Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Incredibar entfernen (https://www.trojaner-board.de/117333-incredibar-entfernen.html)

TimKnopf 14.06.2012 16:41
Incredibar entfernen
 
Hallo,

ich habe mir vorgestern das Spiel "Freeciv" bei "softonic" runtergeladen. Direkt danach hatte sich ohne mein Zutun die Toolbar mit Namen "Incredibar" installiert und meine Startseite bei Firefox (und auch Internet Explorer, den ich aber nicht nutze) in MyStart by IncrediBar.com umgeändert.

Die Toolbar ließ sich ausblenden aber nicht entfernen. Die Startseite habe ich wieder auf "google.de" umstellen können. Auch die geladene "Freeciv" Datei habe ich wieder gelöscht.

Unmittelbare Symptome sind nun, dass der Rechner bzw. Browser langsamer sind. Es werden keine ungefragten Seiten mehr geöffnet wie es der Fall war als die erwähnte Startseite eingerichtet war. Jedesmal wenn ich Firefox neu öffne geht unten rechts ein „Fenster“ auf was mich warnt, dass eine Einstellung geändert wurde und ob ich die beibehalten will. Das tauchte das erste Mal auf nachdem ich die Startseite wieder in „Google“ geändert habe.

Das kam mir alles sehr spanisch vor, besonders weil der Rechner lansamer agiert. Da ich nicht sehr bewandert bin, will ich da jetzt auch nicht auf eigene Faust und mit Hilfe irgendwelcher Vorschläge bei "gutefrage.net" agieren.

Hier auch die gewünschten Scanergebnisse (ausser "Extra.txt.", die wurde irgendwie nicht erstellt). Auch konnte ich keine Dateien mit Namen "dds.txt" und "attach.txt" finden.

Ich hoffe ich habe das alles richtig befolgt. Ich habe wirklich keine Ahnung von solchen Foren wie deisem hier und bin ein wenig eingeschüchtert und verwirt von all den Anforderungen. Naja...Hoffnungsvoll grüßt Tim

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:51 on 14/06/2012 (Tim)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
OTL logfile created on: 14.06.2012 14:58:05 - Run 2
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\Tim\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,22% Memory free
3,75 Gb Paging File | 3,09 Gb Available in Paging File | 82,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 53,74 Gb Free Space | 36,08% Space Free | Partition Type: NTFS
Drive D: | 3,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 232,88 Gb Total Space | 83,31 Gb Free Space | 35,77% Space Free | Partition Type: NTFS
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.05.06 16:54:02 | 000,932,528 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.06 16:54:02 | 000,932,528 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.04.25 09:30:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.12 10:59:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.08.29 15:35:40 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.05.20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6OyEJx8HJ9&i=26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 C7 DF 96 D2 B4 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEJx8HJ9&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.12 16:48:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 09:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.12.07 13:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions
[2012.06.12 16:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions
[2012.06.12 16:48:24 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions\ffxtlbr@incredibar.com
[2012.06.12 16:47:44 | 000,002,203 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml
[2012.03.20 22:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.12 16:48:04 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.04.25 09:30:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.19 11:56:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 11:56:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.19 11:56:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 11:56:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 11:56:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 11:56:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79DB8EA-D121-414D-9057-607BD610F61A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 12:36:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012.06.14 11:38:04 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
[2012.06.14 11:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.14 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.14 11:37:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.14 11:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.12 18:43:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.06.12 18:43:39 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Civ2
[2012.06.12 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.06.12 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\.freeciv
[2012.06.12 16:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeciv 2.1.10 (GTK+ client)
[2012.06.12 16:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Freeciv-2.1.10-gtk2
[2012.06.12 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Macromedia
[2012.06.05 13:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.05 13:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.06.05 13:30:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.06.05 13:29:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.05.29 14:32:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DVD Flick
[2012.05.29 14:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
[2012.05.29 14:31:45 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll
[2012.05.29 14:31:45 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx
[2012.05.29 14:31:45 | 000,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx
[2012.05.29 14:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2012.05.17 21:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.14 15:02:01 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 15:02:01 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 14:55:02 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.14 14:54:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 14:54:38 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 14:43:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012.06.14 12:36:22 | 000,302,592 | ---- | M] () -- C:\Users\Tim\Desktop\2ojdblpe.exe
[2012.06.14 12:29:06 | 000,000,000 | ---- | M] () -- C:\Users\Tim\defogger_reenable
[2012.06.14 12:27:41 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\Defogger.exe
[2012.06.14 11:01:33 | 000,670,878 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.14 11:01:33 | 000,622,390 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.14 11:01:33 | 000,135,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.14 11:01:33 | 000,111,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.13 19:22:43 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 11:04:30 | 000,007,536 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\.civclientrc
[2012.06.12 16:48:25 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.05.17 21:22:10 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.14 12:35:56 | 000,302,592 | ---- | C] () -- C:\Users\Tim\Desktop\2ojdblpe.exe
[2012.06.14 12:29:06 | 000,000,000 | ---- | C] () -- C:\Users\Tim\defogger_reenable
[2012.06.14 12:26:51 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\Defogger.exe
[2012.06.12 16:48:25 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.06.12 16:47:32 | 000,007,536 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\.civclientrc
[2011.12.09 13:47:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.08 16:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.06.12 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.freeciv
[2012.02.19 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Feedreader by netzwelt
[2012.05.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Spotify
[2011.12.08 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WindSolutions
[2009.07.14 06:53:46 | 000,024,064 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-14 17:20:54
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9A300 rev.FB2OC40C
Running: 2ojdblpe.exe; Driver: C:\Users\Tim\AppData\Local\Temp\uwldipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D  82A413C9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82A7AD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x8DC25000, 0x267978, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000047        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

cosinus 18.06.2012 11:45
Zitat:
ich habe mir vorgestern das Spiel "Freeciv" bei "softonic" runtergeladen.
Das ist auch immer wieder das gleiche. Ich hab hier schon so oft von Softonic gewarnt :balla:

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Code:
[2012.06.14 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
Wo sind die Logs von Malwarebytes?

TimKnopf 18.06.2012 14:52
Ertmal vielen Dank schonmal für die Antwort. Ja die Warnungen habe ich beim Stöbern in anderen Themen dann auch gesehen :stirn:.

Hier die Logs von Malwarebytes. Ich poste einfach mal alle. Den ersten Suchlauf hatte ich dummerweise abgebrochen. Da hatte er dann wie du siehst eine infizierte Datei gefunden. Die habe ich unter Quarantäne gestellt. War das falsch?

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.14.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Tim :: TIM-PC [Administrator]

14.06.2012 11:39:20
mbam-log-2012-06-14 (11-39-20).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 78337
Laufzeit: 1 Stunde(n), 16 Minute(n), 43 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Tim\Downloads\SoftonicDownloader_fuer_freeciv.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.14.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Tim :: TIM-PC [Administrator]

16.06.2012 11:36:05
mbam-log-2012-06-16 (11-36-05).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 297310
Laufzeit: 1 Stunde(n), 5 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Jedenfalls hat diese Incredibar meinen Browser noch im Griff. Leitet immer wieder ungefragt auf diese besagte "mystart.incredibar.com" und ist merklich langsamer.

cosinus 18.06.2012 15:36
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

TimKnopf 18.06.2012 16:52
Hier also die das neue OTL Log. In deiner Anleitung stand, dass als nächster Schritt nach dem QuickScan ich solle "OK" klicken. Ich konnte keinen OK Button finden. Hmm...

Code:
OTL logfile created on: 18.06.2012 17:16:06 - Run 3
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\Tim\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 74,43% Memory free
3,75 Gb Paging File | 3,17 Gb Available in Paging File | 84,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 53,31 Gb Free Space | 35,79% Space Free | Partition Type: NTFS
Drive D: | 3,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.04.25 09:30:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.12 10:59:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.08.29 15:35:40 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.05.20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6OyEJx8HJ9&i=26
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 C7 DF 96 D2 B4 CC 01  [binary data]
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEJx8HJ9&i=26
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.12 16:48:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 09:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.12.07 13:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions
[2012.06.16 15:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions
[2012.06.16 13:33:20 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions\firefox@ghostery.com
[2012.06.12 16:47:44 | 000,002,203 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml
[2012.03.20 22:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.12 16:48:04 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.06.16 13:44:13 | 000,525,301 | ---- | M] () (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01DRU1T0.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.06.16 15:07:14 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01DRU1T0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.25 09:30:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.19 11:56:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 11:56:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.19 11:56:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 11:56:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 11:56:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 11:56:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe ()
O4 - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000..\Run: [Spotify Web Helper] C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79DB8EA-D121-414D-9057-607BD610F61A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: feedreader.exe - hkey= - key= - C:\Program Files\FeedReader30\feedreader.exe ()
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\Windows\vVX1000.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 12:36:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012.06.14 11:38:04 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
[2012.06.14 11:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.14 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.14 11:37:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.14 11:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.12 18:43:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.06.12 18:43:39 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Civ2
[2012.06.12 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.06.12 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\.freeciv
[2012.06.12 16:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Freeciv-2.1.10-gtk2
[2012.06.12 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Macromedia
[2012.06.05 13:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.05 13:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.06.05 13:30:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.06.05 13:29:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.05.29 14:32:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DVD Flick
[2012.05.29 14:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
[2012.05.29 14:31:45 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll
[2012.05.29 14:31:45 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx
[2012.05.29 14:31:45 | 000,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx
[2012.05.29 14:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 16:43:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.18 15:31:50 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 15:31:50 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 15:27:29 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.18 15:24:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 15:24:25 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012.06.14 12:36:22 | 000,302,592 | ---- | M] () -- C:\Users\Tim\Desktop\2ojdblpe.exe
[2012.06.14 12:29:06 | 000,000,000 | ---- | M] () -- C:\Users\Tim\defogger_reenable
[2012.06.14 12:27:41 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\Defogger.exe
[2012.06.14 11:01:33 | 000,670,878 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.14 11:01:33 | 000,622,390 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.14 11:01:33 | 000,135,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.14 11:01:33 | 000,111,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.13 19:22:43 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 11:04:30 | 000,007,536 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\.civclientrc
[2012.06.12 16:48:25 | 000,000,447 | ---- | M] () -- C:\user.js
[4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.14 12:35:56 | 000,302,592 | ---- | C] () -- C:\Users\Tim\Desktop\2ojdblpe.exe
[2012.06.14 12:29:06 | 000,000,000 | ---- | C] () -- C:\Users\Tim\defogger_reenable
[2012.06.14 12:26:51 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\Defogger.exe
[2012.06.12 16:48:25 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.06.12 16:47:32 | 000,007,536 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\.civclientrc
[2011.12.09 13:47:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.08 16:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.06.12 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.freeciv
[2012.02.19 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Feedreader by netzwelt
[2012.05.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Spotify
[2011.12.08 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WindSolutions
[2009.07.14 06:53:46 | 000,024,820 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.12 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.freeciv
[2012.01.10 14:59:13 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Adobe
[2012.05.07 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Apple Computer
[2011.12.08 16:54:31 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ATI
[2012.05.29 21:34:04 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DVD Flick
[2012.02.19 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Feedreader by netzwelt
[2011.12.07 13:21:43 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Identities
[2011.12.08 07:08:36 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Macromedia
[2012.06.14 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Media Center Programs
[2012.02.23 18:02:45 | 000,000,000 | --SD | M] -- C:\Users\Tim\AppData\Roaming\Microsoft
[2011.12.07 13:53:26 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Mozilla
[2012.06.18 17:14:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Skype
[2012.05.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Spotify
[2012.06.02 22:57:38 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\vlc
[2011.12.08 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WindSolutions
 
< %APPDATA%\*.exe /s >
[2011.12.08 16:48:07 | 000,010,134 | R--- | M] () -- C:\Users\Tim\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe
[2012.05.06 16:54:21 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Tim\AppData\Roaming\Spotify\spotify.exe
[2012.05.06 16:54:02 | 000,932,528 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus 18.06.2012 20:57
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb165?a=6OyEJx8HJ9&i=26
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEJx8HJ9&i=26
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search="
[2012.06.12 16:47:44 | 000,002,203 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml
[2012.06.12 16:48:25 | 000,000,447 | ---- | C] () -- C:\user.js
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

TimKnopf 18.06.2012 22:03
So. Hier das Ergebnis des "Fix".

Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1566656340-3154354100-3834751223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search=" removed from keyword.URL
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml moved successfully.
C:\user.js moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tim
->Temp folder emptied: 191893 bytes
->Temporary Internet Files folder emptied: 27136185 bytes
->Java cache emptied: 41549 bytes
->FireFox cache emptied: 50452568 bytes
->Flash cache emptied: 2656 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 143786801 bytes
RecycleBin emptied: 90135819 bytes
 
Total Files Cleaned = 297,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Tim
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06182012_221658

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Man bin ich gespannt.

cosinus 19.06.2012 07:20
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

TimKnopf 19.06.2012 09:11
Guten Morgen und hier der gewünschte Log...

Code:
09:59:35.0304 0204        TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
09:59:35.0460 0204        ============================================================
09:59:35.0460 0204        Current date / time: 2012/06/19 09:59:35.0460
09:59:35.0460 0204        SystemInfo:
09:59:35.0460 0204       
09:59:35.0460 0204        OS Version: 6.1.7601 ServicePack: 1.0
09:59:35.0460 0204        Product type: Workstation
09:59:35.0460 0204        ComputerName: TIM-PC
09:59:35.0460 0204        UserName: Tim
09:59:35.0460 0204        Windows directory: C:\Windows
09:59:35.0460 0204        System windows directory: C:\Windows
09:59:35.0460 0204        Processor architecture: Intel x86
09:59:35.0460 0204        Number of processors: 2
09:59:35.0460 0204        Page size: 0x1000
09:59:35.0460 0204        Boot type: Normal boot
09:59:35.0460 0204        ============================================================
09:59:38.0034 0204        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:59:38.0034 0204        ============================================================
09:59:38.0034 0204        \Device\Harddisk0\DR0:
09:59:38.0034 0204        MBR partitions:
09:59:38.0034 0204        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:59:38.0034 0204        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
09:59:38.0034 0204        ============================================================
09:59:38.0050 0204        C: <-> \Device\Harddisk0\DR0\Partition1
09:59:38.0050 0204        ============================================================
09:59:38.0050 0204        Initialize success
09:59:38.0050 0204        ============================================================
10:00:54.0875 4740        ============================================================
10:00:54.0875 4740        Scan started
10:00:54.0875 4740        Mode: Manual; SigCheck; TDLFS;
10:00:54.0875 4740        ============================================================
10:00:55.0312 4740        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:00:55.0484 4740        1394ohci - ok
10:00:55.0562 4740        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:00:55.0593 4740        ACPI - ok
10:00:55.0655 4740        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:00:55.0686 4740        AcpiPmi - ok
10:00:55.0811 4740        AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:00:55.0842 4740        AdobeARMservice - ok
10:00:55.0920 4740        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:00:55.0983 4740        adp94xx - ok
10:00:56.0030 4740        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:00:56.0076 4740        adpahci - ok
10:00:56.0108 4740        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:00:56.0123 4740        adpu320 - ok
10:00:56.0217 4740        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:00:56.0357 4740        AeLookupSvc - ok
10:00:56.0435 4740        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:00:56.0544 4740        AFD - ok
10:00:56.0607 4740        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:00:56.0638 4740        agp440 - ok
10:00:56.0685 4740        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:00:56.0716 4740        aic78xx - ok
10:00:56.0794 4740        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:00:56.0888 4740        ALG - ok
10:00:56.0950 4740        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:00:56.0981 4740        aliide - ok
10:00:57.0044 4740        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:00:57.0075 4740        amdagp - ok
10:00:57.0106 4740        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:00:57.0122 4740        amdide - ok
10:00:57.0168 4740        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:00:57.0200 4740        AmdK8 - ok
10:00:57.0231 4740        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:00:57.0278 4740        AmdPPM - ok
10:00:57.0340 4740        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:00:57.0371 4740        amdsata - ok
10:00:57.0387 4740        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:00:57.0402 4740        amdsbs - ok
10:00:57.0418 4740        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:00:57.0434 4740        amdxata - ok
10:00:57.0496 4740        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:00:57.0652 4740        AppID - ok
10:00:57.0683 4740        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:00:57.0746 4740        AppIDSvc - ok
10:00:57.0792 4740        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
10:00:57.0855 4740        Appinfo - ok
10:00:57.0980 4740        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:00:58.0011 4740        Apple Mobile Device - ok
10:00:58.0073 4740        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
10:00:58.0151 4740        AppMgmt - ok
10:00:58.0182 4740        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:00:58.0198 4740        arc - ok
10:00:58.0229 4740        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:00:58.0245 4740        arcsas - ok
10:00:58.0276 4740        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:00:58.0432 4740        AsyncMac - ok
10:00:58.0479 4740        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:00:58.0494 4740        atapi - ok
10:00:58.0588 4740        athr            (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
10:00:58.0650 4740        athr - ok
10:00:58.0775 4740        Ati External Event Utility (86acb6a60c50e99eb8e68710d5a12654) C:\Windows\system32\Ati2evxx.exe
10:00:59.0134 4740        Ati External Event Utility - ok
10:00:59.0571 4740        atikmdag        (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
10:00:59.0774 4740        atikmdag - ok
10:00:59.0976 4740        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:01:00.0086 4740        AudioEndpointBuilder - ok
10:01:00.0101 4740        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:01:00.0148 4740        Audiosrv - ok
10:01:00.0210 4740        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
10:01:00.0288 4740        AxInstSV - ok
10:01:00.0398 4740        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:01:00.0491 4740        b06bdrv - ok
10:01:00.0554 4740        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:01:00.0616 4740        b57nd60x - ok
10:01:00.0678 4740        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:01:00.0772 4740        BDESVC - ok
10:01:00.0803 4740        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:01:00.0897 4740        Beep - ok
10:01:00.0990 4740        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
10:01:01.0053 4740        BFE - ok
10:01:01.0131 4740        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
10:01:01.0193 4740        BITS - ok
10:01:01.0224 4740        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:01:01.0271 4740        blbdrive - ok
10:01:01.0458 4740        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:01:01.0490 4740        Bonjour Service - ok
10:01:01.0552 4740        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:01:01.0583 4740        bowser - ok
10:01:01.0614 4740        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:01:01.0677 4740        BrFiltLo - ok
10:01:01.0692 4740        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:01:01.0770 4740        BrFiltUp - ok
10:01:01.0848 4740        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
10:01:01.0942 4740        Browser - ok
10:01:02.0004 4740        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:01:02.0067 4740        Brserid - ok
10:01:02.0098 4740        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:01:02.0145 4740        BrSerWdm - ok
10:01:02.0160 4740        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:01:02.0207 4740        BrUsbMdm - ok
10:01:02.0238 4740        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:01:02.0301 4740        BrUsbSer - ok
10:01:02.0332 4740        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:01:02.0410 4740        BTHMODEM - ok
10:01:02.0457 4740        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:01:02.0519 4740        bthserv - ok
10:01:02.0550 4740        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:01:02.0597 4740        cdfs - ok
10:01:02.0675 4740        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
10:01:02.0722 4740        cdrom - ok
10:01:02.0800 4740        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:01:02.0894 4740        CertPropSvc - ok
10:01:02.0909 4740        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:01:02.0940 4740        circlass - ok
10:01:02.0987 4740        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:01:03.0003 4740        CLFS - ok
10:01:03.0096 4740        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:01:03.0112 4740        clr_optimization_v2.0.50727_32 - ok
10:01:03.0221 4740        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:01:03.0252 4740        clr_optimization_v4.0.30319_32 - ok
10:01:03.0284 4740        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:01:03.0315 4740        CmBatt - ok
10:01:03.0362 4740        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:01:03.0408 4740        cmdide - ok
10:01:03.0455 4740        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:01:03.0549 4740        CNG - ok
10:01:03.0564 4740        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:01:03.0580 4740        Compbatt - ok
10:01:03.0658 4740        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:01:03.0689 4740        CompositeBus - ok
10:01:03.0705 4740        COMSysApp - ok
10:01:03.0736 4740        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:01:03.0767 4740        crcdisk - ok
10:01:03.0814 4740        CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
10:01:03.0845 4740        CryptSvc - ok
10:01:03.0923 4740        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:01:04.0017 4740        CSC - ok
10:01:04.0079 4740        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
10:01:04.0157 4740        CscService - ok
10:01:04.0235 4740        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:01:04.0360 4740        DcomLaunch - ok
10:01:04.0407 4740        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:01:04.0469 4740        defragsvc - ok
10:01:04.0578 4740        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:01:04.0610 4740        DfsC - ok
10:01:04.0688 4740        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
10:01:04.0797 4740        Dhcp - ok
10:01:04.0829 4740        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:01:04.0891 4740        discache - ok
10:01:04.0938 4740        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:01:04.0969 4740        Disk - ok
10:01:05.0016 4740        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
10:01:05.0079 4740        Dnscache - ok
10:01:05.0141 4740        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
10:01:05.0235 4740        dot3svc - ok
10:01:05.0266 4740        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
10:01:05.0328 4740        DPS - ok
10:01:05.0391 4740        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:01:05.0422 4740        drmkaud - ok
10:01:05.0500 4740        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:01:05.0547 4740        DXGKrnl - ok
10:01:05.0578 4740        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:01:05.0687 4740        EapHost - ok
10:01:05.0905 4740        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:01:06.0015 4740        ebdrv - ok
10:01:06.0155 4740        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
10:01:06.0233 4740        EFS - ok
10:01:06.0358 4740        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
10:01:06.0451 4740        ehRecvr - ok
10:01:06.0592 4740        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:01:06.0701 4740        ehSched - ok
10:01:06.0810 4740        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:01:06.0857 4740        elxstor - ok
10:01:06.0904 4740        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:01:06.0935 4740        ErrDev - ok
10:01:06.0997 4740        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:01:07.0060 4740        EventSystem - ok
10:01:07.0107 4740        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:01:07.0169 4740        exfat - ok
10:01:07.0200 4740        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:01:07.0263 4740        fastfat - ok
10:01:07.0356 4740        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
10:01:07.0465 4740        Fax - ok
10:01:07.0497 4740        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:01:07.0543 4740        fdc - ok
10:01:07.0590 4740        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:01:07.0684 4740        fdPHost - ok
10:01:07.0715 4740        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:01:07.0777 4740        FDResPub - ok
10:01:07.0809 4740        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:01:07.0824 4740        FileInfo - ok
10:01:07.0871 4740        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:01:07.0933 4740        Filetrace - ok
10:01:07.0965 4740        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:01:08.0027 4740        flpydisk - ok
10:01:08.0074 4740        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:01:08.0121 4740        FltMgr - ok
10:01:08.0214 4740        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
10:01:08.0292 4740        FontCache - ok
10:01:08.0370 4740        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:01:08.0386 4740        FontCache3.0.0.0 - ok
10:01:08.0401 4740        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:01:08.0417 4740        FsDepends - ok
10:01:08.0464 4740        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
10:01:08.0495 4740        Fs_Rec - ok
10:01:08.0589 4740        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:01:08.0635 4740        fvevol - ok
10:01:08.0682 4740        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:01:08.0698 4740        gagp30kx - ok
10:01:08.0745 4740        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:01:08.0760 4740        GEARAspiWDM - ok
10:01:08.0838 4740        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
10:01:08.0916 4740        gpsvc - ok
10:01:09.0072 4740        gupdate        (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
10:01:09.0103 4740        gupdate - ok
10:01:09.0119 4740        gupdatem        (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
10:01:09.0135 4740        gupdatem - ok
10:01:09.0166 4740        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:01:09.0213 4740        hcw85cir - ok
10:01:09.0291 4740        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:01:09.0322 4740        HdAudAddService - ok
10:01:09.0353 4740        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:01:09.0400 4740        HDAudBus - ok
10:01:09.0447 4740        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:01:09.0478 4740        HidBatt - ok
10:01:09.0509 4740        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:01:09.0556 4740        HidBth - ok
10:01:09.0587 4740        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:01:09.0649 4740        HidIr - ok
10:01:09.0696 4740        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
10:01:09.0774 4740        hidserv - ok
10:01:09.0868 4740        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
10:01:09.0883 4740        HidUsb - ok
10:01:09.0930 4740        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
10:01:09.0993 4740        hkmsvc - ok
10:01:10.0039 4740        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
10:01:10.0102 4740        HomeGroupListener - ok
10:01:10.0180 4740        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
10:01:10.0258 4740        HomeGroupProvider - ok
10:01:10.0336 4740        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:01:10.0367 4740        HpSAMD - ok
10:01:10.0476 4740        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:01:10.0539 4740        HTTP - ok
10:01:10.0585 4740        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:01:10.0601 4740        hwpolicy - ok
10:01:10.0663 4740        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:01:10.0695 4740        i8042prt - ok
10:01:10.0788 4740        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:01:10.0804 4740        iaStorV - ok
10:01:10.0975 4740        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:01:11.0038 4740        idsvc - ok
10:01:11.0085 4740        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:01:11.0100 4740        iirsp - ok
10:01:11.0194 4740        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
10:01:11.0272 4740        IKEEXT - ok
10:01:11.0303 4740        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:01:11.0319 4740        intelide - ok
10:01:11.0365 4740        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:01:11.0412 4740        intelppm - ok
10:01:11.0459 4740        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:01:11.0553 4740        IPBusEnum - ok
10:01:11.0584 4740        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:01:11.0646 4740        IpFilterDriver - ok
10:01:11.0740 4740        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
10:01:11.0787 4740        iphlpsvc - ok
10:01:11.0849 4740        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:01:11.0896 4740        IPMIDRV - ok
10:01:11.0943 4740        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:01:12.0052 4740        IPNAT - ok
10:01:12.0192 4740        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
10:01:12.0239 4740        iPod Service - ok
10:01:12.0270 4740        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:01:12.0317 4740        IRENUM - ok
10:01:12.0364 4740        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:01:12.0379 4740        isapnp - ok
10:01:12.0442 4740        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:01:12.0489 4740        iScsiPrt - ok
10:01:12.0551 4740        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:01:12.0598 4740        kbdclass - ok
10:01:12.0645 4740        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:01:12.0676 4740        kbdhid - ok
10:01:12.0707 4740        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:01:12.0738 4740        KeyIso - ok
10:01:12.0754 4740        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:01:12.0769 4740        KSecDD - ok
10:01:12.0785 4740        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:01:12.0816 4740        KSecPkg - ok
10:01:12.0863 4740        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:01:12.0925 4740        KtmRm - ok
10:01:13.0003 4740        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
10:01:13.0097 4740        LanmanServer - ok
10:01:13.0144 4740        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
10:01:13.0206 4740        LanmanWorkstation - ok
10:01:13.0269 4740        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:01:13.0331 4740        lltdio - ok
10:01:13.0378 4740        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:01:13.0425 4740        lltdsvc - ok
10:01:13.0440 4740        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:01:13.0471 4740        lmhosts - ok
10:01:13.0518 4740        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:01:13.0534 4740        LSI_FC - ok
10:01:13.0549 4740        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:01:13.0581 4740        LSI_SAS - ok
10:01:13.0612 4740        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:01:13.0627 4740        LSI_SAS2 - ok
10:01:13.0659 4740        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:01:13.0674 4740        LSI_SCSI - ok
10:01:13.0690 4740        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:01:13.0737 4740        luafv - ok
10:01:13.0783 4740        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
10:01:13.0830 4740        Mcx2Svc - ok
10:01:13.0846 4740        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:01:13.0877 4740        megasas - ok
10:01:13.0924 4740        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:01:13.0971 4740        MegaSR - ok
10:01:14.0095 4740        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:01:14.0111 4740        Microsoft Office Groove Audit Service - ok
10:01:14.0142 4740        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:01:14.0205 4740        MMCSS - ok
10:01:14.0236 4740        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:01:14.0329 4740        Modem - ok
10:01:14.0376 4740        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:01:14.0439 4740        monitor - ok
10:01:14.0517 4740        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
10:01:14.0532 4740        mouclass - ok
10:01:14.0563 4740        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:01:14.0610 4740        mouhid - ok
10:01:14.0657 4740        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:01:14.0673 4740        mountmgr - ok
10:01:14.0751 4740        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:01:14.0797 4740        MozillaMaintenance - ok
10:01:14.0860 4740        MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
10:01:14.0907 4740        MpFilter - ok
10:01:14.0969 4740        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:01:14.0985 4740        mpio - ok
10:01:15.0109 4740        MpKsld5b03b59  (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsld5b03b59.sys
10:01:15.0125 4740        MpKsld5b03b59 - ok
10:01:15.0156 4740        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:01:15.0219 4740        mpsdrv - ok
10:01:15.0297 4740        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
10:01:15.0406 4740        MpsSvc - ok
10:01:15.0437 4740        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:01:15.0484 4740        MRxDAV - ok
10:01:15.0562 4740        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:01:15.0593 4740        mrxsmb - ok
10:01:15.0640 4740        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:01:15.0671 4740        mrxsmb10 - ok
10:01:15.0702 4740        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:01:15.0733 4740        mrxsmb20 - ok
10:01:15.0796 4740        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:01:15.0843 4740        msahci - ok
10:01:15.0936 4740        MSCamSvc        (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
10:01:15.0952 4740        MSCamSvc - ok
10:01:15.0999 4740        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:01:16.0014 4740        msdsm - ok
10:01:16.0045 4740        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:01:16.0092 4740        MSDTC - ok
10:01:16.0155 4740        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:01:16.0186 4740        Msfs - ok
10:01:16.0201 4740        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:01:16.0264 4740        mshidkmdf - ok
10:01:16.0295 4740        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:01:16.0326 4740        msisadrv - ok
10:01:16.0389 4740        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:01:16.0467 4740        MSiSCSI - ok
10:01:16.0482 4740        msiserver - ok
10:01:16.0529 4740        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:01:16.0591 4740        MSKSSRV - ok
10:01:16.0669 4740        MsMpSvc        (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:01:16.0685 4740        MsMpSvc - ok
10:01:16.0716 4740        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:01:16.0763 4740        MSPCLOCK - ok
10:01:16.0779 4740        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:01:16.0825 4740        MSPQM - ok
10:01:16.0872 4740        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:01:16.0888 4740        MsRPC - ok
10:01:16.0935 4740        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:01:16.0950 4740        mssmbios - ok
10:01:16.0966 4740        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:01:16.0997 4740        MSTEE - ok
10:01:17.0013 4740        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:01:17.0044 4740        MTConfig - ok
10:01:17.0091 4740        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:01:17.0137 4740        Mup - ok
10:01:17.0215 4740        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
10:01:17.0278 4740        napagent - ok
10:01:17.0340 4740        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:01:17.0356 4740        NativeWifiP - ok
10:01:17.0434 4740        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:01:17.0465 4740        NDIS - ok
10:01:17.0512 4740        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:01:17.0543 4740        NdisCap - ok
10:01:17.0574 4740        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:01:17.0668 4740        NdisTapi - ok
10:01:17.0746 4740        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:01:17.0824 4740        Ndisuio - ok
10:01:17.0855 4740        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:01:17.0917 4740        NdisWan - ok
10:01:17.0964 4740        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:01:18.0027 4740        NDProxy - ok
10:01:18.0073 4740        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:01:18.0167 4740        NetBIOS - ok
10:01:18.0229 4740        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:01:18.0323 4740        NetBT - ok
10:01:18.0354 4740        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:01:18.0370 4740        Netlogon - ok
10:01:18.0432 4740        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:01:18.0510 4740        Netman - ok
10:01:18.0557 4740        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:01:18.0619 4740        netprofm - ok
10:01:18.0729 4740        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:01:18.0775 4740        NetTcpPortSharing - ok
10:01:18.0822 4740        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:01:18.0838 4740        nfrd960 - ok
10:01:18.0916 4740        NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:01:18.0931 4740        NisDrv - ok
10:01:19.0009 4740        NisSrv          (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:01:19.0041 4740        NisSrv - ok
10:01:19.0087 4740        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
10:01:19.0181 4740        NlaSvc - ok
10:01:19.0228 4740        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:01:19.0306 4740        Npfs - ok
10:01:19.0337 4740        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:01:19.0384 4740        nsi - ok
10:01:19.0399 4740        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:01:19.0462 4740        nsiproxy - ok
10:01:19.0571 4740        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:01:19.0618 4740        Ntfs - ok
10:01:19.0649 4740        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:01:19.0711 4740        Null - ok
10:01:19.0758 4740        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:01:19.0805 4740        nvraid - ok
10:01:19.0836 4740        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:01:19.0883 4740        nvstor - ok
10:01:19.0930 4740        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:01:19.0945 4740        nv_agp - ok
10:01:20.0086 4740        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:01:20.0117 4740        odserv - ok
10:01:20.0164 4740        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:01:20.0211 4740        ohci1394 - ok
10:01:20.0304 4740        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:01:20.0335 4740        ose - ok
10:01:20.0413 4740        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:01:20.0491 4740        p2pimsvc - ok
10:01:20.0523 4740        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:01:20.0554 4740        p2psvc - ok
10:01:20.0601 4740        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:01:20.0632 4740        Parport - ok
10:01:20.0679 4740        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
10:01:20.0694 4740        partmgr - ok
10:01:20.0710 4740        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:01:20.0741 4740        Parvdm - ok
10:01:20.0788 4740        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:01:20.0850 4740        PcaSvc - ok
10:01:20.0913 4740        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:01:20.0928 4740        pci - ok
10:01:20.0975 4740        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:01:21.0006 4740        pciide - ok
10:01:21.0037 4740        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:01:21.0069 4740        pcmcia - ok
10:01:21.0084 4740        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:01:21.0100 4740        pcw - ok
10:01:21.0162 4740        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:01:21.0240 4740        PEAUTH - ok
10:01:21.0349 4740        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
10:01:21.0474 4740        PeerDistSvc - ok
10:01:21.0677 4740        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
10:01:21.0802 4740        pla - ok
10:01:21.0973 4740        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
10:01:22.0051 4740        PlugPlay - ok
10:01:22.0098 4740        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:01:22.0145 4740        PNRPAutoReg - ok
10:01:22.0207 4740        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:01:22.0254 4740        PNRPsvc - ok
10:01:22.0317 4740        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
10:01:22.0379 4740        PolicyAgent - ok
10:01:22.0441 4740        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
10:01:22.0488 4740        Power - ok
10:01:22.0566 4740        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:01:22.0644 4740        PptpMiniport - ok
10:01:22.0675 4740        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:01:22.0707 4740        Processor - ok
10:01:22.0785 4740        ProfSvc        (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
10:01:22.0847 4740        ProfSvc - ok
10:01:22.0894 4740        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:01:22.0909 4740        ProtectedStorage - ok
10:01:22.0956 4740        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:01:23.0003 4740        Psched - ok
10:01:23.0112 4740        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:01:23.0175 4740        ql2300 - ok
10:01:23.0331 4740        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:01:23.0346 4740        ql40xx - ok
10:01:23.0393 4740        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:01:23.0440 4740        QWAVE - ok
10:01:23.0471 4740        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:01:23.0518 4740        QWAVEdrv - ok
10:01:23.0549 4740        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:01:23.0643 4740        RasAcd - ok
10:01:23.0689 4740        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:01:23.0736 4740        RasAgileVpn - ok
10:01:23.0783 4740        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:01:23.0830 4740        RasAuto - ok
10:01:23.0877 4740        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:01:23.0908 4740        Rasl2tp - ok
10:01:23.0986 4740        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
10:01:24.0095 4740        RasMan - ok
10:01:24.0126 4740        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:01:24.0189 4740        RasPppoe - ok
10:01:24.0235 4740        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:01:24.0298 4740        RasSstp - ok
10:01:24.0345 4740        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:01:24.0407 4740        rdbss - ok
10:01:24.0438 4740        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:01:24.0454 4740        rdpbus - ok
10:01:24.0501 4740        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:01:24.0594 4740        RDPCDD - ok
10:01:24.0625 4740        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:01:24.0657 4740        RDPDR - ok
10:01:24.0688 4740        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:01:24.0750 4740        RDPENCDD - ok
10:01:24.0781 4740        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:01:24.0828 4740        RDPREFMP - ok
10:01:24.0891 4740        RDPWD          (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
10:01:24.0969 4740        RDPWD - ok
10:01:25.0031 4740        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:01:25.0062 4740        rdyboost - ok
10:01:25.0094 4740        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:01:25.0157 4740        RemoteAccess - ok
10:01:25.0204 4740        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:01:25.0266 4740        RemoteRegistry - ok
10:01:25.0313 4740        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:01:25.0406 4740        RpcEptMapper - ok
10:01:25.0438 4740        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:01:25.0484 4740        RpcLocator - ok
10:01:25.0531 4740        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:01:25.0578 4740        RpcSs - ok
10:01:25.0625 4740        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:01:25.0656 4740        rspndr - ok
10:01:25.0703 4740        RTL8167        (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
10:01:25.0750 4740        RTL8167 - ok
10:01:25.0796 4740        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:01:25.0874 4740        s3cap - ok
10:01:25.0906 4740        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:01:25.0921 4740        SamSs - ok
10:01:25.0984 4740        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:01:25.0999 4740        sbp2port - ok
10:01:26.0046 4740        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:01:26.0108 4740        SCardSvr - ok
10:01:26.0140 4740        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:01:26.0202 4740        scfilter - ok
10:01:26.0311 4740        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
10:01:26.0389 4740        Schedule - ok
10:01:26.0436 4740        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:01:26.0483 4740        SCPolicySvc - ok
10:01:26.0530 4740        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
10:01:26.0576 4740        SDRSVC - ok
10:01:26.0623 4740        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:01:26.0717 4740        secdrv - ok
10:01:26.0764 4740        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:01:26.0857 4740        seclogon - ok
10:01:26.0888 4740        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:01:26.0951 4740        SENS - ok
10:01:26.0998 4740        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:01:27.0044 4740        SensrSvc - ok
10:01:27.0076 4740        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:01:27.0091 4740        Serenum - ok
10:01:27.0107 4740        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:01:27.0154 4740        Serial - ok
10:01:27.0185 4740        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:01:27.0200 4740        sermouse - ok
10:01:27.0278 4740        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
10:01:27.0356 4740        SessionEnv - ok
10:01:27.0403 4740        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:01:27.0434 4740        sffdisk - ok
10:01:27.0466 4740        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:01:27.0497 4740        sffp_mmc - ok
10:01:27.0512 4740        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:01:27.0544 4740        sffp_sd - ok
10:01:27.0559 4740        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:01:27.0575 4740        sfloppy - ok
10:01:27.0637 4740        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:01:27.0684 4740        SharedAccess - ok
10:01:27.0731 4740        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
10:01:27.0793 4740        ShellHWDetection - ok
10:01:27.0840 4740        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:01:27.0871 4740        sisagp - ok
10:01:27.0918 4740        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:01:27.0949 4740        SiSRaid2 - ok
10:01:27.0965 4740        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:01:27.0980 4740        SiSRaid4 - ok
10:01:28.0012 4740        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:01:28.0058 4740        Smb - ok
10:01:28.0152 4740        smserial        (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
10:01:28.0214 4740        smserial - ok
10:01:28.0277 4740        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:01:28.0292 4740        SNMPTRAP - ok
10:01:28.0339 4740        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:01:28.0355 4740        spldr - ok
10:01:28.0433 4740        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
10:01:28.0495 4740        Spooler - ok
10:01:28.0729 4740        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
10:01:28.0854 4740        sppsvc - ok
10:01:28.0979 4740        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
10:01:29.0057 4740        sppuinotify - ok
10:01:29.0150 4740        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:01:29.0182 4740        srv - ok
10:01:29.0213 4740        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:01:29.0260 4740        srv2 - ok
10:01:29.0291 4740        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:01:29.0306 4740        srvnet - ok
10:01:29.0353 4740        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:01:29.0400 4740        SSDPSRV - ok
10:01:29.0416 4740        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:01:29.0478 4740        SstpSvc - ok
10:01:29.0525 4740        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:01:29.0540 4740        stexstor - ok
10:01:29.0618 4740        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
10:01:29.0712 4740        StiSvc - ok
10:01:29.0759 4740        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:01:29.0806 4740        storflt - ok
10:01:29.0821 4740        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
10:01:29.0852 4740        StorSvc - ok
10:01:29.0899 4740        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:01:29.0915 4740        storvsc - ok
10:01:29.0962 4740        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:01:29.0977 4740        swenum - ok
10:01:30.0040 4740        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:01:30.0086 4740        swprv - ok
10:01:30.0196 4740        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
10:01:30.0274 4740        SysMain - ok
10:01:30.0320 4740        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
10:01:30.0367 4740        TabletInputService - ok
10:01:30.0430 4740        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
10:01:30.0476 4740        TapiSrv - ok
10:01:30.0492 4740        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:01:30.0570 4740        TBS - ok
10:01:30.0757 4740        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
10:01:30.0851 4740        Tcpip - ok
10:01:30.0866 4740        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
10:01:30.0929 4740        TCPIP6 - ok
10:01:30.0976 4740        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:01:31.0038 4740        tcpipreg - ok
10:01:31.0069 4740        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:01:31.0132 4740        TDPIPE - ok
10:01:31.0147 4740        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:01:31.0178 4740        TDTCP - ok
10:01:31.0241 4740        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:01:31.0303 4740        tdx - ok
10:01:31.0350 4740        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:01:31.0366 4740        TermDD - ok
10:01:31.0428 4740        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
10:01:31.0506 4740        TermService - ok
10:01:31.0537 4740        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:01:31.0584 4740        Themes - ok
10:01:31.0615 4740        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:01:31.0662 4740        THREADORDER - ok
10:01:31.0693 4740        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:01:31.0756 4740        TrkWks - ok
10:01:31.0865 4740        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
10:01:31.0943 4740        TrustedInstaller - ok
10:01:31.0974 4740        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:01:32.0036 4740        tssecsrv - ok
10:01:32.0083 4740        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:01:32.0146 4740        TsUsbFlt - ok
10:01:32.0224 4740        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:01:32.0302 4740        tunnel - ok
10:01:32.0348 4740        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:01:32.0395 4740        uagp35 - ok
10:01:32.0442 4740        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:01:32.0504 4740        udfs - ok
10:01:32.0551 4740        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:01:32.0582 4740        UI0Detect - ok
10:01:32.0660 4740        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:01:32.0676 4740        uliagpkx - ok
10:01:32.0738 4740        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:01:32.0785 4740        umbus - ok
10:01:32.0832 4740        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:01:32.0863 4740        UmPass - ok
10:01:32.0926 4740        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
10:01:32.0941 4740        UmRdpService - ok
10:01:33.0004 4740        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:01:33.0066 4740        upnphost - ok
10:01:33.0128 4740        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
10:01:33.0160 4740        USBAAPL - ok
10:01:33.0222 4740        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
10:01:33.0269 4740        usbaudio - ok
10:01:33.0316 4740        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:01:33.0378 4740        usbccgp - ok
10:01:33.0440 4740        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:01:33.0487 4740        usbcir - ok
10:01:33.0518 4740        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:01:33.0534 4740        usbehci - ok
10:01:33.0612 4740        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:01:33.0674 4740        usbhub - ok
10:01:33.0721 4740        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
10:01:33.0768 4740        usbohci - ok
10:01:33.0815 4740        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:01:33.0862 4740        usbprint - ok
10:01:33.0877 4740        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
10:01:33.0971 4740        USBSTOR - ok
10:01:34.0033 4740        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
10:01:34.0049 4740        usbuhci - ok
10:01:34.0064 4740        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:01:34.0127 4740        UxSms - ok
10:01:34.0174 4740        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:01:34.0189 4740        VaultSvc - ok
10:01:34.0252 4740        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:01:34.0267 4740        vdrvroot - ok
10:01:34.0345 4740        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
10:01:34.0454 4740        vds - ok
10:01:34.0486 4740        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:01:34.0501 4740        vga - ok
10:01:34.0532 4740        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:01:34.0564 4740        VgaSave - ok
10:01:34.0626 4740        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:01:34.0642 4740        vhdmp - ok
10:01:34.0688 4740        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:01:34.0720 4740        viaagp - ok
10:01:34.0735 4740        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:01:34.0782 4740        ViaC7 - ok
10:01:34.0829 4740        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:01:34.0860 4740        viaide - ok
10:01:34.0922 4740        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:01:34.0938 4740        vmbus - ok
10:01:34.0969 4740        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:01:35.0016 4740        VMBusHID - ok
10:01:35.0063 4740        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:01:35.0078 4740        volmgr - ok
10:01:35.0141 4740        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:01:35.0156 4740        volmgrx - ok
10:01:35.0219 4740        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:01:35.0234 4740        volsnap - ok
10:01:35.0375 4740        vpnagent        (d6653180d162cb3144fdbc8a651cebb1) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
10:01:35.0546 4740        vpnagent - ok
10:01:35.0624 4740        vpnva          (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys
10:01:35.0624 4740        vpnva - ok
10:01:35.0671 4740        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:01:35.0702 4740        vsmraid - ok
10:01:35.0827 4740        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
10:01:35.0968 4740        VSS - ok
10:01:35.0999 4740        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:01:36.0046 4740        vwifibus - ok
10:01:36.0077 4740        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:01:36.0092 4740        vwififlt - ok
10:01:36.0280 4740        VX1000          (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys
10:01:36.0358 4740        VX1000 - ok
10:01:36.0498 4740        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:01:36.0592 4740        W32Time - ok
10:01:36.0654 4740        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:01:36.0685 4740        WacomPen - ok
10:01:36.0748 4740        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:01:36.0794 4740        WANARP - ok
10:01:36.0794 4740        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:01:36.0826 4740        Wanarpv6 - ok
10:01:36.0997 4740        WatAdminSvc    (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
10:01:37.0075 4740        WatAdminSvc - ok
10:01:37.0184 4740        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
10:01:37.0231 4740        wbengine - ok
10:01:37.0278 4740        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:01:37.0325 4740        WbioSrvc - ok
10:01:37.0387 4740        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
10:01:37.0465 4740        wcncsvc - ok
10:01:37.0481 4740        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:01:37.0543 4740        WcsPlugInService - ok
10:01:37.0621 4740        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:01:37.0637 4740        Wd - ok
10:01:37.0684 4740        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:01:37.0715 4740        Wdf01000 - ok
10:01:37.0746 4740        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:01:37.0840 4740        WdiServiceHost - ok
10:01:37.0855 4740        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:01:37.0902 4740        WdiSystemHost - ok
10:01:38.0042 4740        Web Assistant Updater (5cab8953e4a9301553ae5fbe7832767a) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
10:01:38.0214 4740        Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
10:01:38.0214 4740        Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
10:01:38.0276 4740        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
10:01:38.0308 4740        WebClient - ok
10:01:38.0339 4740        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:01:38.0386 4740        Wecsvc - ok
10:01:38.0417 4740        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:01:38.0448 4740        wercplsupport - ok
10:01:38.0495 4740        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:01:38.0542 4740        WerSvc - ok
10:01:38.0573 4740        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:01:38.0604 4740        WfpLwf - ok
10:01:38.0620 4740        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:01:38.0635 4740        WIMMount - ok
10:01:38.0729 4740        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:01:38.0807 4740        WinDefend - ok
10:01:38.0822 4740        WinHttpAutoProxySvc - ok
10:01:38.0916 4740        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:01:38.0994 4740        Winmgmt - ok
10:01:39.0103 4740        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
10:01:39.0166 4740        WinRM - ok
10:01:39.0275 4740        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
10:01:39.0306 4740        WinUsb - ok
10:01:39.0415 4740        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:01:39.0509 4740        Wlansvc - ok
10:01:39.0556 4740        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:01:39.0571 4740        WmiAcpi - ok
10:01:39.0649 4740        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:01:39.0696 4740        wmiApSrv - ok
10:01:39.0868 4740        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:01:39.0977 4740        WMPNetworkSvc - ok
10:01:40.0008 4740        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:01:40.0070 4740        WPCSvc - ok
10:01:40.0117 4740        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
10:01:40.0148 4740        WPDBusEnum - ok
10:01:40.0211 4740        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:01:40.0273 4740        ws2ifsl - ok
10:01:40.0336 4740        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
10:01:40.0398 4740        wscsvc - ok
10:01:40.0414 4740        WSearch - ok
10:01:40.0616 4740        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
10:01:40.0726 4740        wuauserv - ok
10:01:40.0897 4740        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:01:40.0928 4740        WudfPf - ok
10:01:40.0975 4740        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:01:41.0006 4740        WUDFRd - ok
10:01:41.0069 4740        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
10:01:41.0147 4740        wudfsvc - ok
10:01:41.0194 4740        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:01:41.0240 4740        WwanSvc - ok
10:01:41.0303 4740        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:01:41.0584 4740        \Device\Harddisk0\DR0 - ok
10:01:41.0599 4740        Boot (0x1200)  (e958823fc5d9a649bbec25940721b25c) \Device\Harddisk0\DR0\Partition0
10:01:41.0599 4740        \Device\Harddisk0\DR0\Partition0 - ok
10:01:41.0630 4740        Boot (0x1200)  (63dabe9566f05ecff3b2e0bf67fe5fd7) \Device\Harddisk0\DR0\Partition1
10:01:41.0630 4740        \Device\Harddisk0\DR0\Partition1 - ok
10:01:41.0630 4740        ============================================================
10:01:41.0630 4740        Scan finished
10:01:41.0630 4740        ============================================================
10:01:41.0662 4708        Detected object count: 1
10:01:41.0662 4708        Actual detected object count: 1
10:02:00.0132 4708        Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
10:02:00.0132 4708        Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
Ich bin jetzt am PC meines Mitbewohners. Mein Laptop hat sich eben einfach so komplett ausgeschaltet ohne runterzufahren. Einfach !Zack! aus. Habe zweimal versucht ihn wieder anzumachen und er ist beide Male wieder ausgegangen. Jetzt is alles kaputt oder wie? Naja dachte das solltest du wissen...:headbang: (also nachdem ich den Scan gemacht und den Log gepostet hatte)

cosinus 19.06.2012 11:24
Zitat:
Habe zweimal versucht ihn wieder anzumachen und er ist beide Male wieder ausgegangen.
Wo genau ist er ausgegangen? Wurde Windows da gerade gebootet, war Windows schon oben oder direkt nach dem Anschalten, also als noch nichtmal das Booten von Windows anfing? :wtf:

TimKnopf 19.06.2012 11:43
Beim ersten Mal direkt nach dem Anschalten (also vorm booten von Windows) und beim zweiten Mal während des Bootvorgangs von Windows.

Edit: Oh man ist das peinlich jetzt!! Dachte mir eben ich probiers nochmal und bemerkte bzw. erinnerte mich dran, dass ich gestern Abend den Stecker rausgezogen hatte. Also Stecker wieder rein und läuft bzw. geht wieder an. war einfach nur der Akku alle vorhin. Mea culpa mea maxima culpa!!

cosinus 19.06.2012 12:31
Hehehe einfach nur Akku leergelutscht? :lach:

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

TimKnopf 19.06.2012 13:09
So. Combofix ausgeführt. Hier das Ergebnis.

Code:
ComboFix 12-06-19.01 - Tim 19.06.2012  13:51:01.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.1918.1392 [GMT 2:00]
ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Web Assistant\ExTEnsion32.dll
c:\users\Tim\Music\Funk 'n' Soul 'n' Jazz 'n' RnB\The Cat Empire - (2005) Two Shoes\_desktop.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-19 bis 2012-06-19  ))))))))))))))))))))))))))))))
.
.
2012-06-19 11:58 . 2012-06-19 11:58        --------        d-----w-        c:\users\Tim\AppData\Local\temp
2012-06-19 11:58 . 2012-06-19 11:58        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-19 11:38 . 2012-06-19 11:38        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsl12ac70dc.sys
2012-06-19 11:37 . 2012-06-19 11:37        56200        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\offreg.dll
2012-06-19 07:59 . 2012-06-19 07:59        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsld5b03b59.sys
2012-06-18 21:10 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\mpengine.dll
2012-06-18 20:16 . 2012-06-18 20:16        --------        d-----w-        C:\_OTL
2012-06-17 14:28 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 09:38 . 2012-06-14 09:38        --------        d-----w-        c:\users\Tim\AppData\Roaming\Malwarebytes
2012-06-14 09:37 . 2012-06-14 09:37        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-14 09:37 . 2012-06-14 09:37        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-06-14 09:37 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-13 10:14 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-13 10:14 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-13 10:14 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-13 09:07 . 2012-04-28 03:17        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:30 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\system32\msi.dll
2012-06-13 08:30 . 2012-05-15 01:05        2343936        ----a-w-        c:\windows\system32\win32k.sys
2012-06-13 08:30 . 2012-04-26 04:45        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-13 08:30 . 2012-04-26 04:45        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-13 08:30 . 2012-04-26 04:41        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-13 08:29 . 2012-05-01 04:44        164352        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-12 14:48 . 2012-06-19 11:56        --------        d-----w-        c:\program files\Web Assistant
2012-06-12 14:47 . 2012-06-12 16:08        --------        d-----w-        c:\users\Tim\AppData\Roaming\.freeciv
2012-06-12 14:46 . 2012-06-14 12:33        --------        d-----w-        c:\program files\Freeciv-2.1.10-gtk2
2012-06-12 14:03 . 2012-02-10 23:52        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0CF110E-DE33-4C66-B100-A2B2461B7C59}\gapaengine.dll
2012-06-12 09:23 . 2012-06-12 09:23        --------        d-----w-        c:\users\Tim\AppData\Local\Macromedia
2012-06-05 14:31 . 2012-06-12 14:46        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-05 11:51 . 2012-06-05 11:51        --------        d-----w-        c:\program files\Microsoft
2012-06-05 11:30 . 2012-06-05 11:30        --------        d-----w-        c:\windows\system32\SPReview
2012-06-05 11:29 . 2012-06-05 11:29        --------        d-----w-        c:\windows\system32\EventProviders
2012-05-29 12:32 . 2012-05-29 19:34        --------        d-----w-        c:\users\Tim\AppData\Roaming\DVD Flick
2012-05-29 12:31 . 2008-08-31 11:27        28672        ----a-w-        c:\windows\system32\mousewheel.ocx
2012-05-29 12:31 . 2007-08-31 16:36        36864        ----a-w-        c:\windows\system32\trayicon_handler.ocx
2012-05-29 12:31 . 2004-03-08 22:00        662288        ----a-w-        c:\windows\system32\mscomct2.ocx
2012-05-29 12:31 . 2004-03-08 22:00        609824        ----a-w-        c:\windows\system32\comctl32.ocx
2012-05-29 12:31 . 2003-01-26 11:41        40960        ----a-w-        c:\windows\system32\ssubtmr6.dll
2012-05-29 12:31 . 1998-06-23 22:00        164144        ----a-w-        c:\windows\system32\comct232.ocx
2012-05-29 12:31 . 2012-05-29 12:32        --------        d-----w-        c:\program files\DVD Flick
2012-05-29 12:31 . 2004-03-08 22:00        212240        ----a-w-        c:\windows\system32\richtx32.ocx
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 14:46 . 2011-12-08 05:08        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 11:43 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-03-31 04:39 . 2012-05-09 07:36        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 07:36        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 07:36        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-04-25 07:30 . 2011-12-07 11:49        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2010-01-21 2089472]
"Spotify Web Helper"="c:\users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55        937920        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
2010-01-21 10:32        2089472        ----a-w-        c:\program files\FeedReader30\feedreader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36        30040        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27        119152        ----a-w-        c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27        17351304        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32        61440        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 14:27        762736        ----a-w-        c:\windows\vVX1000.exe
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1343400]
S1 MpKsl12ac70dc;MpKsl12ac70dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsl12ac70dc.sys [2012-06-19 29904]
S1 MpKsld5b03b59;MpKsld5b03b59;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsld5b03b59.sys [2012-06-19 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-29 645048]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL12AC70DC
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEJx8HJ9&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 643367ab0000000000000016441ba299
FF - user.js: extensions.incredibar_i.instlDay - 15503
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:48
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyEJx8HJ9
FF - user.js: extensions.incredibar_i.upn2n - 92261573178531787
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-19  14:03:03
ComboFix-quarantined-files.txt  2012-06-19 12:03
.
Vor Suchlauf: 6 Verzeichnis(se), 59.023.077.376 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 59.041.542.144 Bytes frei
.
- - End Of File - - E326A1D5C6E0DA1CE85F6C3018937626
Es wurde soeben mal wieder Incredibar geöffnet, als ich den Browser nach dem Combofix geöffnet habe, kam das statt der Startseite. Vorher zeigt er immer irgendwas wildes mit yahoo an und dann geht er zu Incredibar. Ich habe übrigens auch Probleme mit dem Wlan. Das bricht zwischendurch immer ab oder es gibt nur eingeschränkte Konnektivität (Dieses Problem habe ich aber schon lange). Ich habe das Gefühl, dass dies Incredibar bevorzugt aufgeht wenn er gerade neu mit dem Wlan verbindet. Weiß nich ob das jetzt wichtig wahr.

cosinus 19.06.2012 14:11
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
Firefox::
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - http://mystart.Incredibar.com/?a=6OyEJx8HJ9&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 643367ab0000000000000016441ba299
FF - user.js: extensions.incredibar_i.instlDay - 15503
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:48
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyEJx8HJ9
FF - user.js: extensions.incredibar_i.upn2n - 92261573178531787
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

TimKnopf 19.06.2012 14:47
und der nächste...

Code:
ComboFix 12-06-19.01 - Tim 19.06.2012  15:21:33.2.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.1918.1145 [GMT 2:00]
ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Tim\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\erdnt\cache\userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-19 bis 2012-06-19  ))))))))))))))))))))))))))))))
.
.
2012-06-19 13:27 . 2012-06-19 13:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-19 12:05 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{559F9597-D1B1-4FEA-BAE0-7F64B5D6916F}\mpengine.dll
2012-06-19 12:03 . 2012-06-19 13:30        --------        d-----w-        c:\users\Tim\AppData\Local\temp
2012-06-18 20:16 . 2012-06-18 20:16        --------        d-----w-        C:\_OTL
2012-06-17 14:28 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 09:38 . 2012-06-14 09:38        --------        d-----w-        c:\users\Tim\AppData\Roaming\Malwarebytes
2012-06-14 09:37 . 2012-06-14 09:37        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-14 09:37 . 2012-06-14 09:37        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-06-14 09:37 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-13 10:14 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-13 10:14 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-13 10:14 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-13 09:07 . 2012-04-28 03:17        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:30 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\system32\msi.dll
2012-06-13 08:30 . 2012-05-15 01:05        2343936        ----a-w-        c:\windows\system32\win32k.sys
2012-06-13 08:30 . 2012-04-26 04:45        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-13 08:30 . 2012-04-26 04:45        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-13 08:30 . 2012-04-26 04:41        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-13 08:29 . 2012-05-01 04:44        164352        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-12 14:48 . 2012-06-19 11:56        --------        d-----w-        c:\program files\Web Assistant
2012-06-12 14:47 . 2012-06-12 16:08        --------        d-----w-        c:\users\Tim\AppData\Roaming\.freeciv
2012-06-12 14:46 . 2012-06-14 12:33        --------        d-----w-        c:\program files\Freeciv-2.1.10-gtk2
2012-06-12 14:03 . 2012-02-10 23:52        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0CF110E-DE33-4C66-B100-A2B2461B7C59}\gapaengine.dll
2012-06-12 09:23 . 2012-06-12 09:23        --------        d-----w-        c:\users\Tim\AppData\Local\Macromedia
2012-06-05 14:31 . 2012-06-12 14:46        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-05 11:51 . 2012-06-05 11:51        --------        d-----w-        c:\program files\Microsoft
2012-06-05 11:30 . 2012-06-05 11:30        --------        d-----w-        c:\windows\system32\SPReview
2012-06-05 11:29 . 2012-06-05 11:29        --------        d-----w-        c:\windows\system32\EventProviders
2012-05-29 12:32 . 2012-05-29 19:34        --------        d-----w-        c:\users\Tim\AppData\Roaming\DVD Flick
2012-05-29 12:31 . 2008-08-31 11:27        28672        ----a-w-        c:\windows\system32\mousewheel.ocx
2012-05-29 12:31 . 2007-08-31 16:36        36864        ----a-w-        c:\windows\system32\trayicon_handler.ocx
2012-05-29 12:31 . 2004-03-08 22:00        662288        ----a-w-        c:\windows\system32\mscomct2.ocx
2012-05-29 12:31 . 2004-03-08 22:00        609824        ----a-w-        c:\windows\system32\comctl32.ocx
2012-05-29 12:31 . 2003-01-26 11:41        40960        ----a-w-        c:\windows\system32\ssubtmr6.dll
2012-05-29 12:31 . 1998-06-23 22:00        164144        ----a-w-        c:\windows\system32\comct232.ocx
2012-05-29 12:31 . 2012-05-29 12:32        --------        d-----w-        c:\program files\DVD Flick
2012-05-29 12:31 . 2004-03-08 22:00        212240        ----a-w-        c:\windows\system32\richtx32.ocx
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 14:46 . 2011-12-08 05:08        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 11:43 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-03-31 04:39 . 2012-05-09 07:36        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 07:36        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 07:36        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-04-25 07:30 . 2011-12-07 11:49        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2010-01-21 2089472]
"Spotify Web Helper"="c:\users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55        937920        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
2010-01-21 10:32        2089472        ----a-w-        c:\program files\FeedReader30\feedreader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36        30040        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27        119152        ----a-w-        c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27        17351304        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32        61440        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 14:27        762736        ----a-w-        c:\windows\vVX1000.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-29 645048]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-19  15:34:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-19 13:34
ComboFix2.txt  2012-06-19 12:03
.
Vor Suchlauf: 9 Verzeichnis(se), 58.951.487.488 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 59.026.673.664 Bytes frei
.
- - End Of File - - E3896B8B879DD57A9FACE6280ED1D10C


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:34 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19