| |
| |||||||
Log-Analyse und Auswertung: Trojan.FakeAlertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.12.2011, 20:05
| #1 |
 |  Trojan.FakeAlert Hallo Leute, Ich hab seit letzter Woche ca. 1-4 mal Täglich seltsame "Warntöne". Auf Youtube habe ich nichts gefunden, was so klingt, man kann sich das aber wie ein Normaler eintöniger Ton vorstellen. Etwa so: pööp,pööp,pööp,pööp,pause,pause,pööp. Dannach ist wieder Ruhe. Ich kann meinen Computer normal benutzen, also scheinbar keine Scareware, oder nur Funscareware. Ich hab mal Malwarebytes durchscannen lassen, das hat im Gegensatz zu Gdata auch etwas gefunden: trojan.fakealert (klingt irgendwie naheliegend  )Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12/21/2011 8:03:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
7.98 Gb Total Physical Memory | 5.31 Gb Available Physical Memory | 66.52% Memory free
15.96 Gb Paging File | 13.07 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.26 Gb Total Space | 442.73 Gb Free Space | 48.06% Space Free | Partition Type: NTFS
Drive E: | 3.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: ERIC-HARDCOREPC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4970B06C-7708-4AAB-9341-3FD1D9B1AA34}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{818B5BB8-26AB-4FD7-A793-220EE0C158C3}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91C4D79C-3579-48E8-ADFA-8818042AEB73}" = Logitech G930
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B0B2F7-1853-464D-B520-CA08F9CA8002}" = Smart Technology Programming Software 7.0.0.26
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"EPSON SX420W Series" = Druckerdeinstallation für EPSON SX420W Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galaktische Abenteuer
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8985AE5E-622A-4980-8BF8-0A1830643220}" = Windows Live Mesh ActiveX kontrola za daljinske veze
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{902585EB-8FA3-43A5-AD1C-5C9821A77114}" = Messenger Pratilac
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{94FA9FA6-5294-494D-A8F1-1E654CBB5736}" = Epson Easy Photo Print 2
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{C011E1C5-86F7-4EEB-B7E6-0C367CED97B2}" = Windows Live UX Platform Language Pack
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F686C148-CBAE-483D-92CE-B4D6913BDD77}" = LevelR
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"APB Reloaded" = APB Reloaded
"Battlelog Web Plugins" = Battlelog Web Plugins
"Black Prophecy_is1" = Black Prophecy
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Galactic Civilizations II - Ultimate Edition" = Galactic Civilizations II - Ultimate Edition
"GamersFirst LIVE!" = GamersFirst LIVE!
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HydraIRC" = HydraIRC
"Impulse" = Impulse
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Sins of a Solar Empire" = Sins of a Solar Empire
"Star Assault" = Star Assault
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 105400" = Fable III
"Steam App 105600" = Terraria
"Steam App 10680" = Aliens vs. Predator
"Steam App 107200" = Space Pirates and Zombies
"Steam App 109700" = Achron
"Steam App 12100" = Grand Theft Auto III
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12170" = Grand Theft Auto
"Steam App 12180" = Grand Theft Auto 2
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 12800" = FUEL
"Steam App 15560" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome
"Steam App 201290" = Sins of a Solar Empire: Trinity
"Steam App 201310" = X3: Albion Prelude
"Steam App 21970" = R.U.S.E
"Steam App 240" = Counter-Strike: Source
"Steam App 24010" = Train Simulator 2012
"Steam App 38830" = Crimecraft: BLEEDOUT
"Steam App 40100" = Supreme Commander 2
"Steam App 40400" = AI War: Fleet Command
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 46330" = Space Rangers 2: Reboot
"Steam App 47890" = The Sims(TM) 3
"Steam App 48240" = Anno 2070
"Steam App 49600" = Beat Hazard
"Steam App 58520" = Blood Bowl: Legendary Edition
"Steam App 58540" = Divinity II - The Dragon Knight Saga
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 70900" = Star Ruler
"Steam App 72200" = Universe Sandbox
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8500" = EVE Online: Incursion
"Steam App 91100" = SkyDrift
"Steam App 9200" = RAGE
"Steam App 9350" = Supreme Commander
"Steam App 9420" = Supreme Commander: Forged Alliance
"Steam App 97000" = Solar 2
"Steam App 9930" = Test Drive Unlimited 2
"Steam App 99890" = Darkspore
"Steam App 99900" = Spiral Knights
"TeamViewer 6" = TeamViewer 6
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"X3TerranConflict_is1" = X3 Terran Conflict v3.1
"X-Universe Plugin Manager" = X-Universe Plugin Manager V1.30 by Cycrow
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
[/code] OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 12/21/2011 8:03:51 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eric\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 7.98 Gb Total Physical Memory | 5.31 Gb Available Physical Memory | 66.52% Memory free 15.96 Gb Paging File | 13.07 Gb Available in Paging File | 81.91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921.26 Gb Total Space | 442.73 Gb Free Space | 48.06% Space Free | Partition Type: NTFS Drive E: | 3.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ERIC-HARDCOREPC | User Name: Eric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/12/21 08:01:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe PRC - [2011/11/22 17:23:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011/11/09 19:18:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/08/04 13:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/06/01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011/03/23 10:42:52 | 001,516,888 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G930\G930.exe PRC - [2010/08/27 06:40:00 | 001,178,184 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2010/08/26 11:25:36 | 000,996,936 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2010/08/26 11:25:16 | 001,538,120 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2010/08/25 22:51:44 | 000,340,552 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2010/03/31 15:06:48 | 000,410,696 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe ========== Modules (No Company Name) ========== MOD - [2011/12/01 18:47:23 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011/11/09 19:18:48 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011/12/08 12:03:53 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/11/22 17:23:20 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/08/04 13:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011/06/06 17:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/06/01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010/08/27 06:40:00 | 001,178,184 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2010/08/25 23:29:36 | 001,865,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2010/08/25 22:51:44 | 000,340,552 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2010/03/31 15:06:48 | 000,410,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [1937/11/25 12:15:26 | 001,718,608 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/07/08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/06/11 18:46:31 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/06/09 06:42:54 | 000,057,288 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2011/06/08 21:08:22 | 000,049,096 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2011/06/08 21:08:21 | 000,085,960 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2011/06/08 21:08:21 | 000,040,392 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2011/06/08 13:59:27 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2011/03/18 16:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly) DRV:64bit: - [2011/03/18 13:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010/12/28 20:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/12/09 02:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2010/12/09 02:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010/11/22 08:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010/11/22 08:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010/09/23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/04/22 08:22:52 | 000,049,928 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2010/04/22 08:22:52 | 000,022,664 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2010/04/22 08:22:48 | 000,171,016 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CCB.sys -- (SaiK0CCB) DRV:64bit: - [2010/04/22 08:22:48 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB) DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008/09/12 09:31:16 | 000,131,584 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0836.sys -- (SaiK0836) DRV:64bit: - [2008/01/21 08:20:50 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728) DRV - [2011/12/20 15:59:10 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E B8 CF B2 DC 25 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://eve-radio.com/" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 19:18:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/23 19:07:16 | 000,000,000 | ---D | M] [2011/06/08 14:14:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\Extensions [2011/11/09 19:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/10/23 19:07:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011/11/09 19:18:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/10/01 16:53:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/01 16:53:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/01 16:53:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/10/01 16:53:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/01 16:53:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/01 16:53:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech(c)) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SAB7B.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [ImpulseFastStart] C:\Program Files (x86)\Stardock\Impulse\Impulse.exe (Stardock Corporation) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B274ECC4-ECD1-49E8-A252-FDA9CE09D105}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/09/25 12:55:58 | 000,483,987 | R--- | M] () - E:\autorun.aru -- [ CDFS ] O32 - AutoRun File - [2009/09/25 09:55:12 | 002,785,792 | R--- | M] (Kalypso Media GmbH ) - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006/10/17 15:42:58 | 000,009,662 | R--- | M] () - E:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2009/09/25 13:46:41 | 000,000,063 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{07be4184-fdaf-11e0-8159-f46d0403e363}\Shell - "" = AutoRun O33 - MountPoints2\{07be4184-fdaf-11e0-8159-f46d0403e363}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{458e7f11-9439-11e0-b4ae-f46d0403e363}\Shell - "" = AutoRun O33 - MountPoints2\{458e7f11-9439-11e0-b4ae-f46d0403e363}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009/09/25 09:55:12 | 002,785,792 | R--- | M] (Kalypso Media GmbH ) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/12/21 08:01:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2011/12/20 23:52:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes [2011/12/20 23:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/20 23:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/12/20 23:52:43 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/12/20 23:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/12/14 23:59:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\eve calc [2011/12/08 19:57:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Sunken Island Adventure [2011/11/29 19:10:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Divinity 2 [2011/11/29 19:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2 [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/21 08:01:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2011/12/21 08:01:19 | 000,000,168 | ---- | M] () -- C:\Users\Eric\defogger_reenable [2011/12/21 04:11:10 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/21 04:11:10 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/20 23:52:47 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/20 19:59:15 | 000,001,434 | ---- | M] () -- C:\Users\Eric\Desktop\.minecraft - Verknüpfung.lnk [2011/12/20 15:59:10 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys [2011/12/19 13:13:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/19 13:13:01 | 2132,860,927 | -HS- | M] () -- C:\hiberfil.sys [2011/12/18 15:55:40 | 000,140,120 | ---- | M] () -- C:\Users\Eric\Desktop\CheatCollectionPackageAP-V1.61-17.12.2011.spk [2011/12/16 03:20:19 | 000,311,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/12/13 17:02:43 | 002,429,675 | ---- | M] () -- C:\Users\Eric\Desktop\tmp.jar [2011/12/13 16:59:32 | 000,333,065 | ---- | M] () -- C:\Users\Eric\Desktop\minecraftforge-client-1.2.1.zip [2011/12/13 16:58:56 | 000,024,636 | ---- | M] () -- C:\Users\Eric\Desktop\ModLoaderMp 1.0.0.zip [2011/12/13 16:56:33 | 000,000,910 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-2.2.8.pack [2011/12/13 16:56:16 | 000,010,491 | ---- | M] () -- C:\Users\Eric\Desktop\mod_pack_installer.jar [2011/12/13 16:45:19 | 000,082,514 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-client-B-energy-2.2.8.zip [2011/12/13 16:45:00 | 000,077,444 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-client-B-builders-2.2.8.zip [2011/12/13 16:44:45 | 000,088,280 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-client-B-factory-2.2.8.zip [2011/12/13 16:44:29 | 000,124,362 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-client-B-transport-2.2.8.zip [2011/12/13 16:43:53 | 000,131,890 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-client-A-core-2.2.8.zip [2011/12/12 21:17:56 | 000,496,388 | ---- | M] () -- C:\Users\Eric\Desktop\forestry-client-A-1.2.2.2.jar [2011/12/11 17:13:15 | 004,393,710 | ---- | M] () -- C:\Users\Eric\Desktop\Minecraft-Industrial_Craft_1.8.1(1).tar.gz [2011/12/10 23:48:10 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011/12/10 23:48:10 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/12/09 19:30:22 | 000,088,347 | ---- | M] () -- C:\Users\Eric\Desktop\ModLoader.zip [2011/12/08 22:48:04 | 001,662,595 | ---- | M] () -- C:\Users\Eric\Desktop\minlol.png [2011/12/08 19:52:36 | 003,113,853 | ---- | M] () -- C:\Users\Eric\Desktop\Sunken Island Adventure.zip [2011/12/08 19:26:27 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011/12/08 12:12:33 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2011/12/08 12:12:32 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2011/12/07 22:27:42 | 072,367,104 | ---- | M] () -- C:\Users\Eric\Desktop\pvpoverview.avi [2011/12/05 17:21:34 | 005,919,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/12/05 17:21:34 | 000,735,258 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2011/12/05 17:21:34 | 000,735,102 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2011/12/05 17:21:34 | 000,729,794 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2011/12/05 17:21:34 | 000,718,794 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2011/12/05 17:21:34 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/12/05 17:21:34 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/12/05 17:21:34 | 000,646,556 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat [2011/12/05 17:21:34 | 000,157,212 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2011/12/05 17:21:34 | 000,151,776 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2011/12/05 17:21:34 | 000,148,180 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2011/12/05 17:21:34 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/12/05 17:21:34 | 000,145,676 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2011/12/05 17:21:34 | 000,138,766 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat [2011/12/05 17:21:34 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/12/04 09:29:54 | 010,385,021 | ---- | M] () -- C:\Users\Eric\Desktop\Pendulum - Propane Nightmares (Official Video + Lyrics).mp3 [2011/11/22 17:23:58 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2011/11/22 17:23:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/21 08:01:19 | 000,000,168 | ---- | C] () -- C:\Users\Eric\defogger_reenable [2011/12/20 23:52:47 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/20 19:59:15 | 000,001,434 | ---- | C] () -- C:\Users\Eric\Desktop\.minecraft - Verknüpfung.lnk [2011/12/18 15:55:39 | 000,140,120 | ---- | C] () -- C:\Users\Eric\Desktop\CheatCollectionPackageAP-V1.61-17.12.2011.spk [2011/12/13 17:30:13 | 000,496,388 | ---- | C] () -- C:\Users\Eric\Desktop\forestry-client-A-1.2.2.2.jar [2011/12/13 16:59:31 | 000,333,065 | ---- | C] () -- C:\Users\Eric\Desktop\minecraftforge-client-1.2.1.zip [2011/12/13 16:58:55 | 000,024,636 | ---- | C] () -- C:\Users\Eric\Desktop\ModLoaderMp 1.0.0.zip [2011/12/13 16:56:32 | 000,000,910 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-2.2.8.pack [2011/12/13 16:56:16 | 000,010,491 | ---- | C] () -- C:\Users\Eric\Desktop\mod_pack_installer.jar [2011/12/13 16:45:18 | 000,082,514 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-client-B-energy-2.2.8.zip [2011/12/13 16:44:59 | 000,077,444 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-client-B-builders-2.2.8.zip [2011/12/13 16:44:45 | 000,088,280 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-client-B-factory-2.2.8.zip [2011/12/13 16:44:28 | 000,124,362 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-client-B-transport-2.2.8.zip [2011/12/13 16:43:52 | 000,131,890 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-client-A-core-2.2.8.zip [2011/12/11 17:13:12 | 004,393,710 | ---- | C] () -- C:\Users\Eric\Desktop\Minecraft-Industrial_Craft_1.8.1(1).tar.gz [2011/12/09 19:30:22 | 000,088,347 | ---- | C] () -- C:\Users\Eric\Desktop\ModLoader.zip [2011/12/08 22:48:04 | 001,662,595 | ---- | C] () -- C:\Users\Eric\Desktop\minlol.png [2011/12/08 19:52:29 | 003,113,853 | ---- | C] () -- C:\Users\Eric\Desktop\Sunken Island Adventure.zip [2011/12/07 22:27:04 | 072,367,104 | ---- | C] () -- C:\Users\Eric\Desktop\pvpoverview.avi [2011/12/04 09:29:50 | 010,385,021 | ---- | C] () -- C:\Users\Eric\Desktop\Pendulum - Propane Nightmares (Official Video + Lyrics).mp3 [2011/10/23 20:42:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011/10/23 12:20:51 | 000,161,058 | ---- | C] () -- C:\Windows\Star Assault Uninstaller.exe [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011/09/11 00:41:49 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011/08/31 19:37:14 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/08/31 19:37:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/06/13 18:02:20 | 005,807,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/03/30 21:45:42 | 000,036,347 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011/03/30 21:45:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/03/30 21:45:10 | 000,024,769 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011/03/30 18:07:10 | 001,031,168 | ---- | C] () -- C:\Windows\SysWow64\spk.dll [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011/12/21 00:09:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\.minecraft [2011/11/07 17:18:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\.minecraft - Kopie [2011/11/18 22:53:54 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Beat Hazard [2011/06/11 19:17:04 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite [2011/08/20 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DarksporeData [2011/07/19 23:19:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FUEL [2011/10/30 15:23:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GetRightToGo [2011/06/09 21:25:06 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech [2011/10/09 12:37:02 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Lionhead Studios [2011/07/25 14:37:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LolClient [2011/08/17 19:16:57 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MinMaxGames [2011/08/22 14:40:25 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MoreTerra [2011/12/08 12:03:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Mumble [2011/08/22 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SPORE [2011/10/17 18:12:08 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Stardock [2011/07/08 18:53:06 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\System [2011/07/20 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TeamViewer [2011/11/20 23:02:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TS3Client [2011/11/20 03:23:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ubisoft [2011/07/09 19:43:47 | 000,000,000 | -HSD | M] -- C:\Users\Eric\AppData\Roaming\wyUpdate AU [2011/09/01 18:12:11 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/06/08 13:15:21 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011/06/21 18:39:52 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32 [2011/03/30 22:34:54 | 000,000,000 | -HSD | M] -- C:\Boot [2011/09/17 23:10:32 | 000,000,000 | ---D | M] -- C:\cache [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011/08/02 22:23:19 | 000,000,000 | ---D | M] -- C:\Fraps [2011/09/17 23:10:56 | 000,000,000 | ---D | M] -- C:\Images [2011/03/30 21:45:47 | 000,000,000 | ---D | M] -- C:\Intel [2011/09/13 19:29:33 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011/03/30 21:58:53 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011/07/11 21:50:40 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment [2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/11/01 11:34:38 | 000,000,000 | R--D | M] -- C:\Program Files [2011/12/20 23:52:43 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011/12/20 23:52:47 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/06/08 13:13:55 | 000,000,000 | -HSD | M] -- C:\Recovery [2011/07/25 14:24:51 | 000,000,000 | ---D | M] -- C:\Riot Games [2011/12/21 08:06:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/11/03 23:01:26 | 000,000,000 | R--D | M] -- C:\Users [2011/12/19 13:12:59 | 000,000,000 | ---D | M] -- C:\Windows [2011/09/17 23:11:09 | 000,000,000 | ---D | M] -- C:\Zoom5 < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2010/11/21 04:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011/04/25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys < MD5 for: EXPLORER.EXE > [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: REGEDIT.EXE > [2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > [/code] Malwarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8406
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
21.12.2011 07:59:44
mbam-log-2011-12-21 (07-59-38).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 700224
Laufzeit: 2 Stunde(n), 44 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Geändert von Eric42 (21.12.2011 um 20:10 Uhr) |
|
21.12.2011, 21:40
| #2 |
| /// Selecta Jahrusso   | Trojan.FakeAlert Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Bitte poste in deiner nächsten Antwort TDSSKiller Log aswMBR.txt
__________________ |
|
21.12.2011, 22:05
| #3 |
| | Trojan.FakeAlertCode:
ATTFilter 21:58:50.0949 3860 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:58:51.0047 3860 ============================================================
21:58:51.0047 3860 Current date / time: 2011/12/21 21:58:51.0047
21:58:51.0047 3860 SystemInfo:
21:58:51.0047 3860
21:58:51.0047 3860 OS Version: 6.1.7601 ServicePack: 1.0
21:58:51.0047 3860 Product type: Workstation
21:58:51.0047 3860 ComputerName: ERIC-HARDCOREPC
21:58:51.0047 3860 UserName: Eric
21:58:51.0047 3860 Windows directory: C:\Windows
21:58:51.0047 3860 System windows directory: C:\Windows
21:58:51.0047 3860 Running under WOW64
21:58:51.0047 3860 Processor architecture: Intel x64
21:58:51.0047 3860 Number of processors: 8
21:58:51.0047 3860 Page size: 0x1000
21:58:51.0047 3860 Boot type: Normal boot
21:58:51.0047 3860 ============================================================
21:58:51.0791 3860 Initialize success
21:58:53.0389 4776 ============================================================
21:58:53.0389 4776 Scan started
21:58:53.0389 4776 Mode: Manual;
21:58:53.0389 4776 ============================================================
21:58:54.0392 4776 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:58:54.0396 4776 1394ohci - ok
21:58:54.0439 4776 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:58:54.0443 4776 ACPI - ok
21:58:54.0453 4776 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:58:54.0454 4776 AcpiPmi - ok
21:58:54.0490 4776 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:58:54.0494 4776 adp94xx - ok
21:58:54.0525 4776 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:58:54.0529 4776 adpahci - ok
21:58:54.0550 4776 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:58:54.0552 4776 adpu320 - ok
21:58:54.0608 4776 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:58:54.0614 4776 AFD - ok
21:58:54.0648 4776 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:58:54.0651 4776 agp440 - ok
21:58:54.0681 4776 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:58:54.0682 4776 aliide - ok
21:58:54.0693 4776 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:58:54.0695 4776 amdide - ok
21:58:54.0705 4776 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:58:54.0707 4776 AmdK8 - ok
21:58:54.0719 4776 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:58:54.0720 4776 AmdPPM - ok
21:58:54.0752 4776 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:58:54.0754 4776 amdsata - ok
21:58:54.0776 4776 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:58:54.0779 4776 amdsbs - ok
21:58:54.0789 4776 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:58:54.0790 4776 amdxata - ok
21:58:54.0813 4776 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:58:54.0815 4776 AppID - ok
21:58:54.0831 4776 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:58:54.0833 4776 arc - ok
21:58:54.0850 4776 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:58:54.0852 4776 arcsas - ok
21:58:54.0879 4776 asmthub3 (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\drivers\asmthub3.sys
21:58:54.0882 4776 asmthub3 - ok
21:58:54.0912 4776 asmtxhci (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\drivers\asmtxhci.sys
21:58:54.0916 4776 asmtxhci - ok
21:58:54.0944 4776 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:58:54.0945 4776 AsyncMac - ok
21:58:54.0952 4776 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:58:54.0953 4776 atapi - ok
21:58:54.0999 4776 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:58:55.0003 4776 b06bdrv - ok
21:58:55.0022 4776 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:58:55.0025 4776 b57nd60a - ok
21:58:55.0046 4776 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:58:55.0047 4776 Beep - ok
21:58:55.0073 4776 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:58:55.0075 4776 blbdrive - ok
21:58:55.0100 4776 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:58:55.0101 4776 bowser - ok
21:58:55.0123 4776 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:58:55.0125 4776 BrFiltLo - ok
21:58:55.0149 4776 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:58:55.0151 4776 BrFiltUp - ok
21:58:55.0174 4776 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:58:55.0179 4776 Brserid - ok
21:58:55.0202 4776 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:58:55.0204 4776 BrSerWdm - ok
21:58:55.0222 4776 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:58:55.0224 4776 BrUsbMdm - ok
21:58:55.0235 4776 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:58:55.0237 4776 BrUsbSer - ok
21:58:55.0255 4776 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:58:55.0257 4776 BTHMODEM - ok
21:58:55.0279 4776 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:58:55.0281 4776 cdfs - ok
21:58:55.0294 4776 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:58:55.0298 4776 cdrom - ok
21:58:55.0317 4776 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:58:55.0320 4776 circlass - ok
21:58:55.0346 4776 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:58:55.0350 4776 CLFS - ok
21:58:55.0368 4776 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:58:55.0370 4776 CmBatt - ok
21:58:55.0382 4776 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:58:55.0385 4776 cmdide - ok
21:58:55.0412 4776 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:58:55.0417 4776 CNG - ok
21:58:55.0465 4776 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:58:55.0468 4776 Compbatt - ok
21:58:55.0475 4776 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:58:55.0477 4776 CompositeBus - ok
21:58:55.0492 4776 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:58:55.0493 4776 crcdisk - ok
21:58:55.0526 4776 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:58:55.0531 4776 CSC - ok
21:58:55.0563 4776 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:58:55.0565 4776 DfsC - ok
21:58:55.0584 4776 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:58:55.0585 4776 discache - ok
21:58:55.0596 4776 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:58:55.0597 4776 Disk - ok
21:58:55.0626 4776 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
21:58:55.0629 4776 dmvsc - ok
21:58:55.0667 4776 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:58:55.0669 4776 drmkaud - ok
21:58:55.0699 4776 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:58:55.0703 4776 dtsoftbus01 - ok
21:58:55.0878 4776 dump_wmimmc - ok
21:58:55.0908 4776 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:58:55.0920 4776 DXGKrnl - ok
21:58:55.0985 4776 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:58:56.0038 4776 ebdrv - ok
21:58:56.0087 4776 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:58:56.0089 4776 ElbyCDIO - ok
21:58:56.0115 4776 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:58:56.0122 4776 elxstor - ok
21:58:56.0134 4776 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:58:56.0136 4776 ErrDev - ok
21:58:56.0163 4776 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:58:56.0166 4776 exfat - ok
21:58:56.0184 4776 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:58:56.0187 4776 fastfat - ok
21:58:56.0207 4776 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:58:56.0209 4776 fdc - ok
21:58:56.0230 4776 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:58:56.0232 4776 FileInfo - ok
21:58:56.0246 4776 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:58:56.0248 4776 Filetrace - ok
21:58:56.0267 4776 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:58:56.0268 4776 flpydisk - ok
21:58:56.0277 4776 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:58:56.0280 4776 FltMgr - ok
21:58:56.0298 4776 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:58:56.0300 4776 FsDepends - ok
21:58:56.0323 4776 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:58:56.0326 4776 fssfltr - ok
Code:
ATTFilter aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 21:59:58
-----------------------------
21:59:58.508 OS Version: Windows x64 6.1.7601 Service Pack 1
21:59:58.508 Number of processors: 8 586 0x2A07
21:59:58.509 ComputerName: ERIC-HARDCOREPC UserName: Eric
21:59:59.900 Initialize success
22:00:07.924 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
22:00:07.927 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11
22:00:09.943 Disk 0 MBR read successfully
22:00:09.946 Disk 0 MBR scan
22:00:09.947 Disk 0 Windows 7 default MBR code
22:00:09.949 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 943367 MB offset 2048
22:00:09.969 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 10499 MB offset 1932019712
22:00:09.972 Service scanning
22:00:11.391 Modules scanning
22:00:11.395 Disk 0 trace - called modules:
22:00:11.400
22:00:11.404 Scan finished successfully
22:00:23.627 Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
22:00:23.629 The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"
|
|
21.12.2011, 22:13
| #4 |
| /// Selecta Jahrusso | Trojan.FakeAlert Die Logfile von TDSSKiller ist nicht vollständig
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
21.12.2011, 22:23
| #5 |
| | Trojan.FakeAlert Da hatte es wohl nicht alles mitgenommen... mhh... hatte grad eben den ersten Bluescreen, als ich posten wollte... Code:
ATTFilter 21:58:50.0949 3860 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:58:51.0047 3860 ============================================================
21:58:51.0047 3860 Current date / time: 2011/12/21 21:58:51.0047
21:58:51.0047 3860 SystemInfo:
21:58:51.0047 3860
21:58:51.0047 3860 OS Version: 6.1.7601 ServicePack: 1.0
21:58:51.0047 3860 Product type: Workstation
21:58:51.0047 3860 ComputerName: ERIC-HARDCOREPC
21:58:51.0047 3860 UserName: Eric
21:58:51.0047 3860 Windows directory: C:\Windows
21:58:51.0047 3860 System windows directory: C:\Windows
21:58:51.0047 3860 Running under WOW64
21:58:51.0047 3860 Processor architecture: Intel x64
21:58:51.0047 3860 Number of processors: 8
21:58:51.0047 3860 Page size: 0x1000
21:58:51.0047 3860 Boot type: Normal boot
21:58:51.0047 3860 ============================================================
21:58:51.0791 3860 Initialize success
21:58:53.0389 4776 ============================================================
21:58:53.0389 4776 Scan started
21:58:53.0389 4776 Mode: Manual;
21:58:53.0389 4776 ============================================================
21:58:54.0392 4776 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:58:54.0396 4776 1394ohci - ok
21:58:54.0439 4776 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:58:54.0443 4776 ACPI - ok
21:58:54.0453 4776 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:58:54.0454 4776 AcpiPmi - ok
21:58:54.0490 4776 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:58:54.0494 4776 adp94xx - ok
21:58:54.0525 4776 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:58:54.0529 4776 adpahci - ok
21:58:54.0550 4776 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:58:54.0552 4776 adpu320 - ok
21:58:54.0608 4776 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:58:54.0614 4776 AFD - ok
21:58:54.0648 4776 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:58:54.0651 4776 agp440 - ok
21:58:54.0681 4776 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:58:54.0682 4776 aliide - ok
21:58:54.0693 4776 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:58:54.0695 4776 amdide - ok
21:58:54.0705 4776 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:58:54.0707 4776 AmdK8 - ok
21:58:54.0719 4776 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:58:54.0720 4776 AmdPPM - ok
21:58:54.0752 4776 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:58:54.0754 4776 amdsata - ok
21:58:54.0776 4776 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:58:54.0779 4776 amdsbs - ok
21:58:54.0789 4776 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:58:54.0790 4776 amdxata - ok
21:58:54.0813 4776 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:58:54.0815 4776 AppID - ok
21:58:54.0831 4776 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:58:54.0833 4776 arc - ok
21:58:54.0850 4776 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:58:54.0852 4776 arcsas - ok
21:58:54.0879 4776 asmthub3 (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\drivers\asmthub3.sys
21:58:54.0882 4776 asmthub3 - ok
21:58:54.0912 4776 asmtxhci (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\drivers\asmtxhci.sys
21:58:54.0916 4776 asmtxhci - ok
21:58:54.0944 4776 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:58:54.0945 4776 AsyncMac - ok
21:58:54.0952 4776 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:58:54.0953 4776 atapi - ok
21:58:54.0999 4776 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:58:55.0003 4776 b06bdrv - ok
21:58:55.0022 4776 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:58:55.0025 4776 b57nd60a - ok
21:58:55.0046 4776 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:58:55.0047 4776 Beep - ok
21:58:55.0073 4776 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:58:55.0075 4776 blbdrive - ok
21:58:55.0100 4776 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:58:55.0101 4776 bowser - ok
21:58:55.0123 4776 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:58:55.0125 4776 BrFiltLo - ok
21:58:55.0149 4776 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:58:55.0151 4776 BrFiltUp - ok
21:58:55.0174 4776 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:58:55.0179 4776 Brserid - ok
21:58:55.0202 4776 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:58:55.0204 4776 BrSerWdm - ok
21:58:55.0222 4776 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:58:55.0224 4776 BrUsbMdm - ok
21:58:55.0235 4776 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:58:55.0237 4776 BrUsbSer - ok
21:58:55.0255 4776 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:58:55.0257 4776 BTHMODEM - ok
21:58:55.0279 4776 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:58:55.0281 4776 cdfs - ok
21:58:55.0294 4776 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:58:55.0298 4776 cdrom - ok
21:58:55.0317 4776 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:58:55.0320 4776 circlass - ok
21:58:55.0346 4776 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:58:55.0350 4776 CLFS - ok
21:58:55.0368 4776 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:58:55.0370 4776 CmBatt - ok
21:58:55.0382 4776 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:58:55.0385 4776 cmdide - ok
21:58:55.0412 4776 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:58:55.0417 4776 CNG - ok
21:58:55.0465 4776 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:58:55.0468 4776 Compbatt - ok
21:58:55.0475 4776 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:58:55.0477 4776 CompositeBus - ok
21:58:55.0492 4776 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:58:55.0493 4776 crcdisk - ok
21:58:55.0526 4776 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:58:55.0531 4776 CSC - ok
21:58:55.0563 4776 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:58:55.0565 4776 DfsC - ok
21:58:55.0584 4776 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:58:55.0585 4776 discache - ok
21:58:55.0596 4776 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:58:55.0597 4776 Disk - ok
21:58:55.0626 4776 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
21:58:55.0629 4776 dmvsc - ok
21:58:55.0667 4776 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:58:55.0669 4776 drmkaud - ok
21:58:55.0699 4776 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:58:55.0703 4776 dtsoftbus01 - ok
21:58:55.0878 4776 dump_wmimmc - ok
21:58:55.0908 4776 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:58:55.0920 4776 DXGKrnl - ok
21:58:55.0985 4776 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:58:56.0038 4776 ebdrv - ok
21:58:56.0087 4776 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:58:56.0089 4776 ElbyCDIO - ok
21:58:56.0115 4776 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:58:56.0122 4776 elxstor - ok
21:58:56.0134 4776 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:58:56.0136 4776 ErrDev - ok
21:58:56.0163 4776 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:58:56.0166 4776 exfat - ok
21:58:56.0184 4776 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:58:56.0187 4776 fastfat - ok
21:58:56.0207 4776 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:58:56.0209 4776 fdc - ok
21:58:56.0230 4776 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:58:56.0232 4776 FileInfo - ok
21:58:56.0246 4776 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:58:56.0248 4776 Filetrace - ok
21:58:56.0267 4776 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:58:56.0268 4776 flpydisk - ok
21:58:56.0277 4776 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:58:56.0280 4776 FltMgr - ok
21:58:56.0298 4776 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:58:56.0300 4776 FsDepends - ok
21:58:56.0323 4776 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:58:56.0326 4776 fssfltr - ok
21:58:56.0354 4776 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:58:56.0356 4776 Fs_Rec - ok
21:58:56.0376 4776 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:58:56.0380 4776 fvevol - ok
21:58:56.0408 4776 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:58:56.0410 4776 gagp30kx - ok
21:58:56.0438 4776 GDBehave (6331adbeb3e0ad674ccbeff326a12a76) C:\Windows\system32\drivers\GDBehave.sys
21:58:56.0441 4776 GDBehave - ok
21:58:56.0474 4776 GDMnIcpt (619aae1a5663f5d84ae3de68f69527f7) C:\Windows\system32\drivers\MiniIcpt.sys
21:58:56.0476 4776 GDMnIcpt - ok
21:58:56.0495 4776 GDPkIcpt (4d40f25260ecd6dd3847ac2d77078eeb) C:\Windows\system32\drivers\PktIcpt.sys
21:58:56.0497 4776 GDPkIcpt - ok
21:58:56.0538 4776 gdwfpcd (3d97afde6e8d1954237bfb35ca29ab32) C:\Windows\system32\drivers\gdwfpcd64.sys
21:58:56.0540 4776 gdwfpcd - ok
21:58:56.0549 4776 GRD - ok
21:58:56.0575 4776 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
21:58:56.0577 4776 hamachi - ok
21:58:56.0623 4776 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:58:56.0625 4776 hcw85cir - ok
21:58:56.0659 4776 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:58:56.0663 4776 HdAudAddService - ok
21:58:56.0670 4776 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:58:56.0673 4776 HDAudBus - ok
21:58:56.0696 4776 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:58:56.0697 4776 HidBatt - ok
21:58:56.0711 4776 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:58:56.0713 4776 HidBth - ok
21:58:56.0740 4776 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:58:56.0743 4776 HidIr - ok
21:58:56.0758 4776 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:58:56.0760 4776 HidUsb - ok
21:58:56.0779 4776 HookCentre (68d09a088463a046c5a549c1e510b1d7) C:\Windows\system32\drivers\HookCentre.sys
21:58:56.0781 4776 HookCentre - ok
21:58:56.0797 4776 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:58:56.0799 4776 HpSAMD - ok
21:58:56.0820 4776 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:58:56.0826 4776 HTTP - ok
21:58:56.0838 4776 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:58:56.0839 4776 hwpolicy - ok
21:58:56.0865 4776 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:58:56.0867 4776 i8042prt - ok
21:58:56.0897 4776 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:58:56.0901 4776 iaStorV - ok
21:58:56.0946 4776 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:58:56.0948 4776 iirsp - ok
21:58:57.0000 4776 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
21:58:57.0034 4776 IntcAzAudAddService - ok
21:58:57.0050 4776 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:58:57.0052 4776 intelide - ok
21:58:57.0071 4776 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:58:57.0073 4776 intelppm - ok
21:58:57.0122 4776 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:58:57.0151 4776 IpFilterDriver - ok
21:58:57.0333 4776 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:58:57.0336 4776 IPMIDRV - ok
21:58:57.0358 4776 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:58:57.0361 4776 IPNAT - ok
21:58:57.0382 4776 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:58:57.0385 4776 IRENUM - ok
21:58:57.0399 4776 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:58:57.0401 4776 isapnp - ok
21:58:57.0428 4776 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:58:57.0433 4776 iScsiPrt - ok
21:58:57.0441 4776 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:58:57.0443 4776 kbdclass - ok
21:58:57.0470 4776 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:58:57.0473 4776 kbdhid - ok
21:58:57.0487 4776 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:58:57.0488 4776 KSecDD - ok
21:58:57.0500 4776 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:58:57.0502 4776 KSecPkg - ok
21:58:57.0518 4776 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:58:57.0519 4776 ksthunk - ok
21:58:57.0554 4776 LADF_BakerCOnly (86f06574763a0e7cdcd57dd85632e44f) C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys
21:58:57.0558 4776 LADF_BakerCOnly - ok
21:58:57.0576 4776 LADF_BakerROnly (89b4981f949a14148365de8d98a310b5) C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys
21:58:57.0579 4776 LADF_BakerROnly - ok
21:58:57.0591 4776 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:58:57.0592 4776 lltdio - ok
21:58:57.0616 4776 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:58:57.0618 4776 LSI_FC - ok
21:58:57.0636 4776 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:58:57.0639 4776 LSI_SAS - ok
21:58:57.0656 4776 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:58:57.0659 4776 LSI_SAS2 - ok
21:58:57.0673 4776 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:58:57.0677 4776 LSI_SCSI - ok
21:58:57.0696 4776 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:58:57.0698 4776 luafv - ok
21:58:57.0733 4776 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
21:58:57.0735 4776 MBAMProtector - ok
21:58:57.0768 4776 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:58:57.0771 4776 megasas - ok
21:58:57.0800 4776 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:58:57.0804 4776 MegaSR - ok
21:58:57.0842 4776 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
21:58:57.0844 4776 MEIx64 - ok
21:58:57.0860 4776 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:58:57.0862 4776 Modem - ok
21:58:57.0869 4776 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:58:57.0871 4776 monitor - ok
21:58:57.0879 4776 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:58:57.0882 4776 mouclass - ok
21:58:57.0889 4776 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:58:57.0891 4776 mouhid - ok
21:58:57.0914 4776 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:58:57.0916 4776 mountmgr - ok
21:58:57.0938 4776 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:58:57.0942 4776 mpio - ok
21:58:57.0957 4776 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:58:57.0960 4776 mpsdrv - ok
21:58:57.0982 4776 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:58:57.0984 4776 MRxDAV - ok
21:58:58.0015 4776 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:58:58.0017 4776 mrxsmb - ok
21:58:58.0046 4776 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:58:58.0049 4776 mrxsmb10 - ok
21:58:58.0064 4776 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:58:58.0066 4776 mrxsmb20 - ok
21:58:58.0076 4776 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:58:58.0077 4776 msahci - ok
21:58:58.0100 4776 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:58:58.0102 4776 msdsm - ok
21:58:58.0121 4776 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:58:58.0122 4776 Msfs - ok
21:58:58.0135 4776 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:58:58.0136 4776 mshidkmdf - ok
21:58:58.0145 4776 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:58:58.0146 4776 msisadrv - ok
21:58:58.0167 4776 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:58:58.0169 4776 MSKSSRV - ok
21:58:58.0186 4776 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:58:58.0187 4776 MSPCLOCK - ok
21:58:58.0195 4776 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:58:58.0196 4776 MSPQM - ok
21:58:58.0215 4776 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:58:58.0219 4776 MsRPC - ok
21:58:58.0230 4776 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:58:58.0232 4776 mssmbios - ok
21:58:58.0248 4776 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:58:58.0250 4776 MSTEE - ok
21:58:58.0260 4776 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:58:58.0262 4776 MTConfig - ok
21:58:58.0278 4776 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:58:58.0280 4776 Mup - ok
21:58:58.0286 4776 mv91cons (e53d9ab63917338d7ffe12e85310a636) C:\Windows\system32\drivers\mv91cons.sys
21:58:58.0287 4776 mv91cons - ok
21:58:58.0306 4776 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\drivers\mv91xx.sys
21:58:58.0309 4776 mv91xx - ok
21:58:58.0342 4776 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:58:58.0345 4776 NativeWifiP - ok
21:58:58.0387 4776 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:58:58.0407 4776 NDIS - ok
21:58:58.0422 4776 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:58:58.0425 4776 NdisCap - ok
21:58:58.0440 4776 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:58:58.0442 4776 NdisTapi - ok
21:58:58.0462 4776 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:58:58.0465 4776 Ndisuio - ok
21:58:58.0482 4776 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:58:58.0484 4776 NdisWan - ok
21:58:58.0500 4776 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:58:58.0501 4776 NDProxy - ok
21:58:58.0514 4776 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:58:58.0515 4776 NetBIOS - ok
21:58:58.0529 4776 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:58:58.0532 4776 NetBT - ok
21:58:58.0573 4776 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:58:58.0575 4776 nfrd960 - ok
21:58:58.0590 4776 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:58:58.0591 4776 Npfs - ok
21:58:58.0631 4776 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:58:58.0633 4776 nsiproxy - ok
21:58:58.0685 4776 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:58:58.0705 4776 Ntfs - ok
21:58:58.0715 4776 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:58:58.0716 4776 Null - ok
21:58:58.0755 4776 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
21:58:58.0758 4776 NVHDA - ok
21:58:58.0947 4776 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:58:59.0107 4776 nvlddmkm - ok
21:58:59.0132 4776 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:58:59.0134 4776 nvraid - ok
21:58:59.0152 4776 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:58:59.0155 4776 nvstor - ok
21:58:59.0199 4776 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:58:59.0202 4776 nv_agp - ok
21:58:59.0214 4776 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:58:59.0216 4776 ohci1394 - ok
21:58:59.0252 4776 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:58:59.0254 4776 Parport - ok
21:58:59.0270 4776 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:58:59.0271 4776 partmgr - ok
21:58:59.0289 4776 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:58:59.0291 4776 pci - ok
21:58:59.0301 4776 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:58:59.0302 4776 pciide - ok
21:58:59.0326 4776 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:58:59.0328 4776 pcmcia - ok
21:58:59.0346 4776 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:58:59.0348 4776 pcw - ok
21:58:59.0373 4776 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:58:59.0381 4776 PEAUTH - ok
21:58:59.0437 4776 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:58:59.0441 4776 PptpMiniport - ok
21:58:59.0456 4776 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:58:59.0459 4776 Processor - ok
21:58:59.0488 4776 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:58:59.0490 4776 Psched - ok
21:58:59.0528 4776 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:58:59.0544 4776 ql2300 - ok
21:58:59.0558 4776 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:58:59.0560 4776 ql40xx - ok
21:58:59.0574 4776 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:58:59.0576 4776 QWAVEdrv - ok
21:58:59.0593 4776 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:58:59.0594 4776 RasAcd - ok
21:58:59.0626 4776 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:58:59.0629 4776 RasAgileVpn - ok
21:58:59.0648 4776 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:58:59.0651 4776 Rasl2tp - ok
21:58:59.0677 4776 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:58:59.0679 4776 RasPppoe - ok
21:58:59.0698 4776 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:58:59.0700 4776 RasSstp - ok
21:58:59.0718 4776 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:58:59.0721 4776 rdbss - ok
21:58:59.0734 4776 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:58:59.0736 4776 rdpbus - ok
21:58:59.0747 4776 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:58:59.0749 4776 RDPCDD - ok
21:58:59.0778 4776 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:58:59.0781 4776 RDPDR - ok
21:58:59.0787 4776 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:58:59.0788 4776 RDPENCDD - ok
21:58:59.0805 4776 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:58:59.0807 4776 RDPREFMP - ok
21:58:59.0827 4776 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:58:59.0829 4776 RdpVideoMiniport - ok
21:58:59.0852 4776 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:58:59.0855 4776 RDPWD - ok
21:58:59.0879 4776 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:58:59.0881 4776 rdyboost - ok
21:58:59.0900 4776 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:58:59.0902 4776 rspndr - ok
21:58:59.0930 4776 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:58:59.0934 4776 RTL8167 - ok
21:58:59.0957 4776 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:58:59.0958 4776 s3cap - ok
21:58:59.0993 4776 SaiK0728 (476baa3eebe9db94bf6bdfaf46747e5d) C:\Windows\system32\DRIVERS\SaiK0728.sys
21:58:59.0995 4776 SaiK0728 - ok
21:59:00.0014 4776 SaiK0836 (24099c3d4ec943f875bf29f75987a3a6) C:\Windows\system32\DRIVERS\SaiK0836.sys
21:59:00.0017 4776 SaiK0836 - ok
21:59:00.0045 4776 SaiK0CCB (f6d3e9793f22c92cef9b96bf47da01f1) C:\Windows\system32\DRIVERS\SaiK0CCB.sys
21:59:00.0049 4776 SaiK0CCB - ok
21:59:00.0067 4776 SaiMini (64bc6cc8fd3408df37ea488d88d54a4a) C:\Windows\system32\DRIVERS\SaiMini.sys
21:59:00.0069 4776 SaiMini - ok
21:59:00.0076 4776 SaiNtBus (6a78c024625926cc4b67b3e6ad14910a) C:\Windows\system32\drivers\SaiBus.sys
21:59:00.0077 4776 SaiNtBus - ok
21:59:00.0116 4776 SaiU0CCB (ff2d7435c79b273752f0912feab839c0) C:\Windows\system32\DRIVERS\SaiU0CCB.sys
21:59:00.0118 4776 SaiU0CCB - ok
21:59:00.0145 4776 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:59:00.0147 4776 sbp2port - ok
21:59:00.0170 4776 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:59:00.0171 4776 scfilter - ok
21:59:00.0181 4776 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:59:00.0183 4776 secdrv - ok
21:59:00.0197 4776 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:59:00.0198 4776 Serenum - ok
21:59:00.0222 4776 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:59:00.0224 4776 Serial - ok
21:59:00.0254 4776 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:59:00.0256 4776 sermouse - ok
21:59:00.0271 4776 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:59:00.0273 4776 sffdisk - ok
21:59:00.0280 4776 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:59:00.0282 4776 sffp_mmc - ok
21:59:00.0290 4776 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:59:00.0292 4776 sffp_sd - ok
21:59:00.0307 4776 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:59:00.0309 4776 sfloppy - ok
21:59:00.0327 4776 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:59:00.0329 4776 SiSRaid2 - ok
21:59:00.0343 4776 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:59:00.0345 4776 SiSRaid4 - ok
21:59:00.0365 4776 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:59:00.0367 4776 Smb - ok
21:59:00.0386 4776 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:59:00.0387 4776 spldr - ok
21:59:00.0428 4776 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:59:00.0433 4776 srv - ok
21:59:00.0449 4776 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:59:00.0454 4776 srv2 - ok
21:59:00.0469 4776 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:59:00.0472 4776 srvnet - ok
21:59:00.0514 4776 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:59:00.0515 4776 stexstor - ok
21:59:00.0533 4776 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:59:00.0534 4776 storflt - ok
21:59:00.0552 4776 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:59:00.0553 4776 storvsc - ok
21:59:00.0567 4776 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:59:00.0569 4776 swenum - ok
21:59:00.0582 4776 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
21:59:00.0584 4776 Synth3dVsc - ok
21:59:00.0634 4776 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:59:00.0656 4776 Tcpip - ok
21:59:00.0686 4776 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:59:00.0693 4776 TCPIP6 - ok
21:59:00.0704 4776 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:59:00.0706 4776 tcpipreg - ok
21:59:00.0726 4776 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:59:00.0727 4776 TDPIPE - ok
21:59:00.0740 4776 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:59:00.0741 4776 TDTCP - ok
21:59:00.0761 4776 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:59:00.0763 4776 tdx - ok
21:59:00.0796 4776 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:59:00.0798 4776 TermDD - ok
21:59:00.0827 4776 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
21:59:00.0829 4776 terminpt - ok
21:59:00.0847 4776 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:59:00.0848 4776 tssecsrv - ok
21:59:00.0863 4776 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:59:00.0865 4776 TsUsbFlt - ok
21:59:00.0886 4776 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:59:00.0887 4776 TsUsbGD - ok
21:59:00.0905 4776 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
21:59:00.0907 4776 tsusbhub - ok
21:59:00.0920 4776 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:59:00.0922 4776 tunnel - ok
21:59:00.0941 4776 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:59:00.0942 4776 uagp35 - ok
21:59:00.0962 4776 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:59:00.0966 4776 udfs - ok
21:59:00.0990 4776 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:59:00.0992 4776 uliagpkx - ok
21:59:01.0022 4776 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:59:01.0024 4776 umbus - ok
21:59:01.0042 4776 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:59:01.0044 4776 UmPass - ok
21:59:01.0076 4776 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:59:01.0079 4776 usbaudio - ok
21:59:01.0111 4776 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:59:01.0114 4776 usbccgp - ok
21:59:01.0135 4776 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:59:01.0138 4776 usbcir - ok
21:59:01.0149 4776 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:59:01.0151 4776 usbehci - ok
21:59:01.0168 4776 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:59:01.0172 4776 usbhub - ok
21:59:01.0200 4776 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:59:01.0202 4776 usbohci - ok
21:59:01.0221 4776 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:59:01.0222 4776 usbprint - ok
21:59:01.0251 4776 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:59:01.0254 4776 USBSTOR - ok
21:59:01.0268 4776 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:59:01.0270 4776 usbuhci - ok
21:59:01.0318 4776 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
21:59:01.0320 4776 VClone - ok
21:59:01.0333 4776 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:59:01.0336 4776 vdrvroot - ok
21:59:01.0355 4776 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:59:01.0356 4776 vga - ok
21:59:01.0372 4776 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:59:01.0374 4776 VgaSave - ok
21:59:01.0380 4776 VGPU - ok
21:59:01.0397 4776 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:59:01.0400 4776 vhdmp - ok
21:59:01.0427 4776 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:59:01.0428 4776 viaide - ok
21:59:01.0443 4776 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:59:01.0446 4776 vmbus - ok
21:59:01.0459 4776 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:59:01.0460 4776 VMBusHID - ok
21:59:01.0476 4776 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:59:01.0478 4776 volmgr - ok
21:59:01.0496 4776 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:59:01.0499 4776 volmgrx - ok
21:59:01.0514 4776 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:59:01.0516 4776 volsnap - ok
21:59:01.0544 4776 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:59:01.0547 4776 vsmraid - ok
21:59:01.0559 4776 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:59:01.0561 4776 vwifibus - ok
21:59:01.0574 4776 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:59:01.0575 4776 WacomPen - ok
21:59:01.0591 4776 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:01.0593 4776 WANARP - ok
21:59:01.0596 4776 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:01.0597 4776 Wanarpv6 - ok
21:59:01.0619 4776 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:59:01.0620 4776 Wd - ok
21:59:01.0631 4776 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:59:01.0635 4776 Wdf01000 - ok
21:59:01.0660 4776 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:59:01.0662 4776 WfpLwf - ok
21:59:01.0683 4776 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:59:01.0684 4776 WIMMount - ok
21:59:01.0745 4776 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:59:01.0747 4776 WmiAcpi - ok
21:59:01.0775 4776 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:59:01.0777 4776 ws2ifsl - ok
21:59:01.0796 4776 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:59:01.0799 4776 WudfPf - ok
21:59:01.0826 4776 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:59:01.0828 4776 WUDFRd - ok
21:59:01.0880 4776 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
21:59:01.0883 4776 xusb21 - ok
21:59:01.0903 4776 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:59:01.0909 4776 \Device\Harddisk0\DR0 - ok
21:59:01.0912 4776 Boot (0x1200) (822d578f15a36a96300da41e4f612601) \Device\Harddisk0\DR0\Partition0
21:59:01.0913 4776 \Device\Harddisk0\DR0\Partition0 - ok
21:59:01.0914 4776 ============================================================
21:59:01.0914 4776 Scan finished
21:59:01.0914 4776 ============================================================
21:59:01.0923 3668 Detected object count: 0
21:59:01.0923 3668 Actual detected object count: 0
21:59:29.0348 4924 Deinitialize success
|
|
21.12.2011, 22:29
| #6 |
| /// Selecta Jahrusso | Trojan.FakeAlert Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool Setze einen Haken bei folgenden Einträgen
__________________ --> Trojan.FakeAlert |
|
21.12.2011, 22:30
| #7 |
| | Trojan.FakeAlertCode:
ATTFilter MiniToolBox by Farbar
Ran by Eric (administrator) on 21-12-2011 at 22:29:59
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
***************************************************************************
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (12/21/2011 10:19:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/20/2011 06:40:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610, Zeitstempel: 0x4c00573a
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600, Zeitstempel: 0x4ca30e16
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000121da
ID des fehlerhaften Prozesses: 0x1064
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3
Error: (12/19/2011 01:14:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/17/2011 04:50:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2011 03:21:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/15/2011 01:19:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2011 07:16:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/13/2011 03:49:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/12/2011 02:15:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2011 05:45:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (12/21/2011 10:18:48 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (12/21/2011 10:17:51 PM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d8a0a13837, 0xb3b7465ef31f7825, 0xfffff880033226c0, 0x0000000000000002)C:\Windows\MEMORY.DMP122111-16458-01
Error: (12/21/2011 10:17:51 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?21.?12.?2011 um 22:14:59 unerwartet heruntergefahren.
Error: (12/19/2011 02:39:08 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{B895C12B-988A-444A-8A98-16F43F2F2E72}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (12/19/2011 02:18:12 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "REDDRAGON-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B895C12B-988A-444A-8A98-16F43F2F2E72}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (12/16/2011 04:18:35 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (12/16/2011 03:26:51 AM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{B895C12B-988A-444A-8A98-16F43F2F2E72}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (12/16/2011 03:21:11 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "REDDRAGON-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B895C12B-988A-444A-8A98-16F43F2F2E72}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (12/16/2011 03:02:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/16/2011 03:02:22 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Microsoft Office Sessions:
=========================
========================= Memory info: ===================================
Percentage of memory in use: 27%
Total physical RAM: 8173.41 MB
Available physical RAM: 5951.93 MB
Total Pagefile: 16345.01 MB
Available Pagefile: 13683.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.52 MB
========================= Partitions: =====================================
1 Drive c: (OS_Install) (Fixed) (Total:921.26 GB) (Free:442.09 GB) NTFS
========================= Users: ========================================
Benutzerkonten fr \\ERIC-HARDCOREPC
Administrator Eric Gast
UpdatusUser
Der Befehl wurde erfolgreich ausgefhrt.
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
|
|
21.12.2011, 22:36
| #8 |
| /// Selecta Jahrusso | Trojan.FakeAlert Irgendwelche Hardware bzw Treiber in letzter Zeit installiert. Der Fehlercode dürfte bei einem 64 bit System garnicht auftauchen.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
21.12.2011, 22:38
| #9 |
| | Trojan.FakeAlert habe grade eine meldung von Malwarebytes gesehen: hxxp://imageshack.us/photo/my-images/684/zugang.png/ nein, in den letzten 3 Monaten afaik nicht, also keine neuen Treiber ect. |
|
22.12.2011, 09:00
| #10 | |
| /// Selecta Jahrusso | Trojan.FakeAlertCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
22.12.2011, 09:37
| #11 |
| | Trojan.FakeAlert Combofix Logfile: Code:
ATTFilter ComboFix 11-12-22.01 - Eric 22.12.2011 9:14.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.41.1031.18.8173.5971 [GMT 1:00]
ausgeführt von:: c:\users\Eric\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2011 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
FW: G Data Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-22 bis 2011-12-22 ))))))))))))))))))))))))))))))
.
.
2011-12-20 22:52 . 2011-12-20 22:52 -------- d-----w- c:\users\Eric\AppData\Roaming\Malwarebytes
2011-12-20 22:52 . 2011-12-20 22:52 -------- d-----w- c:\programdata\Malwarebytes
2011-12-20 22:52 . 2011-12-20 22:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-20 22:52 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-20 12:16 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C18FEB23-C5F0-4909-BF50-C4BD8B98A2FF}\mpengine.dll
2011-12-18 18:37 . 2011-12-18 18:37 -------- d-----w- c:\users\Public\Games
2011-12-15 08:52 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-12-15 08:52 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-12-15 08:52 . 2008-07-12 07:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-12-15 08:52 . 2008-07-12 07:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-12-15 08:52 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-12-15 08:52 . 2008-07-12 07:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-11-29 18:10 . 2011-11-29 18:10 -------- d-----w- c:\users\Eric\AppData\Local\Divinity 2
2011-11-29 18:10 . 2011-11-29 18:10 -------- d-----w- c:\programdata\Divinity 2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 14:59 . 2011-06-14 13:59 106224 ----a-w- c:\windows\SysWow64\drivers\GRD.sys
2011-12-10 22:48 . 2011-08-31 18:39 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-10 22:48 . 2011-08-31 18:37 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-08 18:26 . 2011-08-31 18:37 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-08 11:12 . 2011-09-24 19:46 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-08 11:12 . 2011-09-24 19:46 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-08 11:12 . 2011-09-24 19:46 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-08 11:12 . 2011-09-24 19:46 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-01 17:47 . 2011-06-12 16:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-22 16:23 . 2011-08-31 18:37 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-01 10:34 . 2011-11-01 10:34 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-23 11:20 . 2011-10-23 11:20 161058 ----a-w- c:\windows\Star Assault Uninstaller.exe
2011-10-22 14:58 . 2011-10-22 14:58 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-10-15 08:53 . 2011-11-03 22:01 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-11-03 22:00 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-11-03 22:00 7581504 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-11-03 22:00 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-11-03 22:00 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-11-03 22:00 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-11-03 22:00 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-11-03 22:00 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-11-03 22:00 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-11-03 22:00 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-11-03 22:00 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-03 22:00 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-03 22:00 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-11-03 22:00 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-11-03 22:00 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-11-03 22:00 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-11-03 22:00 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-11-03 22:00 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-03-30 21:04 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-03-30 21:04 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-03-30 21:04 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-03-30 21:04 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-01-14 05:02 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-01-14 05:02 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-01-14 05:02 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-01-14 05:02 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-10-15 08:53 . 2011-01-14 05:02 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-01-14 05:02 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-14 23:54 . 2011-10-14 23:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-03 03:06 . 2011-06-12 21:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-09 18:20 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"ImpulseFastStart"="c:\program files (x86)\Stardock\Impulse\Impulse.exe" [2008-10-14 1717616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2010-08-26 996936]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2010-08-26 1538120]
"Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-08-27 1178184]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2010-03-31 410696]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2010-08-25 1865344]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [1937-11-25 1718608]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-08-25 340552]
S3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [x]
S3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [x]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-04-21 378880]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-04-21 195072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\59llgaul.default\
FF - prefs.js: browser.startup.homepage - hxxp://eve-radio.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4117731954-3112775516-3206149677-1000\Software\SecuROM\License information*]
"datasecu"=hex:25,3d,01,37,38,01,b0,46,ad,63,a6,90,47,19,6f,24,4e,4e,38,ed,7b,
58,15,e4,0c,cf,ca,59,bd,b4,35,52,d1,69,5b,3a,1b,5d,17,dd,9f,8e,24,e4,ca,32,\
"rkeysecu"=hex:ac,ac,4f,31,21,bf,07,73,55,6e,55,bc,28,2f,a5,50
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-22 09:30:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-22 08:30
.
Vor Suchlauf: 15 Verzeichnis(se), 521'975'013'376 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 522'960'613'376 Bytes frei
.
- - End Of File - - 6E633EB390CBBEE6B35E24CDB5C1097B
|
|
22.12.2011, 17:15
| #12 |
| /// Selecta Jahrusso | Trojan.FakeAlert Hy, Kommen die Warntöne noch immer ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
22.12.2011, 17:36
| #13 |
| | Trojan.FakeAlert |
|
22.12.2011, 20:12
| #14 |
| /// Selecta Jahrusso | Trojan.FakeAlert Ja poste mal wenn was gefunden wurde ( wirkt jetzt iwie total unprofessionell xD )
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
22.12.2011, 22:20
| #15 |
| | Trojan.FakeAlertCode:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 911122204
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
22.12.2011 22:19:10
mbam-log-2011-12-22 (22-19-10).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 668513
Laufzeit: 2 Stunde(n), 54 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
| Themen zu Trojan.FakeAlert |
| 64-bit, adobe, bho, black, browser, c:\windows\system32\rundll32.exe, computer, defender, error, excel, explorer, flash player, format, gdata, grand theft auto, install.exe, jdownloader, langs, logfile, microsoft office word, mozilla, nvidia, nvidia update, office 2007, pirates, plug-in, realtek, registry, required, rundll, security, security update, senden, server, software, teamspeak, temp, usb 3.0, version=1.0, webcheck, windows, windows live mesh, winlogon.exe |
Linear-Darstellung
