01 11:03:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.06.01 11:03:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.06.01 11:03:47 | 000,000,000 | ---D | C] -- C:\Users\Mein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.01 11:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.01 11:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.01 11:03:25 | 000,000,000 | ---D | C] -- C:\Users\Mein\AppData\Roaming\Babylon [2013.06.01 11:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.24 21:54:41 | 000,001,607 | ---- | M] () -- C:\Users\Mein\Documents\Malware.rtf [2013.06.24 21:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mein\Desktop\OTL.exe [2013.06.24 21:49:12 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.06.24 20:50:31 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2013.06.24 20:48:38 | 000,022,368 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.24 20:48:38 | 000,022,368 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.24 20:40:53 | 000,001,192 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-updater.job [2013.06.24 20:40:39 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-enabler.job [2013.06.24 20:40:36 | 000,001,196 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-codedownloader.job [2013.06.24 20:40:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.24 20:40:24 | 1066,745,854 | -HS- | M] () -- C:\hiberfil.sys [2013.06.23 13:53:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.23 12:48:49 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.06.18 09:24:17 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.18 09:24:17 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.12 21:53:11 | 000,608,025 | ---- | M] () -- C:\Users\Mein\Documents\WoWScrnShot_061213_212013.jpg [2013.06.12 21:53:02 | 000,598,530 | ---- | M] () -- C:\Users\Mein\Documents\WoWScrnShot_061213_212309.jpg [2013.06.10 09:02:24 | 426,279,110 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.01 11:08:40 | 000,000,870 | ---- | M] () -- C:\Users\Mein\Desktop\FTDownloader.lnk [2013.05.28 02:41:26 | 000,000,919 | ---- | M] () -- C:\Users\Mein\Desktop\Wow - Verknüpfung.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.24 21:54:39 | 000,001,607 | ---- | C] () -- C:\Users\Mein\Documents\Malware.rtf [2013.06.23 13:53:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.23 12:48:49 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.06.23 12:48:49 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.06.18 11:27:39 | 000,001,413 | ---- | C] () -- C:\Users\Mein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.06.18 09:24:17 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.18 09:24:17 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.12 21:53:04 | 000,608,025 | ---- | C] () -- C:\Users\Mein\Documents\WoWScrnShot_061213_212013.jpg [2013.06.12 21:52:55 | 000,598,530 | ---- | C] () -- C:\Users\Mein\Documents\WoWScrnShot_061213_212309.jpg [2013.06.01 11:09:42 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.06.01 11:09:08 | 000,001,192 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-updater.job [2013.06.01 11:09:06 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-enabler.job [2013.06.01 11:09:04 | 000,001,196 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.2-codedownloader.job [2013.06.01 11:08:40 | 000,000,870 | ---- | C] () -- C:\Users\Mein\Desktop\FTDownloader.lnk [2013.05.28 02:41:26 | 000,000,919 | ---- | C] () -- C:\Users\Mein\Desktop\Wow - Verknüpfung.lnk [2012.08.27 11:35:13 | 000,025,597 | ---- | C] () -- C:\Windows\War3Unin.dat [2012.08.27 08:08:47 | 000,000,092 | ---- | C] () -- C:\Users\Mein\AppData\Local\fusioncache.dat [2012.08.26 17:08:56 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.26 17:03:57 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.26 17:03:56 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.08.26 17:03:56 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.08 12:14:09 | 000,044,356 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.08 12:12:06 | 000,031,064 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.05.08 12:12:06 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2012.05.08 12:12:06 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.01 11:03:25 | 000,000,000 | ---D | M] -- C:\Users\Mein\AppData\Roaming\Babylon [2012.08.26 07:13:27 | 000,000,000 | ---D | M] -- C:\Users\Mein\AppData\Roaming\Day 1 Studios [2012.10.11 20:23:25 | 000,000,000 | ---D | M] -- C:\Users\Mein\AppData\Roaming\Party [2012.09.03 21:16:46 | 000,000,000 | ---D | M] -- C:\Users\Mein\AppData\Roaming\TeamViewer [2013.06.24 21:03:41 | 000,000,000 | ---D | M] -- C:\Users\Mein\AppData\Roaming\TS3Client [2013.04.05 18:55:03 | 000,000,000 | ---D | M] -- C:\Users\Mein\AppData\Roaming\ts3overlay [2013.02.24 17:11:50 | 000,000,000 | ---D | M] -- C:\Users\Mein\AppData\Roaming\ts3overlay_hook_win64 [2013.06.06 07:18:41 | 000,000,000 | ---D | M] -- C:\Users\Mein\AppData\Roaming\WebCake ========== Purity Check ========== < End of report > Ich hoffe das hilft euch ein wenig dabei mir zu helfen, falls noch andere Daten von mir benötigt werden bitte ich euch mir bescheid zu sagen. Mfg, Schorsch | 
|  24.06.2013, 22:33 | #2 | 
| /// Helfer-Team        |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) deinstalliere Spybot. dann: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem   Desktop. 
 Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers dann: Downloade Dir bitte  AdwCleaner auf deinen Desktop. 
 
				__________________ | 
|  25.06.2013, 19:29 | #3 | 
|  |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) Hallo lieber t'john, vorab danke für deine Hilfe. Ich habe leider ein Problem mit der Seite Filepony, weil sie mich nicht downloaden lässt, sobald ich auf den link zum runterladen klicke, acktualisiert er die Seite nur, lässt mich aber nicht runterladen/leitet mich nicht weiter. Kannst du mir evtl eine andere Seite zum runterladen der Programme geben oder mir helfen, sodass es doch funktioniert?__________________ Mfg, der Schorsch | 
|  26.06.2013, 09:57 | #4 | 
| /// Helfer-Team        |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) Bitte nochmal versuchen. Ggf. mit einem anderen Browser. | 
|  30.06.2013, 10:29 | #5 | 
|  |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) Hallo lieber t'john, hier der log von malwarebytes: Malwarebytes Anti-Rootkit BETA 1.06.0.1004 Malwarebytes : Free Anti-Malware download Database version: v2013.06.30.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Mein :: MEIN-PC [administrator] 30.06.2013 11:06:39 mbar-log-2013-06-30 (11-06-39).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 243422 Time elapsed: 6 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Hier der Log von ADW-Cleaner:AdwCleaner Logfile: Code: 
  ATTFilter # AdwCleaner v2.303 - Datei am 30/06/2013 um 11:18:05 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Mein - MEIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mein\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : BrowserDefendert
Gestoppt & Gelöscht : DvmMDES
Gestoppt & Gelöscht : WebCake Desktop Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Mein\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Mein\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-enabler.job
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-2.2-updater.job
Gelöscht mit Neustart : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-2.2
Ordner Gelöscht : C:\Program Files (x86)\WebCake
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Mein\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Mein\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Mein\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Mein\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Mein\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Mein\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Mein\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Mein\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Mein\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Mein\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Mein\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Mein\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Mein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Mein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\Mein\AppData\Roaming\WebCake
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Ich hoffe das hier gibt dir etwas Aufschluß zu meinem Problem, im voraus bedanke ich mich nochmal für deine Hilfe.
Mfg, der Schorsch
Der Log von ADW-Cleaner den ich ebn gepostet habe entspricht nicht dem in der Datei...
Der von ebn war der, der sich nach dem Neustart geöffnet hatte.
Hier der gewünschte Log:AdwCleaner Logfile:
--- --- --- Mfg, der Schorsch | 
|  30.06.2013, 20:07 | #6 | 
| /// Helfer-Team        |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking)Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu   vermeiden. 
 dann: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei   auf dem Desktop 
 
				__________________ --> Wurde mein PC infiziert? (besonderes Merkmal auf hacking) | 
|  01.07.2013, 13:08 | #7 | 
|  |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) Hallo T'john, hier der erste angeforderte Logfile:JRT Logfile: Code: 
  ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Mein on 01.07.2013 at 13:57:02,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.07.2013 at 13:59:09,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         Hier der zweite Logfile: 14:03:50.0126 12080 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:03:50.0391 12080 ============================================================ 14:03:50.0391 12080 Current date / time: 2013/07/01 14:03:50.0391 14:03:50.0391 12080 SystemInfo: 14:03:50.0391 12080 14:03:50.0391 12080 OS Version: 6.1.7601 ServicePack: 1.0 14:03:50.0391 12080 Product type: Workstation 14:03:50.0391 12080 ComputerName: MEIN-PC 14:03:50.0391 12080 UserName: Mein 14:03:50.0391 12080 Windows directory: C:\Windows 14:03:50.0391 12080 System windows directory: C:\Windows 14:03:50.0391 12080 Running under WOW64 14:03:50.0391 12080 Processor architecture: Intel x64 14:03:50.0391 12080 Number of processors: 8 14:03:50.0391 12080 Page size: 0x1000 14:03:50.0391 12080 Boot type: Normal boot 14:03:50.0391 12080 ============================================================ 14:03:55.0695 12080 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:03:55.0695 12080 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:03:55.0695 12080 ============================================================ 14:03:55.0695 12080 \Device\Harddisk0\DR0: 14:03:55.0695 12080 MBR partitions: 14:03:55.0695 12080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:03:55.0695 12080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800 14:03:55.0695 12080 \Device\Harddisk1\DR1: 14:03:55.0710 12080 MBR partitions: 14:03:55.0710 12080 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800 14:03:55.0710 12080 ============================================================ 14:03:55.0726 12080 C: <-> \Device\Harddisk0\DR0\Partition2 14:03:55.0757 12080 D: <-> \Device\Harddisk1\DR1\Partition1 14:03:55.0757 12080 ============================================================ 14:03:55.0757 12080 Initialize success 14:03:55.0757 12080 ============================================================ 14:04:07.0395 12184 ============================================================ 14:04:07.0395 12184 Scan started 14:04:07.0395 12184 Mode: Manual; SigCheck; TDLFS; 14:04:07.0395 12184 ============================================================ 14:04:07.0598 12184 ================ Scan system memory ======================== 14:04:07.0598 12184 System memory - ok 14:04:07.0598 12184 ================ Scan services ============================= 14:04:07.0722 12184 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 14:04:07.0785 12184 1394ohci - ok 14:04:07.0816 12184 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 14:04:07.0832 12184 ACPI - ok 14:04:07.0832 12184 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 14:04:07.0878 12184 AcpiPmi - ok 14:04:07.0925 12184 [ 1C090E86AFD15231377AD37436C3C719 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys 14:04:07.0972 12184 ADIHdAudAddService - ok 14:04:07.0988 12184 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:04:08.0019 12184 adp94xx - ok 14:04:08.0050 12184 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:04:08.0081 12184 adpahci - ok 14:04:08.0112 12184 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:04:08.0112 12184 adpu320 - ok 14:04:08.0144 12184 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE 14:04:08.0159 12184 AEADIFilters - ok 14:04:08.0206 12184 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:04:08.0237 12184 AeLookupSvc - ok 14:04:08.0300 12184 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 14:04:08.0331 12184 AFD - ok 14:04:08.0346 12184 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:04:08.0362 12184 agp440 - ok 14:04:08.0378 12184 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 14:04:08.0409 12184 ALG - ok 14:04:08.0456 12184 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 14:04:08.0471 12184 aliide - ok 14:04:08.0487 12184 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 14:04:08.0502 12184 amdide - ok 14:04:08.0534 12184 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:04:08.0549 12184 AmdK8 - ok 14:04:08.0580 12184 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 14:04:08.0612 12184 AmdPPM - ok 14:04:08.0627 12184 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 14:04:08.0643 12184 amdsata - ok 14:04:08.0674 12184 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 14:04:08.0690 12184 amdsbs - ok 14:04:08.0705 12184 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 14:04:08.0705 12184 amdxata - ok 14:04:08.0830 12184 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 14:04:08.0830 12184 AntiVirSchedulerService - ok 14:04:08.0892 12184 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 14:04:08.0892 12184 AntiVirService - ok 14:04:08.0908 12184 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 14:04:08.0924 12184 AntiVirWebService - ok 14:04:08.0939 12184 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 14:04:08.0986 12184 AppID - ok 14:04:09.0017 12184 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 14:04:09.0064 12184 AppIDSvc - ok 14:04:09.0126 12184 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 14:04:09.0158 12184 Appinfo - ok 14:04:09.0204 12184 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 14:04:09.0236 12184 AppMgmt - ok 14:04:09.0251 12184 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 14:04:09.0267 12184 arc - ok 14:04:09.0267 12184 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:04:09.0282 12184 arcsas - ok 14:04:09.0314 12184 aspnet_state - ok 14:04:09.0329 12184 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:04:09.0376 12184 AsyncMac - ok 14:04:09.0423 12184 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 14:04:09.0423 12184 atapi - ok 14:04:09.0438 12184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:04:09.0485 12184 AudioEndpointBuilder - ok 14:04:09.0501 12184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:04:09.0532 12184 AudioSrv - ok 14:04:09.0594 12184 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 14:04:09.0610 12184 avgntflt - ok 14:04:09.0657 12184 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 14:04:09.0672 12184 avipbb - ok 14:04:09.0719 12184 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 14:04:09.0719 12184 avkmgr - ok 14:04:09.0750 12184 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 14:04:09.0782 12184 AxInstSV - ok 14:04:09.0813 12184 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 14:04:09.0860 12184 b06bdrv - ok 14:04:09.0906 12184 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 14:04:09.0938 12184 b57nd60a - ok 14:04:09.0953 12184 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 14:04:09.0984 12184 BDESVC - ok 14:04:10.0016 12184 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 14:04:10.0062 12184 Beep - ok 14:04:10.0094 12184 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 14:04:10.0156 12184 BFE - ok 14:04:10.0187 12184 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 14:04:10.0265 12184 BITS - ok 14:04:10.0296 12184 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 14:04:10.0328 12184 blbdrive - ok 14:04:10.0390 12184 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:04:10.0406 12184 bowser - ok 14:04:10.0437 12184 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 14:04:10.0468 12184 BrFiltLo - ok 14:04:10.0468 12184 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 14:04:10.0484 12184 BrFiltUp - ok 14:04:10.0530 12184 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 14:04:10.0546 12184 Browser - ok 14:04:10.0562 12184 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 14:04:10.0608 12184 Brserid - ok 14:04:10.0624 12184 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 14:04:10.0655 12184 BrSerWdm - ok 14:04:10.0671 12184 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 14:04:10.0686 12184 BrUsbMdm - ok 14:04:10.0686 12184 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 14:04:10.0702 12184 BrUsbSer - ok 14:04:10.0718 12184 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:04:10.0733 12184 BTHMODEM - ok 14:04:10.0749 12184 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 14:04:10.0780 12184 bthserv - ok 14:04:10.0811 12184 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:04:10.0842 12184 cdfs - ok 14:04:10.0874 12184 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:04:10.0889 12184 cdrom - ok 14:04:10.0905 12184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 14:04:10.0952 12184 CertPropSvc - ok 14:04:10.0967 12184 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 14:04:10.0998 12184 circlass - ok 14:04:11.0014 12184 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 14:04:11.0030 12184 CLFS - ok 14:04:11.0061 12184 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:04:11.0061 12184 clr_optimization_v2.0.50727_32 - ok 14:04:11.0108 12184 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:04:11.0123 12184 clr_optimization_v2.0.50727_64 - ok 14:04:11.0201 12184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:04:11.0201 12184 clr_optimization_v4.0.30319_32 - ok 14:04:11.0248 12184 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:04:11.0248 12184 clr_optimization_v4.0.30319_64 - ok 14:04:11.0264 12184 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 14:04:11.0295 12184 CmBatt - ok 14:04:11.0310 12184 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:04:11.0326 12184 cmdide - ok 14:04:11.0357 12184 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 14:04:11.0388 12184 CNG - ok 14:04:11.0404 12184 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 14:04:11.0404 12184 Compbatt - ok 14:04:11.0435 12184 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 14:04:11.0498 12184 CompositeBus - ok 14:04:11.0513 12184 COMSysApp - ok 14:04:11.0529 12184 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:04:11.0529 12184 crcdisk - ok 14:04:11.0576 12184 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:04:11.0591 12184 CryptSvc - ok 14:04:11.0638 12184 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 14:04:11.0716 12184 CSC - ok 14:04:11.0747 12184 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 14:04:11.0794 12184 CscService - ok 14:04:11.0825 12184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:04:11.0872 12184 DcomLaunch - ok 14:04:11.0934 12184 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 14:04:11.0966 12184 defragsvc - ok 14:04:11.0981 12184 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:04:12.0028 12184 DfsC - ok 14:04:12.0059 12184 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 14:04:12.0090 12184 Dhcp - ok 14:04:12.0122 12184 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 14:04:12.0137 12184 discache - ok 14:04:12.0168 12184 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 14:04:12.0168 12184 Disk - ok 14:04:12.0200 12184 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 14:04:12.0246 12184 dmvsc - ok 14:04:12.0278 12184 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:04:12.0293 12184 Dnscache - ok 14:04:12.0324 12184 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:04:12.0387 12184 dot3svc - ok 14:04:12.0402 12184 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 14:04:12.0449 12184 DPS - ok 14:04:12.0496 12184 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:04:12.0512 12184 drmkaud - ok 14:04:12.0558 12184 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:04:12.0574 12184 DXGKrnl - ok 14:04:12.0605 12184 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 14:04:12.0652 12184 EapHost - ok 14:04:12.0714 12184 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 14:04:12.0808 12184 ebdrv - ok 14:04:12.0839 12184 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 14:04:12.0870 12184 EFS - ok 14:04:12.0917 12184 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:04:12.0964 12184 ehRecvr - ok 14:04:12.0980 12184 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 14:04:13.0011 12184 ehSched - ok 14:04:13.0058 12184 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:04:13.0089 12184 elxstor - ok 14:04:13.0104 12184 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:04:13.0120 12184 ErrDev - ok 14:04:13.0151 12184 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 14:04:13.0198 12184 EventSystem - ok 14:04:13.0214 12184 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 14:04:13.0245 12184 exfat - ok 14:04:13.0260 12184 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:04:13.0307 12184 fastfat - ok 14:04:13.0354 12184 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 14:04:13.0385 12184 Fax - ok 14:04:13.0416 12184 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 14:04:13.0448 12184 fdc - ok 14:04:13.0463 12184 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 14:04:13.0494 12184 fdPHost - ok 14:04:13.0494 12184 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 14:04:13.0541 12184 FDResPub - ok 14:04:13.0557 12184 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:04:13.0572 12184 FileInfo - ok 14:04:13.0588 12184 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:04:13.0619 12184 Filetrace - ok 14:04:13.0650 12184 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 14:04:13.0666 12184 flpydisk - ok 14:04:13.0682 12184 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:04:13.0697 12184 FltMgr - ok 14:04:13.0760 12184 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 14:04:13.0791 12184 FontCache - ok 14:04:13.0838 12184 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:04:13.0838 12184 FontCache3.0.0.0 - ok 14:04:13.0853 12184 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 14:04:13.0869 12184 FsDepends - ok 14:04:13.0900 12184 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:04:13.0916 12184 Fs_Rec - ok 14:04:13.0962 12184 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 14:04:13.0962 12184 fvevol - ok 14:04:13.0994 12184 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:04:14.0009 12184 gagp30kx - ok 14:04:14.0025 12184 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 14:04:14.0072 12184 gpsvc - ok 14:04:14.0165 12184 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:04:14.0165 12184 gupdate - ok 14:04:14.0165 12184 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:04:14.0181 12184 gupdatem - ok 14:04:14.0181 12184 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 14:04:14.0212 12184 hcw85cir - ok 14:04:14.0243 12184 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:04:14.0290 12184 HdAudAddService - ok 14:04:14.0321 12184 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:04:14.0337 12184 HDAudBus - ok 14:04:14.0368 12184 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 14:04:14.0384 12184 HidBatt - ok 14:04:14.0399 12184 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:04:14.0430 12184 HidBth - ok 14:04:14.0446 12184 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 14:04:14.0462 12184 HidIr - ok 14:04:14.0477 12184 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 14:04:14.0508 12184 hidserv - ok 14:04:14.0555 12184 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:04:14.0555 12184 HidUsb - ok 14:04:14.0571 12184 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:04:14.0618 12184 hkmsvc - ok 14:04:14.0649 12184 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 14:04:14.0649 12184 HomeGroupListener - ok 14:04:14.0680 12184 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 14:04:14.0696 12184 HomeGroupProvider - ok 14:04:14.0727 12184 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 14:04:14.0727 12184 HpSAMD - ok 14:04:14.0758 12184 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:04:14.0820 12184 HTTP - ok 14:04:14.0836 12184 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 14:04:14.0852 12184 hwpolicy - ok 14:04:14.0867 12184 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:04:14.0883 12184 i8042prt - ok 14:04:14.0945 12184 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 14:04:14.0961 12184 IAANTMON - ok 14:04:14.0976 12184 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 14:04:14.0992 12184 iaStor - ok 14:04:15.0008 12184 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 14:04:15.0039 12184 iaStorV - ok 14:04:15.0070 12184 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:04:15.0101 12184 idsvc - ok 14:04:15.0132 12184 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:04:15.0132 12184 iirsp - ok 14:04:15.0164 12184 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 14:04:15.0210 12184 IKEEXT - ok 14:04:15.0242 12184 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 14:04:15.0242 12184 intelide - ok 14:04:15.0273 12184 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:04:15.0288 12184 intelppm - ok 14:04:15.0304 12184 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:04:15.0351 12184 IPBusEnum - ok 14:04:15.0382 12184 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:04:15.0398 12184 IpFilterDriver - ok 14:04:15.0444 12184 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:04:15.0476 12184 iphlpsvc - ok 14:04:15.0491 12184 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 14:04:15.0507 12184 IPMIDRV - ok 14:04:15.0522 12184 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 14:04:15.0569 12184 IPNAT - ok 14:04:15.0585 12184 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:04:15.0616 12184 IRENUM - ok 14:04:15.0647 12184 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:04:15.0647 12184 isapnp - ok 14:04:15.0678 12184 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 14:04:15.0694 12184 iScsiPrt - ok 14:04:15.0725 12184 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:04:15.0725 12184 kbdclass - ok 14:04:15.0756 12184 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:04:15.0772 12184 kbdhid - ok 14:04:15.0788 12184 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 14:04:15.0803 12184 KeyIso - ok 14:04:15.0834 12184 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:04:15.0850 12184 KSecDD - ok 14:04:15.0850 12184 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 14:04:15.0866 12184 KSecPkg - ok 14:04:15.0866 12184 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:04:15.0912 12184 ksthunk - ok 14:04:15.0944 12184 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 14:04:16.0006 12184 KtmRm - ok 14:04:16.0037 12184 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 14:04:16.0084 12184 LanmanServer - ok 14:04:16.0131 12184 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:04:16.0162 12184 LanmanWorkstation - ok 14:04:16.0209 12184 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:04:16.0256 12184 lltdio - ok 14:04:16.0287 12184 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:04:16.0349 12184 lltdsvc - ok 14:04:16.0365 12184 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:04:16.0396 12184 lmhosts - ok 14:04:16.0427 12184 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:04:16.0443 12184 LSI_FC - ok 14:04:16.0458 12184 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:04:16.0474 12184 LSI_SAS - ok 14:04:16.0474 12184 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 14:04:16.0490 12184 LSI_SAS2 - ok 14:04:16.0505 12184 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:04:16.0521 12184 LSI_SCSI - ok 14:04:16.0536 12184 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 14:04:16.0583 12184 luafv - ok 14:04:16.0614 12184 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:04:16.0646 12184 Mcx2Svc - ok 14:04:16.0661 12184 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 14:04:16.0677 12184 megasas - ok 14:04:16.0692 12184 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 14:04:16.0724 12184 MegaSR - ok 14:04:16.0755 12184 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 14:04:16.0802 12184 MMCSS - ok 14:04:16.0817 12184 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 14:04:16.0864 12184 Modem - ok 14:04:16.0895 12184 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:04:16.0911 12184 monitor - ok 14:04:16.0958 12184 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:04:16.0958 12184 mouclass - ok 14:04:16.0989 12184 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:04:17.0004 12184 mouhid - ok 14:04:17.0036 12184 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 14:04:17.0051 12184 mountmgr - ok 14:04:17.0067 12184 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 14:04:17.0067 12184 mpio - ok 14:04:17.0098 12184 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:04:17.0114 12184 mpsdrv - ok 14:04:17.0145 12184 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 14:04:17.0176 12184 MpsSvc - ok 14:04:17.0192 12184 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:04:17.0223 12184 MRxDAV - ok 14:04:17.0254 12184 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:04:17.0270 12184 mrxsmb - ok 14:04:17.0301 12184 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:04:17.0316 12184 mrxsmb10 - ok 14:04:17.0348 12184 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:04:17.0363 12184 mrxsmb20 - ok 14:04:17.0363 12184 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 14:04:17.0379 12184 msahci - ok 14:04:17.0394 12184 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:04:17.0410 12184 msdsm - ok 14:04:17.0410 12184 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 14:04:17.0441 12184 MSDTC - ok 14:04:17.0472 12184 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:04:17.0519 12184 Msfs - ok 14:04:17.0535 12184 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 14:04:17.0566 12184 mshidkmdf - ok 14:04:17.0566 12184 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:04:17.0582 12184 msisadrv - ok 14:04:17.0613 12184 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:04:17.0644 12184 MSiSCSI - ok 14:04:17.0644 12184 msiserver - ok 14:04:17.0660 12184 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:04:17.0691 12184 MSKSSRV - ok 14:04:17.0722 12184 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:04:17.0769 12184 MSPCLOCK - ok 14:04:17.0769 12184 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:04:17.0816 12184 MSPQM - ok 14:04:17.0847 12184 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:04:17.0862 12184 MsRPC - ok 14:04:17.0862 12184 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:04:17.0878 12184 mssmbios - ok 14:04:17.0878 12184 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:04:17.0909 12184 MSTEE - ok 14:04:17.0909 12184 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 14:04:17.0925 12184 MTConfig - ok 14:04:17.0956 12184 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 14:04:17.0956 12184 MTsensor - ok 14:04:17.0972 12184 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 14:04:17.0987 12184 Mup - ok 14:04:18.0003 12184 [ 734492E8BD4008D0EC54F86621A64D09 ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys 14:04:18.0018 12184 mv61xx - ok 14:04:18.0034 12184 [ 1CA758BC0DEAF35D21ECAACC30427527 ] mv64xx C:\Windows\system32\drivers\mv64xx.sys 14:04:18.0050 12184 mv64xx - ok 14:04:18.0065 12184 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 14:04:18.0112 12184 napagent - ok 14:04:18.0159 12184 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:04:18.0190 12184 NativeWifiP - ok 14:04:18.0252 12184 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:04:18.0284 12184 NDIS - ok 14:04:18.0299 12184 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 14:04:18.0330 12184 NdisCap - ok 14:04:18.0362 12184 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:04:18.0377 12184 NdisTapi - ok 14:04:18.0408 12184 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:04:18.0455 12184 Ndisuio - ok 14:04:18.0471 12184 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:04:18.0533 12184 NdisWan - ok 14:04:18.0549 12184 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:04:18.0580 12184 NDProxy - ok 14:04:18.0596 12184 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:04:18.0642 12184 NetBIOS - ok 14:04:18.0658 12184 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 14:04:18.0689 12184 NetBT - ok 14:04:18.0689 12184 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 14:04:18.0705 12184 Netlogon - ok 14:04:18.0736 12184 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 14:04:18.0783 12184 Netman - ok 14:04:18.0783 12184 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 14:04:18.0814 12184 netprofm - ok 14:04:18.0845 12184 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:04:18.0861 12184 NetTcpPortSharing - ok 14:04:18.0876 12184 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:04:18.0892 12184 nfrd960 - ok 14:04:18.0923 12184 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:04:18.0954 12184 NlaSvc - ok 14:04:18.0970 12184 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:04:18.0986 12184 Npfs - ok 14:04:19.0001 12184 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 14:04:19.0017 12184 nsi - ok 14:04:19.0032 12184 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:04:19.0064 12184 nsiproxy - ok 14:04:19.0126 12184 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:04:19.0173 12184 Ntfs - ok 14:04:19.0188 12184 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 14:04:19.0204 12184 Null - ok 14:04:19.0266 12184 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 14:04:19.0266 12184 NVHDA - ok 14:04:19.0485 12184 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:04:19.0625 12184 nvlddmkm - ok 14:04:19.0656 12184 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:04:19.0672 12184 nvraid - ok 14:04:19.0688 12184 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:04:19.0703 12184 nvstor - ok 14:04:19.0750 12184 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe 14:04:19.0781 12184 nvsvc - ok 14:04:19.0859 12184 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 14:04:19.0890 12184 nvUpdatusService - ok 14:04:19.0906 12184 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:04:19.0922 12184 nv_agp - ok 14:04:19.0937 12184 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:04:19.0953 12184 ohci1394 - ok 14:04:19.0984 12184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 14:04:20.0015 12184 p2pimsvc - ok 14:04:20.0046 12184 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 14:04:20.0062 12184 p2psvc - ok 14:04:20.0078 12184 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 14:04:20.0093 12184 Parport - ok 14:04:20.0124 12184 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:04:20.0140 12184 partmgr - ok 14:04:20.0156 12184 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 14:04:20.0187 12184 PcaSvc - ok 14:04:20.0202 12184 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 14:04:20.0218 12184 pci - ok 14:04:20.0218 12184 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 14:04:20.0218 12184 pciide - ok 14:04:20.0234 12184 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:04:20.0249 12184 pcmcia - ok 14:04:20.0265 12184 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 14:04:20.0280 12184 pcw - ok 14:04:20.0296 12184 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:04:20.0358 12184 PEAUTH - ok 14:04:20.0405 12184 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 14:04:20.0468 12184 PeerDistSvc - ok 14:04:20.0530 12184 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:04:20.0561 12184 PerfHost - ok 14:04:20.0608 12184 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 14:04:20.0717 12184 pla - ok 14:04:20.0780 12184 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:04:20.0811 12184 PlugPlay - ok 14:04:20.0826 12184 PnkBstrA - ok 14:04:20.0842 12184 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 14:04:20.0858 12184 PNRPAutoReg - ok 14:04:20.0889 12184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 14:04:20.0904 12184 PNRPsvc - ok 14:04:20.0920 12184 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:04:20.0998 12184 PolicyAgent - ok 14:04:21.0029 12184 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 14:04:21.0060 12184 Power - ok 14:04:21.0092 12184 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:04:21.0138 12184 PptpMiniport - ok 14:04:21.0154 12184 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 14:04:21.0185 12184 Processor - ok 14:04:21.0232 12184 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 14:04:21.0263 12184 ProfSvc - ok 14:04:21.0279 12184 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:04:21.0279 12184 ProtectedStorage - ok 14:04:21.0294 12184 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 14:04:21.0341 12184 Psched - ok 14:04:21.0372 12184 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:04:21.0435 12184 ql2300 - ok 14:04:21.0450 12184 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:04:21.0466 12184 ql40xx - ok 14:04:21.0497 12184 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 14:04:21.0513 12184 QWAVE - ok 14:04:21.0528 12184 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:04:21.0544 12184 QWAVEdrv - ok 14:04:21.0544 12184 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:04:21.0575 12184 RasAcd - ok 14:04:21.0606 12184 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 14:04:21.0622 12184 RasAgileVpn - ok 14:04:21.0638 12184 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 14:04:21.0684 12184 RasAuto - ok 14:04:21.0700 12184 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:04:21.0747 12184 Rasl2tp - ok 14:04:21.0778 12184 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 14:04:21.0825 12184 RasMan - ok 14:04:21.0840 12184 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:04:21.0887 12184 RasPppoe - ok 14:04:21.0903 12184 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:04:21.0934 12184 RasSstp - ok 14:04:21.0950 12184 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:04:21.0996 12184 rdbss - ok 14:04:22.0012 12184 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 14:04:22.0043 12184 rdpbus - ok 14:04:22.0059 12184 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:04:22.0090 12184 RDPCDD - ok 14:04:22.0106 12184 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 14:04:22.0121 12184 RDPDR - ok 14:04:22.0152 12184 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:04:22.0199 12184 RDPENCDD - ok 14:04:22.0215 12184 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 14:04:22.0246 12184 RDPREFMP - ok 14:04:22.0277 12184 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:04:22.0308 12184 RDPWD - ok 14:04:22.0340 12184 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 14:04:22.0340 12184 rdyboost - ok 14:04:22.0371 12184 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:04:22.0402 12184 RemoteAccess - ok 14:04:22.0418 12184 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:04:22.0464 12184 RemoteRegistry - ok 14:04:22.0496 12184 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 14:04:22.0527 12184 RpcEptMapper - ok 14:04:22.0558 12184 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 14:04:22.0589 12184 RpcLocator - ok 14:04:22.0620 12184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 14:04:22.0652 12184 RpcSs - ok 14:04:22.0667 12184 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:04:22.0698 12184 rspndr - ok 14:04:22.0730 12184 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 14:04:22.0761 12184 RTL8167 - ok 14:04:22.0792 12184 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 14:04:22.0808 12184 s3cap - ok 14:04:22.0823 12184 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 14:04:22.0839 12184 SamSs - ok 14:04:22.0854 12184 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:04:22.0870 12184 sbp2port - ok 14:04:22.0870 12184 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:04:22.0901 12184 SCardSvr - ok 14:04:22.0917 12184 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 14:04:22.0948 12184 scfilter - ok 14:04:22.0995 12184 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 14:04:23.0042 12184 Schedule - ok 14:04:23.0073 12184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 14:04:23.0088 12184 SCPolicySvc - ok 14:04:23.0104 12184 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:04:23.0151 12184 SDRSVC - ok 14:04:23.0182 12184 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:04:23.0229 12184 secdrv - ok 14:04:23.0244 12184 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 14:04:23.0260 12184 seclogon - ok 14:04:23.0276 12184 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 14:04:23.0307 12184 SENS - ok 14:04:23.0322 12184 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 14:04:23.0338 12184 SensrSvc - ok 14:04:23.0369 12184 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 14:04:23.0385 12184 Serenum - ok 14:04:23.0400 12184 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 14:04:23.0432 12184 Serial - ok 14:04:23.0463 12184 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:04:23.0478 12184 sermouse - ok 14:04:23.0510 12184 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 14:04:23.0541 12184 SessionEnv - ok 14:04:23.0572 12184 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:04:23.0588 12184 sffdisk - ok 14:04:23.0588 12184 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:04:23.0603 12184 sffp_mmc - ok 14:04:23.0634 12184 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:04:23.0650 12184 sffp_sd - ok 14:04:23.0697 12184 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:04:23.0728 12184 sfloppy - ok 14:04:23.0759 12184 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:04:23.0806 12184 SharedAccess - ok 14:04:23.0837 12184 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:04:23.0868 12184 ShellHWDetection - ok 14:04:23.0884 12184 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 14:04:23.0900 12184 SiSRaid2 - ok 14:04:23.0915 12184 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:04:23.0931 12184 SiSRaid4 - ok 14:04:24.0056 12184 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 14:04:24.0118 12184 Skype C2C Service - ok 14:04:24.0196 12184 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 14:04:24.0212 12184 SkypeUpdate - ok 14:04:24.0227 12184 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:04:24.0258 12184 Smb - ok 14:04:24.0290 12184 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:04:24.0321 12184 SNMPTRAP - ok 14:04:24.0336 12184 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 14:04:24.0352 12184 spldr - ok 14:04:24.0383 12184 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 14:04:24.0399 12184 Spooler - ok 14:04:24.0461 12184 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 14:04:24.0570 12184 sppsvc - ok 14:04:24.0586 12184 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 14:04:24.0617 12184 sppuinotify - ok 14:04:24.0648 12184 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 14:04:24.0680 12184 srv - ok 14:04:24.0711 12184 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:04:24.0742 12184 srv2 - ok 14:04:24.0773 12184 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:04:24.0773 12184 srvnet - ok 14:04:24.0789 12184 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:04:24.0820 12184 SSDPSRV - ok 14:04:24.0836 12184 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:04:24.0851 12184 SstpSvc - ok 14:04:24.0898 12184 Steam Client Service - ok 14:04:24.0976 12184 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 14:04:24.0992 12184 Stereo Service - ok 14:04:25.0007 12184 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 14:04:25.0023 12184 stexstor - ok 14:04:25.0054 12184 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 14:04:25.0116 12184 stisvc - ok 14:04:25.0148 12184 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 14:04:25.0148 12184 storflt - ok 14:04:25.0179 12184 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 14:04:25.0210 12184 StorSvc - ok 14:04:25.0241 12184 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 14:04:25.0241 12184 storvsc - ok 14:04:25.0257 12184 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:04:25.0272 12184 swenum - ok 14:04:25.0288 12184 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 14:04:25.0319 12184 swprv - ok 14:04:25.0350 12184 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 14:04:25.0413 12184 SysMain - ok 14:04:25.0428 12184 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:04:25.0475 12184 TabletInputService - ok 14:04:25.0506 12184 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:04:25.0569 12184 TapiSrv - ok 14:04:25.0600 12184 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 14:04:25.0616 12184 TBS - ok 14:04:25.0678 12184 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:04:25.0725 12184 Tcpip - ok 14:04:25.0787 12184 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 14:04:25.0818 12184 TCPIP6 - ok 14:04:25.0850 12184 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:04:25.0865 12184 tcpipreg - ok 14:04:25.0865 12184 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:04:25.0896 12184 TDPIPE - ok 14:04:25.0928 12184 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:04:25.0943 12184 TDTCP - ok 14:04:25.0974 12184 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:04:26.0006 12184 tdx - ok 14:04:26.0099 12184 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 14:04:26.0130 12184 TeamViewer7 - ok 14:04:26.0146 12184 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:04:26.0162 12184 TermDD - ok 14:04:26.0193 12184 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 14:04:26.0240 12184 TermService - ok 14:04:26.0271 12184 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 14:04:26.0286 12184 Themes - ok 14:04:26.0286 12184 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 14:04:26.0318 12184 THREADORDER - ok 14:04:26.0333 12184 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 14:04:26.0380 12184 TrkWks - ok 14:04:26.0427 12184 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:04:26.0442 12184 TrustedInstaller - ok 14:04:26.0458 12184 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:04:26.0505 12184 tssecsrv - ok 14:04:26.0536 12184 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 14:04:26.0552 12184 TsUsbFlt - ok 14:04:26.0552 12184 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 14:04:26.0583 12184 TsUsbGD - ok 14:04:26.0614 12184 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:04:26.0661 12184 tunnel - ok 14:04:26.0676 12184 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:04:26.0692 12184 uagp35 - ok 14:04:26.0708 12184 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:04:26.0754 12184 udfs - ok 14:04:26.0786 12184 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:04:26.0817 12184 UI0Detect - ok 14:04:26.0848 12184 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:04:26.0864 12184 uliagpkx - ok 14:04:26.0895 12184 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:04:26.0926 12184 umbus - ok 14:04:26.0942 12184 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 14:04:26.0973 12184 UmPass - ok 14:04:27.0004 12184 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 14:04:27.0035 12184 UmRdpService - ok 14:04:27.0066 12184 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 14:04:27.0113 12184 upnphost - ok 14:04:27.0129 12184 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:04:27.0144 12184 usbccgp - ok 14:04:27.0160 12184 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:04:27.0176 12184 usbcir - ok 14:04:27.0191 12184 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 14:04:27.0207 12184 usbehci - ok 14:04:27.0254 12184 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:04:27.0300 12184 usbhub - ok 14:04:27.0332 12184 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:04:27.0363 12184 usbohci - ok 14:04:27.0378 12184 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 14:04:27.0410 12184 usbprint - ok 14:04:27.0441 12184 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS 14:04:27.0472 12184 USBSTOR - ok 14:04:27.0488 12184 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 14:04:27.0519 12184 usbuhci - ok 14:04:27.0534 12184 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 14:04:27.0566 12184 UxSms - ok 14:04:27.0597 12184 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 14:04:27.0597 12184 VaultSvc - ok 14:04:27.0628 12184 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 14:04:27.0628 12184 vdrvroot - ok 14:04:27.0659 12184 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 14:04:27.0722 12184 vds - ok 14:04:27.0737 12184 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:04:27.0753 12184 vga - ok 14:04:27.0768 12184 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 14:04:27.0784 12184 VgaSave - ok 14:04:27.0800 12184 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 14:04:27.0815 12184 vhdmp - ok 14:04:27.0831 12184 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 14:04:27.0846 12184 viaide - ok 14:04:27.0862 12184 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 14:04:27.0878 12184 vmbus - ok 14:04:27.0893 12184 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 14:04:27.0909 12184 VMBusHID - ok 14:04:27.0924 12184 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:04:27.0924 12184 volmgr - ok 14:04:27.0940 12184 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:04:27.0956 12184 volmgrx - ok 14:04:27.0971 12184 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:04:27.0987 12184 volsnap - ok 14:04:28.0002 12184 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:04:28.0018 12184 vsmraid - ok 14:04:28.0049 12184 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 14:04:28.0112 12184 VSS - ok 14:04:28.0112 12184 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 14:04:28.0143 12184 vwifibus - ok 14:04:28.0174 12184 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 14:04:28.0205 12184 W32Time - ok 14:04:28.0205 12184 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:04:28.0236 12184 WacomPen - ok 14:04:28.0268 12184 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 14:04:28.0299 12184 WANARP - ok 14:04:28.0299 12184 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:04:28.0314 12184 Wanarpv6 - ok 14:04:28.0346 12184 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 14:04:28.0424 12184 wbengine - ok 14:04:28.0424 12184 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 14:04:28.0455 12184 WbioSrvc - ok 14:04:28.0470 12184 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:04:28.0517 12184 wcncsvc - ok 14:04:28.0533 12184 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:04:28.0548 12184 WcsPlugInService - ok 14:04:28.0580 12184 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 14:04:28.0595 12184 Wd - ok 14:04:28.0626 12184 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:04:28.0658 12184 Wdf01000 - ok 14:04:28.0673 12184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:04:28.0704 12184 WdiServiceHost - ok 14:04:28.0704 12184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:04:28.0720 12184 WdiSystemHost - ok 14:04:28.0736 12184 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 14:04:28.0782 12184 WebClient - ok 14:04:28.0798 12184 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:04:28.0845 12184 Wecsvc - ok 14:04:28.0876 12184 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:04:28.0907 12184 wercplsupport - ok 14:04:28.0923 12184 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 14:04:28.0954 12184 WerSvc - ok 14:04:28.0970 12184 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 14:04:29.0001 12184 WfpLwf - ok 14:04:29.0001 12184 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 14:04:29.0016 12184 WIMMount - ok 14:04:29.0032 12184 WinDefend - ok 14:04:29.0048 12184 WinHttpAutoProxySvc - ok 14:04:29.0094 12184 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:04:29.0126 12184 Winmgmt - ok 14:04:29.0157 12184 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 14:04:29.0250 12184 WinRM - ok 14:04:29.0282 12184 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 14:04:29.0328 12184 Wlansvc - ok 14:04:29.0360 12184 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 14:04:29.0391 12184 WmiAcpi - ok 14:04:29.0406 12184 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:04:29.0438 12184 wmiApSrv - ok 14:04:29.0469 12184 WMPNetworkSvc - ok 14:04:29.0469 12184 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:04:29.0484 12184 WPCSvc - ok 14:04:29.0500 12184 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:04:29.0516 12184 WPDBusEnum - ok 14:04:29.0516 12184 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:04:29.0547 12184 ws2ifsl - ok 14:04:29.0562 12184 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 14:04:29.0578 12184 wscsvc - ok 14:04:29.0594 12184 WSearch - ok 14:04:29.0640 12184 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 14:04:29.0703 12184 wuauserv - ok 14:04:29.0734 12184 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:04:29.0750 12184 WudfPf - ok 14:04:29.0796 12184 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:04:29.0828 12184 WUDFRd - ok 14:04:29.0859 12184 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:04:29.0874 12184 wudfsvc - ok 14:04:29.0906 12184 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 14:04:29.0952 12184 WwanSvc - ok 14:04:29.0984 12184 ================ Scan global =============================== 14:04:29.0999 12184 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 14:04:30.0030 12184 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:04:30.0030 12184 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:04:30.0062 12184 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 14:04:30.0077 12184 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 14:04:30.0077 12184 [Global] - ok 14:04:30.0077 12184 ================ Scan MBR ================================== 14:04:30.0093 12184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 14:04:30.0342 12184 \Device\Harddisk0\DR0 - ok 14:04:30.0342 12184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 14:04:30.0405 12184 \Device\Harddisk1\DR1 - ok 14:04:30.0405 12184 ================ Scan VBR ================================== 14:04:30.0405 12184 [ 298856A3B36C47314F8479EF669D87AD ] \Device\Harddisk0\DR0\Partition1 14:04:30.0405 12184 \Device\Harddisk0\DR0\Partition1 - ok 14:04:30.0436 12184 [ E48836C2B89AFF4CFF4D96842645D801 ] \Device\Harddisk0\DR0\Partition2 14:04:30.0436 12184 \Device\Harddisk0\DR0\Partition2 - ok 14:04:30.0436 12184 [ FE0951EDA8E83DA97FD7ABFEC4842B10 ] \Device\Harddisk1\DR1\Partition1 14:04:30.0436 12184 \Device\Harddisk1\DR1\Partition1 - ok 14:04:30.0436 12184 ============================================================ 14:04:30.0436 12184 Scan finished 14:04:30.0436 12184 ============================================================ 14:04:30.0452 12140 Detected object count: 0 14:04:30.0452 12140 Actual detected object count: 0 Ich hoffe das hilft dir ein wenig. Mfg, der schorsch | 
|  02.07.2013, 14:24 | #8 | 
| /// Helfer-Team        |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) sieht alles gut aus. ESET Online Scanner 
 dann: Downloade Dir bitte  SecurityCheck und: 
 | 
|  07.07.2013, 20:14 | #9 | 
|  |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) Hallo T'John, hier der erste Log: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=4f856885bdbe6d45bc08e15fce488ab0 # engine=14307 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-07 06:35:04 # local_time=2013-07-07 08:35:04 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 11294 143893409 4082 0 # compatibility_mode=5893 16776574 100 94 70627881 124851954 0 0 # scanned=234208 # found=7 # cleaned=0 # scan_time=7731 sh=A96144C1D980B72EF71A99C7C6C022221504E407 ft=1 fh=2c0a91bc9d493f2d vn="multiple threats" ac=I fn="C:\Users\Mein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71M87EBU\WebCakesetup[1].exe" sh=C903A3D517350C6A68DA45980D4B5D1BA805FDB4 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Mein\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\42RZCIQP\join_sexdollbuy_xxx[2].htm" sh=8B2D5D03121F1CEF583DC5547A74808EC3AABCC9 ft=1 fh=5816e48e95d2682b vn="multiple threats" ac=I fn="C:\Users\Mein\AppData\Local\Temp\is357113909\LyricsFinder.exe" sh=36236951F6CE17CE5038C765631714B0E680D4C5 ft=0 fh=0000000000000000 vn="probably a variant of Java/Exploit.Agent.NMS trojan" ac=I fn="C:\Users\Mein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\1a083e4f-1c3aca2a" sh=80AB596B8D1D79B5747538E955F725E97A75B814 ft=0 fh=0000000000000000 vn="probably a variant of Java/Exploit.Agent.NMS trojan" ac=I fn="C:\Users\Mein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7688453-216d07b8" sh=36236951F6CE17CE5038C765631714B0E680D4C5 ft=0 fh=0000000000000000 vn="probably a variant of Java/Exploit.Agent.NMS trojan" ac=I fn="C:\Users\Mein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\3c33c06e-2317b5c9" sh=4B028205B22A86D5A6F7282E1810F5CB79DC62FA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Mein\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1e2fe777-4697867c" Hier das zweite Textdokument: Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 25 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Mfg, der Schorsch | 
|  08.07.2013, 04:11 | #10 | 
| /// Helfer-Team        |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking)Fixen mit OTL 
 Code: 
  ATTFilter :OTL
:Files
C:\Users\Mein\AppData\Local\Temp\is357113909\LyricsFinder.exe
:Commands
[emptytemp]
         
 | 
|  08.07.2013, 10:15 | #11 | 
|  |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) Hallo T'John, hier der geforderte Log: All processes killed ========== OTL ========== ========== FILES ========== C:\Users\Mein\AppData\Local\Temp\is357113909\LyricsFinder.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mein ->Temp folder emptied: 45415430 bytes ->Temporary Internet Files folder emptied: 6654924674 bytes ->Java cache emptied: 5154775 bytes ->Google Chrome cache emptied: 371117270 bytes ->Flash cache emptied: 506 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 155648 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 245522168 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310825 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 7.023,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07082013_110753 Files\Folders moved on Reboot... C:\Users\Mein\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Mein\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Mfg, der schorsch | 
|  08.07.2013, 17:42 | #12 | 
| /// Helfer-Team        |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) Sehr gut!   damit bist Du sauber und entlassen!  Tool-Bereinigung Die Reihenfolge ist hier entscheidend. 
 Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? | 
|  15.07.2013, 15:29 | #13 | 
|  |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) Hallo lieber T'John, ich danke dir vielmals für deine Hilfe. Falls noch ein problem bestehen sollte, werde ich mich melden. Mfg, der schorsch | 
|  15.07.2013, 17:21 | #14 | 
| /// Helfer-Team        |   Wurde mein PC infiziert? (besonderes Merkmal auf hacking) Alles klar. wuensche eine virenfreie Zeit   | 
|  | 
| Themen zu Wurde mein PC infiziert? (besonderes Merkmal auf hacking) | 
| 1clickdownload, adobe, autorun, avg, avira, avira searchfree toolbar, browserdefendert, error, explorer, firefox, flash player, format, gehackt, helper, homepage, iexplore.exe, install.exe, logfile, ntdll.dll, nvidia, object, pc infiziert, plug-in, realtek, registry, rundll, safer networking, scan, schutz, security, software, svchost.exe, tarma, teamspeak, trojaner, virus, webcake, windows |