| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rootkit-Scan (G-MER) Fund!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.11.2011, 14:29
| #1 |
 |  Rootkit-Scan (G-MER) Fund! Hallo, ist jetzt mein erster Beitrag, ich hoff ich mach jetzt alles richtig. Folgendes: Ich hab einfach mal G-MER nochmal testen lassen ob auf meim PC alles richtig is, und dann kamen diese Funde: (Fehlerberichte): GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-11-22 09:00:58 Windows 6.1.7600 Running: 07t6u2x0.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619cd5466 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619cd5466 (not active ControlSet) ---- EOF - GMER 1.0.15 ---- Kann mir wer helfen, ich hab echt keine Erfahrung damit :S Danke im Vorraus, LG KingSkull |
|
23.11.2011, 19:56
| #2 |
| |  Rootkit-Scan (G-MER) Fund! Bitte, ich bräuchte wirklich hilfe...
__________________ |
|
25.11.2011, 09:04
| #3 |
  | Rootkit-Scan (G-MER) Fund! Hi,
__________________das sieht eher nach einem Bluetooth-Service aus... Wieso lässt Du GMER scannen, gibt es Verdachtsmomenete? Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop * Doppelklick auf die OTL.exe * Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen * Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output * Unter Extra Registry, wähle bitte Use SafeList * Klicke nun auf Run Scan links oben * Wenn der Scan beendet wurde werden 2 Logfiles erstellt * Poste die Logfiles hier in den Thread. chris
__________________ |
|
25.11.2011, 17:36
| #4 |
| | Rootkit-Scan (G-MER) Fund! Hey erstmal danke für die Rückmeldung. Ja ich hatte einen Verdacht, denn als ich mir ein Texture Pack für minecraft gedownloadet hatte, meldete sich Avira, dass ich mir wohl einen Virus geholt habe, den ich aber mit Avira schnell wieder entfernen konnte. Um sicherzugehen, dass sonst nichts drauf ist, oder keine Rückstände vom Virus, ließ ich GMER drüberlaufen, und das ist rausgekommen. Jetzt habe ich mittlerweile noch mal den TrojanHunter drüberlaufen lassen (die Testversion) und da kam auch einiges zusammen, was ich jedoch nicht verstehe: Found trojan file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Decay.140(201)) Found trojan file: C:\OEM\Preload\Autorun\APP\Norton Online Backup\OnlineBackupARASetup-Acer.exe (TDSS.784(173)) Found trojan file: C:\OEM\Preload\Autorun\APP\Norton Online Backup\OnlineBackupARASetup-eMachines.exe (TDSS.784(173)) Found trojan file: C:\OEM\Preload\Autorun\APP\Norton Online Backup\OnlineBackupARASetup-Gateway.exe (TDSS.784(173)) Found trojan file: C:\OEM\Preload\Autorun\APP\Norton Online Backup\OnlineBackupARASetup-PackardBell.exe (TDSS.784(173)) Found trojan file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Decay.140(201)) Found trojan file: C:\Program Files (x86)\Metin2\errorlog.exe (Genome.3902(193)) Found trojan file: C:\Program Files (x86)\Metin2\hshield\ahnrpt.exe (Murlo.346(189)) Found trojan file: C:\Program Files (x86)\WinRAR\Rar.exe (Virus.163(208)) Found trojan file: C:\Users\Patrick\AppData\Local\Temp\FUJIFILM\Updater\terminate.exe (Plik.100(206)) z.B. Adobe ist doch keine Malware ?  also, kannst du mir damit vllt nochmal helfen? Danke im Vorraus! KingSkull |
|
26.11.2011, 14:56
| #5 |
| | Rootkit-Scan (G-MER) Fund! Hallo, bitte mach das was in meinem ersten Posting steht... Zusätzlich: TDSS-Killer Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150 Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
27.11.2011, 09:09
| #6 |
| | Rootkit-Scan (G-MER) Fund! Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8251 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 27.11.2011 09:01:50 mbam-log-2011-11-27 (09-01-50).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 178048 Laufzeit: 11 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) also, das kam bei diesem Malwarebytes raus. Was meinst du mit Signaturdateien, und reiter? |
|
27.11.2011, 13:10
| #7 |
| | Rootkit-Scan (G-MER) Fund! Hi, nicht Quickscan, Fullscan... Und poste auch die restlichen Logs... Chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
27.11.2011, 16:12
| #8 |
| | Rootkit-Scan (G-MER) Fund! OK passt nicht alles in einen post, ergebnisse von Malwarebytes und tdss kommen innen nächsten^^ OTL: 1.:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.11.2011 13:22:52 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Patrick\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 33,45% Memory free 7,35 Gb Paging File | 2,53 Gb Available in Paging File | 34,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 226,39 Gb Total Space | 149,02 Gb Free Space | 65,82% Space Free | Partition Type: NTFS Drive D: | 226,27 Gb Total Space | 225,73 Gb Free Space | 99,76% Space Free | Partition Type: NTFS Drive E: | 688,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\***\AppData\Roaming\eType\eTypeUpdate.exe (DSNR Labs) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.) PRC - C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\avutil-51.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\avformat-53.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\avcodec-53.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\APPLIC~1\150874~1.120\gcswf32.dll () MOD - C:\Users\***\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll () MOD - C:\Users\***\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll () MOD - C:\Users\***\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll () MOD - C:\Users\***\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1f8e3dde1c848c4c5ee635aa0dcfcfdd\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b6a8747fc31bd7eb902b39f884665b21\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Users\***\AppData\Roaming\eType\MyZip.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys () DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27361210v006l04c3z1i5t57l1k097 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27361210v006l04c3z1i5t57l1k097 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27361210v006l04c3z1i5t57l1k097 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27361210v006l04c3z1i5t57l1k097 IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\prxtbElf_.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - C:\Program Files (x86)\Productivity_2.1\prxtbProd.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5820tg&r=27361210v006l04c3z1i5t57l1k097 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ig?hl=de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.etypestart.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=697&product_id=730&affiliate_id=&channel=&toolbar_id=205&toolbar_version=2.3.0&install_country=DE&install_date=20110918&user_guid=DD7904DDE88C4BB78E09DA32512B8569&machine_id=977118642ec488b306c82aa264c1f767&browser=FF&os=win&os_version=6.1-x64-SP0" FF - prefs.js..keyword.URL: "hxxp://www.etypestart.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=697&product_id=730&affiliate_id=&channel=&toolbar_id=205&toolbar_version=2.3.0&install_country=DE&install_date=20110918&user_guid=DD7904DDE88C4BB78E09DA32512B8569&machine_id=977118642ec488b306c82aa264c1f767&browser=FF&os=win&os_version=6.1-x64-SP0&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.11.18 17:57:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.05 15:15:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.16 22:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.11.22 08:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4cb6g057.default\extensions [2011.07.27 15:10:39 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4cb6g057.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2011.07.27 15:10:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4cb6g057.default\extensions\engine@conduit.com [2011.09.18 19:20:06 | 000,001,391 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4cb6g057.default\searchplugins\yahoo-zugo.xml [2011.11.18 16:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.18 16:54:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.18 17:57:24 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4CB6G057.DEFAULT\EXTENSIONS\{BDE58274-7A2A-4682-8C47-A379DD9E36CB} [2011.07.08 08:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20101227210912.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110717040257.dll (McAfee, Inc.) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.) O2 - BHO: (Free Lunch Design TB Toolbar) - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\prxtbElf_.dll (Conduit Ltd.) O2 - BHO: (Productivity 2.1 Toolbar) - {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - C:\Program Files (x86)\Productivity_2.1\prxtbProd.dll (Conduit Ltd.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dllĀ File not found O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Free Lunch Design TB Toolbar) - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dllĀ File not found O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\prxtbElf_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Productivity 2.1 Toolbar) - {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - C:\Program Files (x86)\Productivity_2.1\prxtbProd.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design TB Toolbar) - {A5AE8924-4036-420F-B7F6-A47E4B8F692E} - C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Program Files (x86)\Elf_1.13\prxtbElf_.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Productivity 2.1 Toolbar) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - C:\Program Files (x86)\Productivity_2.1\prxtbProd.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [THGuard] C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security) O4 - HKCU..\Run: [eType] C:\Users\***\AppData\Roaming\eType\eType.exe (DSNR Labs ) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22F55A73-6191-44B6-AA4B-2111A417CD9A}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001.11.07 11:08:30 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{342898fb-c0ce-11df-9b46-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{342898fb-c0ce-11df-9b46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CD-Start.exe -- [2001.10.17 01:38:34 | 003,362,816 | R--- | M] () O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.27 13:26:20 | 000,000,000 | ---D | C] -- C:\TDSS [2011.11.27 13:20:42 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.11.27 08:55:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrojanHunter [2011.11.27 08:50:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.11.27 08:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.27 08:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.27 08:48:51 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.27 08:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.24 16:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter [2011.11.24 16:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter [2011.11.24 16:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.5 [2011.11.23 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft [2011.11.22 20:02:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Spawnergui_mod [2011.11.22 19:57:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ModLoader [2011.11.22 17:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.22 09:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} [2011.11.21 11:37:50 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Texturen [2011.11.20 17:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.20 17:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.11.20 17:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.20 17:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.11.18 16:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.11.18 16:54:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.11.18 16:54:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.11.18 16:54:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.11.17 19:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011.11.05 15:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.11.05 15:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime ========== Files - Modified Within 30 Days ========== [2011.11.27 13:25:04 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1771110696-1733054680-856737930-1000UA.job [2011.11.27 13:20:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.11.27 13:19:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.27 12:53:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.27 08:53:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.27 08:48:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.26 17:35:47 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1771110696-1733054680-856737930-1000Core.job [2011.11.24 16:44:26 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll [2011.11.24 16:44:22 | 000,001,009 | ---- | M] () -- C:\Users\***\Desktop\TrojanHunter.lnk [2011.11.22 20:26:23 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.22 20:26:23 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.22 20:26:23 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.22 20:26:23 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.22 20:26:23 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.22 17:56:16 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.22 09:30:34 | 035,967,060 | ---- | M] () -- C:\Users\***\Desktop\minecraft-world1-010.zip [2011.11.20 17:44:26 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.20 16:52:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.20 16:52:33 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.18 16:54:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.11.18 16:54:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.11.18 16:54:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.11.18 16:54:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.11.17 19:33:11 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2011.11.06 17:14:01 | 001,290,360 | ---- | M] () -- C:\Users\***\Documents\IMG_01112011_182437.png [2011.11.05 17:47:32 | 000,182,687 | ---- | M] () -- C:\Users\***\Documents\IMG_05112011_174657.png ========== Files Created - No Company Name ========== [2011.11.27 08:48:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.24 16:44:22 | 000,001,009 | ---- | C] () -- C:\Users\***\Desktop\TrojanHunter.lnk [2011.11.24 16:44:01 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll [2011.11.22 17:56:16 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.22 09:31:58 | 035,967,060 | ---- | C] () -- C:\Users\***\Desktop\minecraft-world1-010.zip [2011.11.22 07:42:46 | 001,287,168 | ---- | C] () -- C:\Users\***\Desktop\TileMaster.exe [2011.11.20 17:44:26 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.06 17:13:38 | 001,290,360 | ---- | C] () -- C:\Users\Patrick\Documents\IMG_01112011_182437.png [2011.11.05 17:47:25 | 000,182,687 | ---- | C] () -- C:\Users\Patrick\Documents\IMG_05112011_174657.png [2011.07.28 15:29:30 | 000,003,584 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.16 22:57:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.26 16:02:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.23 17:08:40 | 000,000,807 | ---- | C] () -- C:\Windows\Ssc.INI [2010.12.31 15:20:16 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll [2010.12.26 18:58:54 | 000,033,134 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2010.12.24 21:24:15 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.09.15 14:41:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.15 14:38:50 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2010.05.14 05:18:13 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.05.14 05:18:13 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.05.14 05:18:13 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.05.14 05:18:13 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.05.14 05:18:12 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.05.14 05:18:11 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.05.14 04:51:58 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== Files - Unicode (All) ========== [2011.07.17 21:37:03 | 004,138,996 | ---- | M] ()(C:\Users\***\Documents\ROCKST?R Präsi Right!!.pptx) -- C:\Users\***\Documents\ROCKST★R Präsi Right!!.pptx [2011.07.13 23:26:47 | 000,000,165 | -H-- | M] ()(C:\Users\***\Documents\~$ROCKST?R Präsi Right!!.pptx) -- C:\Users\***\Documents\~$ROCKST★R Präsi Right!!.pptx [2011.07.13 23:26:47 | 000,000,165 | -H-- | C] ()(C:\Users\***\Documents\~$ROCKST?R Präsi Right!!.pptx) -- C:\Users\***\Documents\~$ROCKST★R Präsi Right!!.pptx [2011.07.13 23:26:46 | 004,138,996 | ---- | C] ()(C:\Users\***\Documents\ROCKST?R Präsi Right!!.pptx) -- C:\Users\***\Documents\ROCKST★R Präsi Right!!.pptx [2011.07.13 18:34:17 | 003,670,111 | ---- | M] ()(C:\Users\***\Documents\ROCKST?R.pptx) -- C:\Users\***\Documents\ROCKST★R.pptx [2011.07.11 21:42:22 | 003,670,111 | ---- | C] ()(C:\Users\***\Documents\ROCKST?R.pptx) -- C:\Users\***\Documents\ROCKST★R.pptx [2011.07.11 21:41:52 | 001,724,293 | ---- | M] ()(C:\Users\***\Documents\ROCKST?R_Präsi.pptx) -- C:\Users\***\Documents\ROCKST★R_Präsi.pptx [2011.07.11 19:22:20 | 001,724,293 | ---- | C] ()(C:\Users\***\Documents\ROCKST?R_Präsi.pptx) -- C:\Users\***\Documents\ROCKST★R_Präsi.pptx ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D < End of report > 2.:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.11.2011 13:22:52 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 33,45% Memory free
7,35 Gb Paging File | 2,53 Gb Available in Paging File | 34,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,39 Gb Total Space | 149,02 Gb Free Space | 65,82% Space Free | Partition Type: NTFS
Drive D: | 226,27 Gb Total Space | 225,73 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
Drive E: | 688,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ***LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish
"{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian
"{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}" = FlatOut
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish
"{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All
"{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8B43173-DC55-4616-B750-CB113A76C773}" = Atheros USB Wireless LAN Driver Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing
"{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation
"{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian
"{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.4.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"conduitEngine" = Conduit Engine
"Elf_1.13 Toolbar" = Elf 1.13 Toolbar
"Free_Lunch_Design_TB Toolbar" = Free Lunch Design TB Toolbar
"Guild Wars" = GUILD WARS
"Icy Tower v1.5_is1" = Icy Tower v1.5
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{29F0D899-9614-4EB3-92A8-C9117FE9E405}" = Cobra 11 - Nitro
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"Knight Rider 2" = Knight Rider 2
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"MSC" = McAfee Internet Security Suite
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Productivity_2.1 Toolbar" = Productivity 2.1 Toolbar
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Supercar Street Challenge" = Supercar Street Challenge
"TrojanHunter_is1" = TrojanHunter 5.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab 3GP Converter" = FoxTab 3GP Converter
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.11.2011 12:04:09 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20.11.2011 12:04:09 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3120
Error - 20.11.2011 12:04:09 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3120
Error - 20.11.2011 12:04:10 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20.11.2011 12:04:10 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4150
Error - 20.11.2011 12:04:10 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4150
Error - 20.11.2011 12:04:11 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20.11.2011 12:04:11 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5148
Error - 20.11.2011 12:04:11 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5148
Error - 20.11.2011 12:04:12 | Computer Name = ***Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ Media Center Events ]
Error - 10.08.2011 03:23:50 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 09:23:50 - Fehler beim Herstellen der Internetverbindung. 09:23:50
- Serververbindung konnte nicht hergestellt werden..
Error - 10.08.2011 03:24:13 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 09:23:55 - Fehler beim Herstellen der Internetverbindung. 09:23:55
- Serververbindung konnte nicht hergestellt werden..
Error - 18.08.2011 04:11:16 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 10:11:16 - Fehler beim Herstellen der Internetverbindung. 10:11:16
- Serververbindung konnte nicht hergestellt werden..
Error - 18.08.2011 04:11:25 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 10:11:21 - Fehler beim Herstellen der Internetverbindung. 10:11:21
- Serververbindung konnte nicht hergestellt werden..
Error - 20.08.2011 15:06:57 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 21:06:57 - Fehler beim Herstellen der Internetverbindung. 21:06:57
- Serververbindung konnte nicht hergestellt werden..
Error - 20.08.2011 15:10:51 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 21:07:12 - Fehler beim Herstellen der Internetverbindung. 21:07:12
- Serververbindung konnte nicht hergestellt werden..
Error - 20.08.2011 17:34:20 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 23:34:20 - Fehler beim Herstellen der Internetverbindung. 23:34:20
- Serververbindung konnte nicht hergestellt werden..
Error - 20.08.2011 17:34:27 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 23:34:25 - Fehler beim Herstellen der Internetverbindung. 23:34:25
- Serververbindung konnte nicht hergestellt werden..
Error - 21.08.2011 05:43:07 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 11:43:07 - Fehler beim Herstellen der Internetverbindung. 11:43:07
- Serververbindung konnte nicht hergestellt werden..
Error - 21.08.2011 12:56:20 | Computer Name = ***Laptop | Source = MCUpdate | ID = 0
Description = 18:54:26 - Fehler beim Herstellen der Internetverbindung. 18:54:26
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 21.11.2011 14:55:20 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
Error - 22.11.2011 14:44:44 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
Error - 22.11.2011 14:56:44 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
Error - 22.11.2011 15:29:14 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
Error - 24.11.2011 15:06:56 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
Error - 25.11.2011 11:29:28 | Computer Name = ***Laptop | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{22F55A73-6191-44B6-AA4B-2111A417CD9A} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 25.11.2011 12:38:20 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
Error - 25.11.2011 14:59:11 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
Error - 26.11.2011 11:42:33 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
Error - 26.11.2011 12:36:13 | Computer Name = ***Laptop | Source = bowser | ID = 8003
Description =
< End of report >
|
|
27.11.2011, 16:15
| #9 |
| | Rootkit-Scan (G-MER) Fund! Malwarebytes: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8251 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 27.11.2011 15:52:40 mbam-log-2011-11-27 (15-52-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 360436 Laufzeit: 2 Stunde(n), 30 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab 3GP Converter (Adware.InstallCore) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files (x86)\foxtab3gpconverter\uninstall\uninstall.exe (Adware.InstallCore) -> Quarantined and deleted successfully. TDSS: 13:29:52.0278 11516 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 13:29:54.0280 11516 ============================================================ 13:29:54.0280 11516 Current date / time: 2011/11/27 13:29:54.0280 13:29:54.0280 11516 SystemInfo: 13:29:54.0280 11516 13:29:54.0281 11516 OS Version: 6.1.7600 ServicePack: 0.0 13:29:54.0281 11516 Product type: Workstation 13:29:54.0281 11516 ComputerName: ***LAPTOP 13:29:54.0281 11516 UserName: Patrick 13:29:54.0281 11516 Windows directory: C:\Windows 13:29:54.0281 11516 System windows directory: C:\Windows 13:29:54.0281 11516 Running under WOW64 13:29:54.0281 11516 Processor architecture: Intel x64 13:29:54.0281 11516 Number of processors: 4 13:29:54.0281 11516 Page size: 0x1000 13:29:54.0281 11516 Boot type: Normal boot 13:29:54.0281 11516 ============================================================ 13:29:56.0549 11516 Initialize success 13:30:04.0438 9968 ============================================================ 13:30:04.0438 9968 Scan started 13:30:04.0438 9968 Mode: Manual; 13:30:04.0438 9968 ============================================================ 13:30:06.0073 9968 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 13:30:06.0076 9968 1394ohci - ok 13:30:06.0424 9968 acedrv07 (6e9c8b324980afe454c6f7762e2b4478) C:\Windows\system32\drivers\acedrv07.sys 13:30:06.0426 9968 acedrv07 - ok 13:30:06.0651 9968 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 13:30:06.0655 9968 ACPI - ok 13:30:06.0892 9968 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 13:30:06.0893 9968 AcpiPmi - ok 13:30:07.0196 9968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 13:30:07.0203 9968 adp94xx - ok 13:30:07.0438 9968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 13:30:07.0447 9968 adpahci - ok 13:30:07.0586 9968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 13:30:07.0592 9968 adpu320 - ok 13:30:07.0805 9968 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys 13:30:07.0811 9968 AFD - ok 13:30:07.0978 9968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 13:30:07.0979 9968 agp440 - ok 13:30:08.0156 9968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 13:30:08.0169 9968 aliide - ok 13:30:08.0323 9968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 13:30:08.0324 9968 amdide - ok 13:30:08.0680 9968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 13:30:08.0682 9968 AmdK8 - ok 13:30:09.0251 9968 amdkmdag (d3e6b2e1394d93fe9db0ba24814b0d8f) C:\Windows\system32\DRIVERS\atipmdag.sys 13:30:09.0622 9968 amdkmdag - ok 13:30:09.0888 9968 amdkmdap (cc4d915d786d3da973b2ea9b95d59a29) C:\Windows\system32\DRIVERS\atikmpag.sys 13:30:09.0891 9968 amdkmdap - ok 13:30:10.0205 9968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 13:30:10.0206 9968 AmdPPM - ok 13:30:10.0493 9968 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 13:30:10.0495 9968 amdsata - ok 13:30:10.0890 9968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 13:30:10.0895 9968 amdsbs - ok 13:30:11.0411 9968 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 13:30:11.0413 9968 amdxata - ok 13:30:11.0824 9968 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS 13:30:11.0826 9968 AmUStor - ok 13:30:12.0336 9968 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 13:30:12.0338 9968 AppID - ok 13:30:12.0673 9968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 13:30:12.0675 9968 arc - ok 13:30:13.0031 9968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 13:30:13.0033 9968 arcsas - ok 13:30:13.0487 9968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 13:30:13.0488 9968 AsyncMac - ok 13:30:13.0939 9968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 13:30:13.0940 9968 atapi - ok 13:30:14.0474 9968 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys 13:30:14.0530 9968 athr - ok 13:30:14.0949 9968 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys 13:30:14.0951 9968 AtiHdmiService - ok 13:30:15.0426 9968 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys 13:30:15.0428 9968 avgntflt - ok 13:30:15.0931 9968 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys 13:30:15.0933 9968 avipbb - ok 13:30:16.0253 9968 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 13:30:16.0254 9968 avkmgr - ok 13:30:16.0819 9968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 13:30:16.0826 9968 b06bdrv - ok 13:30:17.0356 9968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 13:30:17.0359 9968 b57nd60a - ok 13:30:18.0034 9968 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys 13:30:18.0102 9968 BCM43XX - ok 13:30:18.0632 9968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 13:30:18.0633 9968 Beep - ok 13:30:19.0137 9968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 13:30:19.0139 9968 blbdrive - ok 13:30:19.0791 9968 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 13:30:19.0793 9968 bowser - ok 13:30:20.0213 9968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:30:20.0215 9968 BrFiltLo - ok 13:30:20.0569 9968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:30:20.0591 9968 BrFiltUp - ok 13:30:21.0169 9968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 13:30:21.0173 9968 Brserid - ok 13:30:21.0903 9968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 13:30:21.0904 9968 BrSerWdm - ok 13:30:22.0370 9968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:30:22.0372 9968 BrUsbMdm - ok 13:30:22.0981 9968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 13:30:23.0005 9968 BrUsbSer - ok 13:30:23.0504 9968 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 13:30:23.0506 9968 BthEnum - ok 13:30:24.0127 9968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 13:30:24.0130 9968 BTHMODEM - ok 13:30:25.0379 9968 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 13:30:25.0382 9968 BthPan - ok 13:30:26.0407 9968 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys 13:30:26.0454 9968 BTHPORT - ok 13:30:27.0376 9968 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys 13:30:27.0378 9968 BTHUSB - ok 13:30:29.0060 9968 btwampfl (380b798d30c56ede4af58619d0e86ccb) C:\Windows\system32\drivers\btwampfl.sys 13:30:29.0062 9968 btwampfl - ok 13:30:29.0571 9968 btwaudio (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers\btwaudio.sys 13:30:29.0573 9968 btwaudio - ok 13:30:30.0410 9968 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\DRIVERS\btwavdt.sys 13:30:30.0412 9968 btwavdt - ok 13:30:30.0961 9968 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys 13:30:30.0962 9968 btwl2cap - ok 13:30:31.0502 9968 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys 13:30:31.0504 9968 btwrchid - ok 13:30:32.0115 9968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 13:30:32.0117 9968 cdfs - ok 13:30:32.0495 9968 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 13:30:32.0498 9968 cdrom - ok 13:30:33.0381 9968 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys 13:30:33.0383 9968 cfwids - ok 13:30:33.0725 9968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 13:30:33.0726 9968 circlass - ok 13:30:33.0962 9968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 13:30:33.0966 9968 CLFS - ok 13:30:34.0622 9968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 13:30:34.0623 9968 CmBatt - ok 13:30:35.0028 9968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 13:30:35.0030 9968 cmdide - ok 13:30:35.0706 9968 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 13:30:35.0711 9968 CNG - ok 13:30:36.0282 9968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 13:30:36.0283 9968 Compbatt - ok 13:30:36.0794 9968 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 13:30:36.0796 9968 CompositeBus - ok 13:30:37.0432 9968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 13:30:37.0433 9968 crcdisk - ok 13:30:38.0038 9968 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 13:30:38.0040 9968 DfsC - ok 13:30:38.0573 9968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 13:30:38.0575 9968 discache - ok 13:30:39.0242 9968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 13:30:39.0244 9968 Disk - ok 13:30:39.0552 9968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 13:30:39.0554 9968 drmkaud - ok 13:30:40.0560 9968 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys 13:30:40.0604 9968 DXGKrnl - ok 13:30:41.0414 9968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 13:30:41.0691 9968 ebdrv - ok 13:30:42.0225 9968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 13:30:42.0260 9968 elxstor - ok 13:30:42.0757 9968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 13:30:42.0758 9968 ErrDev - ok 13:30:43.0213 9968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 13:30:43.0216 9968 exfat - ok 13:30:43.0483 9968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 13:30:43.0494 9968 fastfat - ok 13:30:44.0160 9968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 13:30:44.0162 9968 fdc - ok 13:30:44.0801 9968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 13:30:44.0803 9968 FileInfo - ok 13:30:45.0212 9968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 13:30:45.0214 9968 Filetrace - ok 13:30:45.0709 9968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 13:30:45.0710 9968 flpydisk - ok 13:30:46.0089 9968 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 13:30:46.0093 9968 FltMgr - ok 13:30:46.0546 9968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 13:30:46.0548 9968 FsDepends - ok 13:30:47.0035 9968 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 13:30:47.0036 9968 Fs_Rec - ok 13:30:47.0652 9968 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 13:30:47.0655 9968 fvevol - ok 13:30:48.0096 9968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 13:30:48.0098 9968 gagp30kx - ok 13:30:48.0710 9968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 13:30:48.0712 9968 GEARAspiWDM - ok 13:30:49.0430 9968 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 13:30:49.0433 9968 hamachi - ok 13:30:49.0998 9968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 13:30:49.0999 9968 hcw85cir - ok 13:30:50.0579 9968 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 13:30:50.0584 9968 HdAudAddService - ok 13:30:51.0059 9968 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 13:30:51.0061 9968 HDAudBus - ok 13:30:51.0603 9968 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 13:30:51.0605 9968 HECIx64 - ok 13:30:51.0799 9968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 13:30:51.0801 9968 HidBatt - ok 13:30:52.0181 9968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 13:30:52.0183 9968 HidBth - ok 13:30:52.0528 9968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 13:30:52.0529 9968 HidIr - ok 13:30:52.0860 9968 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 13:30:52.0861 9968 HidUsb - ok 13:30:53.0387 9968 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 13:30:53.0389 9968 HpSAMD - ok 13:30:54.0123 9968 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 13:30:54.0143 9968 HTTP - ok 13:30:54.0494 9968 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 13:30:54.0495 9968 hwpolicy - ok 13:30:54.0893 9968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 13:30:54.0895 9968 i8042prt - ok 13:30:55.0396 9968 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys 13:30:55.0401 9968 iaStor - ok 13:30:56.0057 9968 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 13:30:56.0088 9968 iaStorV - ok 13:30:56.0380 9968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 13:30:56.0383 9968 iirsp - ok 13:30:56.0910 9968 IntcAzAudAddService (06b774e74f7e2b8ae903a70c45a03d61) C:\Windows\system32\drivers\RTKVHD64.sys 13:30:57.0376 9968 IntcAzAudAddService - ok 13:30:57.0836 9968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 13:30:57.0838 9968 intelide - ok 13:30:58.0813 9968 intelkmd (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdpmd64.sys 13:30:59.0005 9968 intelkmd - ok 13:30:59.0202 9968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 13:30:59.0204 9968 intelppm - ok 13:30:59.0340 9968 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:30:59.0342 9968 IpFilterDriver - ok 13:30:59.0631 9968 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 13:30:59.0633 9968 IPMIDRV - ok 13:31:00.0210 9968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 13:31:00.0212 9968 IPNAT - ok 13:31:00.0704 9968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 13:31:00.0725 9968 IRENUM - ok 13:31:01.0001 9968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 13:31:01.0003 9968 isapnp - ok 13:31:01.0487 9968 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 13:31:01.0491 9968 iScsiPrt - ok 13:31:01.0893 9968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 13:31:01.0894 9968 kbdclass - ok 13:31:02.0236 9968 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 13:31:02.0268 9968 kbdhid - ok 13:31:02.0596 9968 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 13:31:02.0606 9968 KSecDD - ok 13:31:03.0332 9968 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 13:31:03.0335 9968 KSecPkg - ok 13:31:03.0915 9968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 13:31:03.0937 9968 ksthunk - ok 13:31:04.0300 9968 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys 13:31:04.0302 9968 L1C - ok 13:31:04.0652 9968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 13:31:04.0654 9968 lltdio - ok 13:31:05.0148 9968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 13:31:05.0150 9968 LSI_FC - ok 13:31:05.0368 9968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 13:31:05.0370 9968 LSI_SAS - ok 13:31:05.0769 9968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:31:05.0771 9968 LSI_SAS2 - ok 13:31:06.0206 9968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:31:06.0208 9968 LSI_SCSI - ok 13:31:06.0844 9968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 13:31:06.0847 9968 luafv - ok 13:31:07.0455 9968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 13:31:07.0465 9968 megasas - ok 13:31:07.0762 9968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 13:31:07.0766 9968 MegaSR - ok 13:31:08.0070 9968 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys 13:31:08.0073 9968 mfeapfk - ok 13:31:08.0414 9968 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys 13:31:08.0416 9968 mfeavfk - ok 13:31:08.0672 9968 mfeavfk01 - ok 13:31:09.0224 9968 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys 13:31:09.0256 9968 mfefirek - ok 13:31:09.0655 9968 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys 13:31:09.0662 9968 mfehidk - ok 13:31:10.0180 9968 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys 13:31:10.0182 9968 mfenlfk - ok 13:31:10.0440 9968 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys 13:31:10.0442 9968 mferkdet - ok 13:31:10.0822 9968 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys 13:31:10.0877 9968 mfewfpk - ok 13:31:11.0242 9968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 13:31:11.0243 9968 Modem - ok 13:31:11.0674 9968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 13:31:11.0675 9968 monitor - ok 13:31:12.0020 9968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 13:31:12.0022 9968 mouclass - ok 13:31:12.0531 9968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 13:31:12.0533 9968 mouhid - ok 13:31:13.0190 9968 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 13:31:13.0209 9968 mountmgr - ok 13:31:13.0529 9968 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 13:31:13.0531 9968 mpio - ok 13:31:13.0846 9968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 13:31:13.0847 9968 mpsdrv - ok 13:31:14.0232 9968 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 13:31:14.0235 9968 MRxDAV - ok 13:31:14.0595 9968 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:31:14.0598 9968 mrxsmb - ok 13:31:14.0992 9968 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:31:15.0036 9968 mrxsmb10 - ok 13:31:15.0314 9968 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:31:15.0317 9968 mrxsmb20 - ok 13:31:15.0809 9968 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 13:31:15.0810 9968 msahci - ok 13:31:16.0438 9968 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 13:31:16.0460 9968 msdsm - ok 13:31:16.0957 9968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 13:31:16.0960 9968 Msfs - ok 13:31:17.0260 9968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 13:31:17.0261 9968 mshidkmdf - ok 13:31:17.0526 9968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 13:31:17.0528 9968 msisadrv - ok 13:31:17.0942 9968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 13:31:17.0944 9968 MSKSSRV - ok 13:31:18.0331 9968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 13:31:18.0333 9968 MSPCLOCK - ok 13:31:18.0620 9968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 13:31:18.0626 9968 MSPQM - ok 13:31:19.0064 9968 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 13:31:19.0083 9968 MsRPC - ok 13:31:19.0351 9968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 13:31:19.0353 9968 mssmbios - ok 13:31:19.0586 9968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 13:31:19.0587 9968 MSTEE - ok 13:31:19.0876 9968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 13:31:19.0877 9968 MTConfig - ok 13:31:20.0176 9968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 13:31:20.0187 9968 Mup - ok 13:31:20.0491 9968 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 13:31:20.0493 9968 mwlPSDFilter - ok 13:31:20.0939 9968 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 13:31:20.0941 9968 mwlPSDNServ - ok 13:31:21.0267 9968 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 13:31:21.0269 9968 mwlPSDVDisk - ok 13:31:21.0687 9968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 13:31:21.0692 9968 NativeWifiP - ok 13:31:22.0391 9968 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 13:31:22.0402 9968 NDIS - ok 13:31:22.0835 9968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 13:31:22.0837 9968 NdisCap - ok 13:31:23.0141 9968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 13:31:23.0143 9968 NdisTapi - ok 13:31:23.0554 9968 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 13:31:23.0555 9968 Ndisuio - ok 13:31:23.0837 9968 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 13:31:23.0839 9968 NdisWan - ok 13:31:24.0132 9968 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 13:31:24.0133 9968 NDProxy - ok 13:31:24.0466 9968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 13:31:24.0467 9968 NetBIOS - ok 13:31:24.0873 9968 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 13:31:24.0877 9968 NetBT - ok 13:31:25.0139 9968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 13:31:25.0141 9968 nfrd960 - ok 13:31:25.0477 9968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 13:31:25.0480 9968 Npfs - ok 13:31:26.0011 9968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 13:31:26.0012 9968 nsiproxy - ok 13:31:26.0431 9968 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 13:31:26.0449 9968 Ntfs - ok 13:31:26.0814 9968 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 13:31:26.0816 9968 NTIDrvr - ok 13:31:27.0183 9968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 13:31:27.0185 9968 Null - ok 13:31:27.0587 9968 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 13:31:27.0589 9968 nvraid - ok 13:31:27.0885 9968 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 13:31:27.0887 9968 nvstor - ok 13:31:28.0223 9968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 13:31:28.0225 9968 nv_agp - ok 13:31:28.0517 9968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 13:31:28.0518 9968 ohci1394 - ok 13:31:28.0957 9968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 13:31:28.0959 9968 Parport - ok 13:31:29.0293 9968 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 13:31:29.0295 9968 partmgr - ok 13:31:29.0569 9968 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 13:31:29.0572 9968 pci - ok 13:31:29.0829 9968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 13:31:29.0830 9968 pciide - ok 13:31:30.0249 9968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 13:31:30.0284 9968 pcmcia - ok 13:31:30.0779 9968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 13:31:30.0781 9968 pcw - ok 13:31:30.0955 9968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 13:31:30.0963 9968 PEAUTH - ok 13:31:31.0483 9968 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 13:31:31.0485 9968 PptpMiniport - ok 13:31:31.0765 9968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 13:31:31.0766 9968 Processor - ok 13:31:32.0036 9968 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 13:31:32.0038 9968 Psched - ok 13:31:32.0421 9968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 13:31:32.0477 9968 ql2300 - ok 13:31:32.0742 9968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 13:31:32.0745 9968 ql40xx - ok 13:31:33.0115 9968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 13:31:33.0116 9968 QWAVEdrv - ok 13:31:33.0375 9968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 13:31:33.0377 9968 RasAcd - ok 13:31:33.0782 9968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:31:33.0784 9968 RasAgileVpn - ok 13:31:34.0117 9968 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:31:34.0119 9968 Rasl2tp - ok 13:31:34.0502 9968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 13:31:34.0505 9968 RasPppoe - ok 13:31:34.0762 9968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 13:31:34.0767 9968 RasSstp - ok 13:31:35.0189 9968 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 13:31:35.0193 9968 rdbss - ok 13:31:35.0503 9968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 13:31:35.0504 9968 rdpbus - ok 13:31:35.0798 9968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:31:35.0799 9968 RDPCDD - ok 13:31:36.0156 9968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 13:31:36.0158 9968 RDPENCDD - ok 13:31:36.0669 9968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 13:31:36.0671 9968 RDPREFMP - ok 13:31:37.0007 9968 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 13:31:37.0010 9968 RDPWD - ok 13:31:37.0403 9968 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 13:31:37.0421 9968 rdyboost - ok 13:31:37.0834 9968 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 13:31:37.0836 9968 RFCOMM - ok 13:31:38.0148 9968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 13:31:38.0150 9968 rspndr - ok 13:31:38.0529 9968 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 13:31:38.0532 9968 sbp2port - ok 13:31:38.0790 9968 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 13:31:38.0792 9968 scfilter - ok 13:31:39.0148 9968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 13:31:39.0150 9968 secdrv - ok 13:31:39.0524 9968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 13:31:39.0526 9968 Serenum - ok 13:31:40.0138 9968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 13:31:40.0140 9968 Serial - ok 13:31:40.0538 9968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 13:31:40.0540 9968 sermouse - ok 13:31:41.0008 9968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 13:31:41.0010 9968 sffdisk - ok 13:31:41.0232 9968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 13:31:41.0234 9968 sffp_mmc - ok 13:31:41.0580 9968 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 13:31:41.0581 9968 sffp_sd - ok 13:31:41.0751 9968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 13:31:41.0753 9968 sfloppy - ok 13:31:42.0009 9968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:31:42.0019 9968 SiSRaid2 - ok 13:31:42.0243 9968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 13:31:42.0245 9968 SiSRaid4 - ok 13:31:42.0613 9968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 13:31:42.0615 9968 Smb - ok 13:31:42.0976 9968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 13:31:42.0978 9968 spldr - ok 13:31:43.0504 9968 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 13:31:43.0555 9968 srv - ok 13:31:43.0990 9968 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 13:31:44.0169 9968 srv2 - ok 13:31:44.0549 9968 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 13:31:44.0551 9968 srvnet - ok 13:31:44.0817 9968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 13:31:44.0818 9968 stexstor - ok 13:31:45.0100 9968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 13:31:45.0102 9968 swenum - ok 13:31:45.0736 9968 SynTP (ce9b5a79aee330bc7e88c0441e5727bb) C:\Windows\system32\DRIVERS\SynTP.sys 13:31:45.0740 9968 SynTP - ok 13:31:46.0381 9968 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys 13:31:46.0433 9968 Tcpip - ok 13:31:47.0038 9968 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys 13:31:47.0084 9968 TCPIP6 - ok 13:31:47.0343 9968 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 13:31:47.0344 9968 tcpipreg - ok 13:31:47.0604 9968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 13:31:47.0606 9968 TDPIPE - ok 13:31:47.0826 9968 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 13:31:47.0828 9968 TDTCP - ok 13:31:48.0122 9968 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 13:31:48.0125 9968 tdx - ok 13:31:48.0667 9968 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 13:31:48.0669 9968 TermDD - ok 13:31:48.0901 9968 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:31:48.0904 9968 tssecsrv - ok 13:31:49.0204 9968 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 13:31:49.0207 9968 tunnel - ok 13:31:49.0459 9968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 13:31:49.0462 9968 uagp35 - ok 13:31:49.0782 9968 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 13:31:49.0784 9968 UBHelper - ok 13:31:50.0246 9968 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 13:31:50.0251 9968 udfs - ok 13:31:50.0636 9968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 13:31:50.0638 9968 uliagpkx - ok 13:31:50.0905 9968 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 13:31:50.0907 9968 umbus - ok 13:31:51.0204 9968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 13:31:51.0205 9968 UmPass - ok 13:31:51.0493 9968 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 13:31:51.0495 9968 USBAAPL64 - ok 13:31:51.0983 9968 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys 13:31:51.0985 9968 usbccgp - ok 13:31:52.0176 9968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 13:31:52.0178 9968 usbcir - ok 13:31:52.0469 9968 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys 13:31:52.0471 9968 usbehci - ok 13:31:52.0940 9968 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys 13:31:52.0994 9968 usbhub - ok 13:31:53.0295 9968 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys 13:31:53.0297 9968 usbohci - ok 13:31:53.0555 9968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 13:31:53.0557 9968 usbprint - ok 13:31:53.0872 9968 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:31:53.0874 9968 USBSTOR - ok 13:31:54.0222 9968 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys 13:31:54.0224 9968 usbuhci - ok 13:31:54.0627 9968 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 13:31:54.0630 9968 usbvideo - ok 13:31:55.0122 9968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 13:31:55.0124 9968 vdrvroot - ok 13:31:55.0478 9968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 13:31:55.0479 9968 vga - ok 13:31:55.0900 9968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 13:31:55.0902 9968 VgaSave - ok 13:31:56.0262 9968 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 13:31:56.0265 9968 vhdmp - ok 13:31:56.0573 9968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 13:31:56.0580 9968 viaide - ok 13:31:56.0842 9968 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 13:31:56.0844 9968 volmgr - ok 13:31:57.0093 9968 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 13:31:57.0098 9968 volmgrx - ok 13:31:57.0463 9968 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 13:31:57.0468 9968 volsnap - ok 13:31:57.0800 9968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 13:31:57.0803 9968 vsmraid - ok 13:31:58.0135 9968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 13:31:58.0137 9968 vwifibus - ok 13:31:58.0476 9968 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 13:31:58.0489 9968 vwififlt - ok 13:31:58.0812 9968 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 13:31:58.0814 9968 vwifimp - ok 13:31:59.0113 9968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 13:31:59.0114 9968 WacomPen - ok 13:31:59.0542 9968 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 13:31:59.0550 9968 WANARP - ok 13:31:59.0620 9968 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 13:31:59.0621 9968 Wanarpv6 - ok 13:31:59.0979 9968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 13:31:59.0982 9968 Wd - ok 13:32:00.0249 9968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 13:32:00.0257 9968 Wdf01000 - ok 13:32:00.0548 9968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 13:32:00.0549 9968 WfpLwf - ok 13:32:00.0836 9968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 13:32:00.0838 9968 WIMMount - ok 13:32:01.0230 9968 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 13:32:01.0232 9968 WinUsb - ok 13:32:01.0489 9968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 13:32:01.0490 9968 WmiAcpi - ok 13:32:01.0822 9968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 13:32:01.0824 9968 ws2ifsl - ok 13:32:02.0235 9968 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 13:32:02.0237 9968 WudfPf - ok 13:32:02.0465 9968 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:32:02.0469 9968 WUDFRd - ok 13:32:02.0577 9968 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 13:32:02.0604 9968 \Device\Harddisk0\DR0 - ok 13:32:02.0606 9968 Boot (0x1200) (837d64a5a2b8be1889f00de22681a90e) \Device\Harddisk0\DR0\Partition0 13:32:02.0607 9968 \Device\Harddisk0\DR0\Partition0 - ok 13:32:02.0630 9968 Boot (0x1200) (727fdee3706a6154be0c1780182cf823) \Device\Harddisk0\DR0\Partition1 13:32:02.0631 9968 \Device\Harddisk0\DR0\Partition1 - ok 13:32:02.0683 9968 Boot (0x1200) (0b7b7ae9a5e566fad94852efe0cb9e59) \Device\Harddisk0\DR0\Partition2 13:32:02.0685 9968 \Device\Harddisk0\DR0\Partition2 - ok 13:32:02.0685 9968 ============================================================ 13:32:02.0685 9968 Scan finished 13:32:02.0685 9968 ============================================================ 13:32:02.0691 12416 Detected object count: 0 13:32:02.0691 12416 Actual detected object count: 0 |
|
27.11.2011, 18:53
| #10 |
| | Rootkit-Scan (G-MER) Fund! Hi, Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\ProgramData\FullRemove.exe
C:\OEM\Preload\Autorun\APP\Norton Online Backup\OnlineBackupARASetup-Acer.exe
C:\Users\Patrick\AppData\Local\Temp\FUJIFILM\Updater\terminate.exe
Fix für OTL:
 Code:
ATTFilter :OTL
C:\WINDOWS\system32\5035\components\AcroFF0356.dll
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D
MBR noch prüfen... MBR-Rootkit Lade den MBR-Rootkitscanner von GMER auf Deine Bootplatte: http://www2.gmer.net/mbr/mbr.exe Merke Dir das Verzeichnis wo Du ihn runtergeladen hast; Start->Ausführen->cmd Wechsle in das Verzeichnis des Downloads und starte durch Eingabe von mbr das Programm... Achtung! Vista und Win7-User müssen mbr.exe als "Administrator" ausführen. Dazu muss die Console mit Adminrechten ausgestattet sein, am Besten einen Link auf dem Desktop wie folgt erstellen: Rechtsklick auf den Desktop, Neu-Verknüpfung erstellen, Ziel: C:\Windows\System32\cmd.exe Name eingeben, Fertig. Dann Rechtsklick auf die neu erstellte Verknüpfung und "Ausführen als Administrator" auswählen, UAC und wie oben beschrieben in das Verzeichnis wechseln und mbr.exe starten. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
27.11.2011, 19:27
| #11 |
| | Rootkit-Scan (G-MER) Fund! Paar fragen :s also: versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!) hab ich gemacht, aber bei Virustotal, meinst du den search-button? weil wenn ich da das reinkopiert hab, kamen nur irgendwelche beiträge oder sowas... Dann das mit OTL: Soll ich den Ordner erstellen, denn so einen Ordner gibt es bei mir nicht-.- Und dann das mit GMER: Wie gesagt ich bin unerfahren: Was ist die Bootplatte? Nochmal danke für die viele Geduld mit mir  |
|
28.11.2011, 07:52
| #12 |
| | Rootkit-Scan (G-MER) Fund! Hi, bei virustotal entweder über den Button "suchen" zu den Files (eines nach dem anderen) navigieren, hochladen und prüfen lassen, oder den kompletten Filename (z. B. C:\ProgramData\FullRemove.exe) mit Pfad in das Eingeabefeld kopieren... OTL: Du meinst diesen Pfad: %systemroot%\_OTL. Den legt OTL automatisch an, %systemroot% wird automatisch aufgelöst zu C:\windows oder wo Du sonst Dein Windowssystem installiert hast. BootPlatte: FEstplatte wo das Betriebssystem liegt (Windows) und dessen MBR (MasterBootBlock) zum (Nach-)Laden des Betriebssystem verwendet wird... Dürfte C: sein... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
28.11.2011, 15:14
| #13 |
| | Rootkit-Scan (G-MER) Fund! nr.1: 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: FullRemove.exe Submission date: 2011-11-28 13:36:12 (UTC) Current status: finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.11.27.00 2011.11.27 - AntiVir 7.11.18.87 2011.11.28 - Antiy-AVL 2.0.3.7 2011.11.28 - Avast 6.0.1289.0 2011.11.28 - AVG 10.0.0.1190 2011.11.28 - BitDefender 7.2 2011.11.28 - ByteHero 1.0.0.1 2011.11.14 - CAT-QuickHeal 12.00 2011.11.28 - ClamAV 0.97.3.0 2011.11.28 - Commtouch 5.3.2.6 2011.11.28 - Comodo 10791 2011.11.27 - DrWeb 5.0.2.03300 2011.11.28 - Emsisoft 5.1.0.11 2011.11.28 - eSafe 7.0.17.0 2011.11.27 - eTrust-Vet 37.0.9590 2011.11.28 - F-Prot 4.6.5.141 2011.11.27 - F-Secure 9.0.16440.0 2011.11.28 - Fortinet 4.3.370.0 2011.11.27 - GData 22.289/22.535 2011.11.28 - Ikarus T3.1.1.109.0 2011.11.28 - Jiangmin 13.0.900 2011.11.27 - K7AntiVirus 9.119.5542 2011.11.25 - Kaspersky 9.0.0.837 2011.11.28 - McAfee 5.400.0.1158 2011.11.28 - McAfee-GW-Edition 2010.1D 2011.11.28 - Microsoft 1.7801 2011.11.28 - NOD32 6666 2011.11.28 - Norman 6.07.13 2011.11.28 - nProtect 2011-11-28.02 2011.11.28 - Panda 10.0.3.5 2011.11.27 - PCTools 8.0.0.5 2011.11.28 - Prevx 3.0 2011.11.28 - Rising 23.86.00.01 2011.11.28 - Sophos 4.71.0 2011.11.28 - SUPERAntiSpyware 4.40.0.1006 2011.11.26 - Symantec 20111.2.0.82 2011.11.28 - TheHacker 6.7.0.1.350 2011.11.27 - TrendMicro 9.500.0.1008 2011.11.28 - TrendMicro-HouseCall 9.500.0.1008 2011.11.28 - VBA32 3.12.16.4 2011.11.28 - VIPRE 11169 2011.11.28 - ViRobot 2011.11.28.4797 2011.11.28 - VirusBuster 14.1.88.0 2011.11.28 - Additional informationShow all MD5 : 6acbd475647d7a160657cb3e460f0f35 SHA1 : 9cb602e7fe4ccbbc30bd8aa242ed6082f06f13e4 SHA256: 0491aeac13250fc36ecc8d875884665143c194a89c5f6a42001034bc068cec28 nr.2: 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: OnlineBackupARASetup-Acer.exe Submission date: 2011-11-28 13:49:42 (UTC) Current status: finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.11.27.00 2011.11.27 - AntiVir 7.11.18.87 2011.11.28 - Antiy-AVL 2.0.3.7 2011.11.28 - Avast 6.0.1289.0 2011.11.28 - AVG 10.0.0.1190 2011.11.28 - BitDefender 7.2 2011.11.28 - ByteHero 1.0.0.1 2011.11.14 - CAT-QuickHeal 12.00 2011.11.28 - ClamAV 0.97.3.0 2011.11.28 - Commtouch 5.3.2.6 2011.11.28 - Comodo 10791 2011.11.27 - DrWeb 5.0.2.03300 2011.11.28 - Emsisoft 5.1.0.11 2011.11.28 - eSafe 7.0.17.0 2011.11.27 - eTrust-Vet 37.0.9590 2011.11.28 - F-Prot 4.6.5.141 2011.11.27 - F-Secure 9.0.16440.0 2011.11.28 - Fortinet 4.3.370.0 2011.11.27 - GData 22 2011.11.28 - Ikarus T3.1.1.109.0 2011.11.28 - Jiangmin 13.0.900 2011.11.27 - K7AntiVirus 9.119.5542 2011.11.25 - Kaspersky 9.0.0.837 2011.11.28 - McAfee 5.400.0.1158 2011.11.28 - McAfee-GW-Edition 2010.1D 2011.11.28 - Microsoft 1.7801 2011.11.28 - NOD32 6666 2011.11.28 - Norman 6.07.13 2011.11.28 - nProtect 2011-11-28.02 2011.11.28 - Panda 10.0.3.5 2011.11.27 - PCTools 8.0.0.5 2011.11.28 - Prevx 3.0 2011.11.28 - Rising 23.86.00.01 2011.11.28 - Sophos 4.71.0 2011.11.28 - SUPERAntiSpyware 4.40.0.1006 2011.11.26 - Symantec 20111.2.0.82 2011.11.28 - TheHacker 6.7.0.1.350 2011.11.27 - TrendMicro 9.500.0.1008 2011.11.28 - TrendMicro-HouseCall 9.500.0.1008 2011.11.28 - VBA32 3.12.16.4 2011.11.28 - VIPRE 11169 2011.11.28 - ViRobot 2011.11.28.4797 2011.11.28 - VirusBuster 14.1.88.0 2011.11.28 - Additional informationShow all MD5 : 281bf795ce5570d5404a718b9ae05794 SHA1 : 0e2e57f472947890296a94d904ba826294fe7387 SHA256: 36a9c78a4286a490ab898294d84a3295d53c42b0f7fc10360964ab64357cbcf0 und nr.3: 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: terminate.exe Submission date: 2011-11-28 13:58:29 (UTC) Current status: finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.11.27.00 2011.11.27 - AntiVir 7.11.18.87 2011.11.28 - Antiy-AVL 2.0.3.7 2011.11.28 - Avast 6.0.1289.0 2011.11.28 - AVG 10.0.0.1190 2011.11.28 - BitDefender 7.2 2011.11.28 - ByteHero 1.0.0.1 2011.11.14 - CAT-QuickHeal 12.00 2011.11.28 - ClamAV 0.97.3.0 2011.11.28 - Commtouch 5.3.2.6 2011.11.28 - Comodo 10780 None.. - DrWeb 5.0.2.03300 2011.11.28 - Emsisoft 5.1.0.11 2011.11.28 - eSafe 7.0.17.0 2011.11.27 - eTrust-Vet 37.0.9590 2011.11.28 - F-Prot 4.6.5.141 2011.11.27 - F-Secure 9.0.16440.0 2011.11.28 - Fortinet 4.3.370.0 2011.11.27 - GData 22 2011.11.28 - Ikarus T3.1.1.109.0 2011.11.28 - Jiangmin 13.0.900 2011.11.27 - K7AntiVirus 9.119.5542 2011.11.25 - Kaspersky 9.0.0.837 2011.11.28 - McAfee 5.400.0.1158 2011.11.28 - McAfee-GW-Edition 2010.1D 2011.11.28 - Microsoft 1.7801 2011.11.28 - NOD32 6666 2011.11.28 - Norman 6.07.13 2011.11.28 - nProtect 2011-11-28.02 2011.11.28 - Panda 10.0.3.5 2011.11.27 - PCTools 8.0.0.5 2011.11.28 - Prevx 3.0 2011.11.28 - Rising 23.86.00.01 2011.11.28 - Sophos 4.71.0 2011.11.28 - SUPERAntiSpyware 4.40.0.1006 2011.11.26 - Symantec 20111.2.0.82 2011.11.28 - TheHacker 6.7.0.1.350 2011.11.27 - TrendMicro 9.500.0.1008 2011.11.28 - TrendMicro-HouseCall 9.500.0.1008 2011.11.28 - VBA32 3.12.16.4 2011.11.28 - VIPRE 11169 2011.11.28 - ViRobot 2011.11.28.4797 2011.11.28 - VirusBuster 14.1.88.0 2011.11.28 - Additional informationShow all MD5 : 6f23b2f9714b23498278876d45d1bfab SHA1 : 226322f928538017cb3e7eb1a13447c265e9ba00 SHA256: 13c4423a5856796eaefeadb060a46988b37eea7736aa0c807d7054d0474cb117 okay, alles andere was du gesagt hast, habe ich gemacht (geht bei OTL als textdatei word, oder soll ich editor nehmen, hab jz mal word genommen..) Die mbr.exe hat sich von selbst dann wieder geschlossen, hoffe ich hab alles richtig gemacht. lg |
|
29.11.2011, 07:24
| #14 |
| | Rootkit-Scan (G-MER) Fund! Hi, texteditor genügt... In dem Verzeichnis wo mbr.exe liegt findest Du das Log, poste es im Thread; chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
29.11.2011, 16:37
| #15 |
| | Rootkit-Scan (G-MER) Fund! okay, habs zum textdokument gemacht und das ist der mbr-log: Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net Windows 6.1.7600 device: opened successfully user: error reading MBR error: Read Das Handle ist ungültig. kernel: error reading MBR LG |
|
| Themen zu Rootkit-Scan (G-MER) Fund! |
| active, beitrag, controlset002, einfach, erfahrung, fund, funde, not, registry, scan, services, system, teste, testen |
Linear-Darstellung
